18 About Roles

Prerequisites for Managing Roles

When you create roles in Oracle Identity Manager (OIM), you must import and assign tasks (privileges) to these roles in OPERA Cloud. Additionally, the users you create in OIM must be assigned roles (Chain and/or Property). However, role assignment alone does not grant users access to properties. To have access to properties, users must also be assigned to one or more hubs.

Note:

A process runs regularly to ensure task changes to existing and new roles are updated. This process can take up to 10 minutes to take effect.

In Role Manager, there are two levels of roles:

• Chain Roles: Enable the same privileges across all properties in the chain (tenancy).

• Property Roles: Typically created from a template (template roles), these roles assign priveleges for a single property. When the Property Role without Template OPERA Control is active an independent property role can be created which is not based on a template role. 

A user can have one or multiple roles assigned to them, which can be Chain or Property roles or a combination of both. This provides you with flexibility in designing the access privileges that best suit your business requirements.

Property Role Examples

An example of a user with a property role would be a Front Desk user working at a single property. This user would have access to the default hub plus a property role.

An example of a user with multiple property roles would be a Reservation Manager responsible for a single hotel but requiring different levels of access. This user would have the default hub assigned to them plus a Reservation Agent property role and the Reservation Manager property role for elevated privileges.

Chain Role Examples

An example of a user with a chain role would be a Regional General Manager responsible for multiple hotels and the same privileges across all of them. If this user requires access to all properties in the chain with the same privileges, this user would have the default hub and a chain role assigned to them. However, if this user only needs access to a subset of properties in the chain, the administrator could create a new hub with only that subset of properties assigned to them. That user would be granted access to this new hub as well as a chain role assigned.

An example of a user with a combination of chain and property roles would be a Revenue Manager requiring access to multiple properties within a chain but only elevated access to select properties. Limited access to some or all properties in the chain is provided through a chain role and either the default hub or a new hub with a subset of properties. Elevated access to select properties is provided through property roles.

The following figure illustrates the configuration of a user’s assigned property roles and assigned hub. In this figure, P1 (Property 1) and P1-Role (Property 1 Role) are the only intersecting access credentials when looking at the roles and properties attached to this user's assigned hub. As a result, a user with this configuration can only access the P1 Property.

Figure 18-1 Assigned Property Roles and Hub

Seeded Roles

The following are roles seeded on provisioning of your chain and property.

Role	Access to	Visible in Role Manager
DATAACCESS	OPERA Cloud for Oracle employee	Yes, View only
SENSITIVEDATAACCESS	OPERA Cloud for Oracle employee	Yes, View only
ADMIN	OPERA Cloud to perform administration tasks	Yes, View only
GUESTEXPERIENCE	Guest Experience Portal	No
DEVELOPERPORTALACCESS	Oracle Hospitality Integration Platform	No
CCCONF	Payment Portal (OPI)- for Credit cards payments confirmation	No
CCTRANS	Payment Portal (OPI) - Credit cards transactions	No
PPCONF	Payment Portal (OPI) - Pre-paid payments confirmations	No
WSACCESS		No

• Configuring Chain Roles
  
• Configuring Template and Property Roles
  
• Assigning Tasks to a Role
  
• Associating Transaction (Charge) Codes to a Chain Role