About Oracle Java Cloud Service Roles and User Accounts

Oracle Java Cloud Service uses roles to control access to tasks and resources. A role assigned to a user gives certain privileges to the user.

In addition to the roles and privileges described in Learn About Cloud Account Roles in Getting Started with Oracle Cloud, the Java Administrator role (JaaS_Administrator) is also created for Oracle Java Cloud Service.

When your cloud account is first set up, the service administrator is given the Java Administrator role along with additional service roles that are required to work with Oracle Java Cloud Service. Other users in your account must be assigned these same roles in order to use Oracle Java Cloud Service. Only the identity domain administrator is allowed to create user accounts and assign roles.

Topics:

• Java Administrator

• Related Service Administrators

• Service Instance Users

• Oracle Cloud Infrastructure Policies

Java Administrator

The primary role in Oracle Java Cloud Service is Java Administrator.

The following table summarizes the privileges given to the Java Administrator role.

Description of Privilege	More Information
Can create and delete service instances	Manage the Life Cycle of Oracle Java Cloud Service Instances
Can stop and start service instances, and virtual machines	Stop, Start, and Restart an Oracle Java Cloud Service Instance and Individual Nodes
Can suspend and enable service instances by disabling and enabling the load balancer	Suspend an Oracle Java Cloud Service Instance
Can scale, patch, and back up or restore service instances	Scale an Oracle Java Cloud Service Instance Patch an Oracle Java Cloud Service Instance Back Up and Restore an Oracle Java Cloud Service Instance
Can administer load balancers for service instances	Administer the Load Balancer for an Oracle Java Cloud Service Instance
Can monitor and manage service usage in Oracle Cloud	Overview of Managing Oracle Cloud Accounts and Services in Managing and Monitoring Oracle Cloud

Related Service Administrators

The following table summarizes the privileges given to other related service administrator roles in Oracle Cloud.

Role	Privileges
Compute_Operations	Create Oracle Java Cloud Service instances on Oracle Cloud Infrastructure Classic regions.
DBaaS_Administrator	Create and manage Oracle Database Cloud Service deployments. A database deployment must exist prior to creating an Oracle Java Cloud Service instance.
Storage_ReadWriteGroup	Enable backups for an Oracle Java Cloud Service instance, and store the backups in an existing Oracle Cloud Infrastructure Object Storage Classic container.
Storage_Administrator	Create Oracle Cloud Infrastructure Object Storage Classic containers to use as backup storage locations for Oracle Java Cloud Service instances.

Service Instance Users

Learn about the operating system and Oracle WebLogic Server administrative user accounts that are created when you create an Oracle Java Cloud Service instance.

User	Description	More Information
OS User	The opc user has root privileges on the OS running on the nodes in a service instance and can: Connect to a node through SSH for direct OS-level access Create other OS accounts on a node The oracle user cannot be used to connect to a node through SSH. It has regular OS user permissions and can also access the Oracle product installations on the node. Note that there are no default passwords for either the opc or oracle user. SSH access to the node by the opc user is based on the public key provided at the time the service instance was provisioned. The OS user accounts are not stored or managed in Oracle Cloud.	Access a Node with a Secure Shell (SSH)
WebLogic Administrator	Can manage Oracle WebLogic Server in Oracle Java Cloud Service Can access and use the WebLogic Server Administration Console Can manage users and groups in the embedded LDAP Can configure other identity providers Can deploy and undeploy applications using the WebLogic Server Administration Console	Access the Administration Consoles for Oracle Java Cloud Service Use the WebLogic Server Administration Console to Deploy and Manage Applications Oracle WebLogic Server 12c (12.2.1.3) Administration Console Online Help Oracle WebLogic Server 12c (12.2.1.4) Administration Console Online Help Oracle WebLogic Server 12c (12.2.1.2) Administration Console Online Help Oracle WebLogic Server 11g (10.3.6) Administration Console Online Help

Oracle Cloud Infrastructure Policies

Learn about how to create and manage resources in Oracle Cloud Infrastructure, administrators define policies that grant privileges to users and groups.

To create and manage resources in Oracle Cloud Infrastructure, administrators define policies that grant privileges to users and groups. For example, to create a database for use with Oracle Java Cloud Service in either an Oracle Autonomous Database or Oracle Cloud Infrastructure database, an administrator must create policies that grant you access to these services. See Securing IAM in the Oracle Cloud Infrastructure documentation.

In order to create Oracle Java Cloud Service instances in an Oracle Cloud Infrastructure region, an administrator must create policies that grant specific privileges to Oracle Java Cloud Service.

For example, the administrator must specify the following policy to grant Oracle Java Cloud Service access to Oracle Autonomous Database or Oracle Cloud Infrastructure database:

• Oracle Autonomous Database

  Allow service PSM to inspect autonomous-database in compartment Autonomous Transaction Processing database compartment

• Oracle Oracle Cloud Infrastructure database

  Allow service PSM to inspect database-family in compartment Oracle Cloud Infrastructure database compartment

See Prerequisites for Oracle Platform Services on Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure documentation.