Learn About Cloud Account Roles
An Oracle Cloud account has roles assigned to it.
The role assigned to a user’s account determines the privileges a user has, and these privileges let a user do things like purchase an Oracle Cloud service, manage Oracle Cloud services, or manage the accounts of the users who can access a service. A user can have more than one role.
This table describes some of the Oracle Cloud administrator roles.
User Role | Privileges |
---|---|
Buyer Administrator |
A buyer administrator controls the buying process, and can:
|
Purchase Entitlement Buyer Administrator |
A purchase entitlement administrator can manage purchases in Oracle Store. |
Cloud Account Administrator/ Account Administrator |
An account administrator monitors and manages services of one or more cloud accounts. The account administrator can also create users, provide access to, and upgrade or terminate subscriptions. An account administrator signs in to My Account in Oracle Cloud in order to manage services that belong to a traditional cloud account or an identity domain. Each solution requires different combination of roles, so an account administrator assign s roles to service administrator depending on the services needed by each solution. |
Purchase Entitlement Account Administrator |
A purchase entitlement account administrator has similar privileges as the service administrator and can create new cloud accounts, or use an existing account to provision purchases in that account. |
Business Administrator |
A business administrator can only view and monitor the account usage from the Account Management page in Infrastructure Classic Console or Applications Console. They have read-only access to Infrastructure Classic Console or Applications Console and can change their password from the My Profile page. However, they won’t have access to other tabs in the Account Management page nor can they perform other operations such as creating instances, alerts, or users. Typically, a cloud account administrator will also have this role, but not vice versa. This role is useful when you want a person to actively monitor your account usage and provide periodic reports. |
Identity domain administrator |
Identity domain administrators can perform all the administrative functions related to Oracle Cloud services within an identity domain or a cloud account, and can create or manage users. They can:
|
Service Administrator |
Service administrator manage or use specific Cloud Services within the cloud account. A service administrator has access to both services and instances. For example, if you’re assigned the Database Cloud Service administrator role, then you can create and manage Oracle Database service instances in Oracle Cloud. See About Service Administrator Roles.
|
Non-administrator (user) |
In addition to the predefined roles, Oracle Cloud automatically creates several user accounts such as service-specific user or developer roles, and assigns the appropriate role to the user. The user accounts created depends on the type of Oracle Cloud service being provisioned. All names for predefined roles related to a specific service are typically prefixed by the name and type of service. A user works with one or more Oracle Cloud services. A user is assigned service and application roles. These roles let a user access the Oracle Cloud service instances within an identity domain.As a non-administrative user, you use the Infrastructure Classic Console or Applications Console application to manage your password. You can access only the My Profile page. |