1. Administration Guide
  2. User and Role Maintenance

3 User and Role Maintenance

This chapter describes the process for managing users and roles. The Administrator can create users and assign the level of access as needed. This chapter describes how to create/modify/delete a user and assign roles to a user.

Your Merchandise Financial Planning Cloud Service is configured with Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) for managing users and access.

In order to provide application access to end users, the Cloud Service Administrator needs to create the user's account from OCI IAM. For OCI IAM user setup, follow the steps in OCI IAM User Creation. The user must also be assigned to a group in OCI IAM.

To complete the user provisioning activity, the same user must be added in the Merchandise Financial Planning Cloud Service application and assigned to the same user group.

MFP Cloud Service is built with role-based access. For information on the available roles, see the Retail Identity Management for OCI IAM document at https://docs.oracle.com/en/industries/retail/retail-identity-management/latest/books.html.

For detailed information on the tasks related to user and role, see the following sections:

For Cloud Service provisions, the customer needs to define required roles as needed for their configuration using OCI IAM. For more details about Atomic User Management (AUM), additional roles available, and access to security details, see the Oracle Retail Predictive Application Server and Applications Cloud Edition Security Guide.

User Maintenance through OCI IAM

This section describes how to maintain users through Oracle Cloud Infrastructure Identity and Access Management (OCI IAM).

OCI IAM User Creation

Before users can access the Oracle Retail Merchandise Financial Planning Cloud Service applications, it is necessary to provision access to the system for each user and to assign roles to each user to control what functionality will be available to the user. The access provisioning can be done using OCI IAM. After creation of the user in OCI IAM, the Administrator needs to create the same user with the same user group (that is, the role in OCI IAM) in the Oracle Retail Merchandise Financial Planning Cloud Service application.

Note:

The OCI IAM Application URL and login with the required administrator access are needed to perform the following steps. The welcome email sent by Oracle includes the URL.

The following steps explain how to define users and assign roles for a new user:

  1. Log in to the OCI IAM application. The Domains view is shown by default.

    Figure 3-1 OCI IAM Domains

    This figure shows the Domains view.

  2. Click the Domain name for which you want to create a user. The Domain Overview page appears.

  3. From the Domains Overview page, click Users.

    Figure 3-2 Domains Overview Menu

    This figure show the Domains Overview menu.

  4. From the Domain Users page, click Create User. The Create User page appears.

    Figure 3-3 Create User

    This figure shows the Create User page.

  5. Provide the First Name, Last Name, and unique user name. If the Use the email address as the user name option is checked, the system automatically takes the email address as the user name.

    Note:

    Oracle recommends using the email address as the user name.

  6. Assign the user to a group. Typically, this will be the group specific to the provisioned service or application. The user can be assigned to more than one user group, but it is recommended to assign one group to one user.

  7. Click Create to complete the user creation in OCI IAM.

Adding a User Group

User groups provide an intermediate level of security to workbooks that were created and saved by specific users. When new users are assigned to the system, they must be assigned to existing user groups. User groups should consist of individuals with similar job functions or responsibilities. In the Oracle Retail Predictive Planning Suite, the user group corresponds to the user's planning role.

To add a user group:

  1. Under User Administration, click Add User Group. A Workbook Wizard window appears.

  2. In the Workbook Wizard window, enter the relevant information into the following fields:

    • In the Group Name field, enter a name for the group.

      Note:

      Each group name must begin with a letter and contain only alphanumeric characters and underscores. It cannot have spaces. User group names are case sensitive.

    • In the Group Label field, enter a descriptive label for the group. This label is displayed when referring to the group throughout RPASCE.

  3. Click Finish to add the user group to the database.

Managing Users in OCI IAM

After users are created in OCI IAM, the Administrator can manage user information, manage user groups assigned to users, delete or revoke user access, and reset a password.

The following steps explain how to manage users in OCI IAM:

  1. Log in to the OCI IAM application. The Domains view is shown by default.

  2. Click the Domain name for which you want to create a user. The Domain Overview page appears.

  3. From the Domains Overview page, click Users.

    Figure 3-4 Domains Overview Menu

    This figure shows the Identity domain menu.

  4. Click the user that you want to edit.

  5. You can update the additional information for the selected user. Once updated, click Update User to confirm the changes.

  6. You can manage the user groups assigned to users in the Groups table.

    Assign a New Group

    1. In the Groups table, click Assign user to groups.

    2. From the Assign user to group dialog, select the group or groups to add the user.

    3. Click Assign user.

    Remove a Group

    1. In the Groups table, select the group from which you want to remove the user.

    2. Click Remove user from group.

      Note:

      The same user also needs to be deleted from the Merchandise Financial Planning Cloud Service application. This will keep OCI IAM and the application synchronized. Complete the user deletion by following the steps for deleting a user in the User Maintenance chapter of the Oracle Retail Predictive Application Server Cloud Edition Administration Guide.

  7. A user can be deactivated by selecting Deactivate from the More Actions menu and then confirming the selection in the confirmation dialog.

  8. A user can be asked to reset their password by selecting Reset Password and then confirming the selection in the confirmation dialog. The associated user will get an email with a link to reset the password.

Bulk Loading of User and User Groups

The Administrator can bulk import user and user groups using comma-separated-values (CSV) files. For information on the bulk import of user and user groups from OCI IAM, see the documentation at the following links: https://docs.oracle.com/en-us/iaas/Content/Identity/home.htm.