Application Roles

Several predefined application roles define what users can do. Some functionality is available only to users with specific application roles.

People can hold multiple application roles as needed. For example, you might want to designate one person as both a cloud account administrator and a service administrator. These application roles are assigned by the identity domain administrator. See Assign Roles to Groups and Assign Users to Groups.

Visitors can view certain sites, use public links, and view Oracle Content Management content embedded in apps or websites.

Any users that need to actually use Oracle Content Management must be assigned the standard user or enterprise user role in addition to any other roles they’re assigned.

Note:

Oracle is in the process of updating Oracle Cloud Infrastructure (OCI) regions to switch from Identity Cloud Service (IDCS) to Identity and Access Management (IAM) identity domains. All new Oracle Cloud accounts will automatically use IAM identity domains. Depending on whether your region uses IAM identity domains or not, you'll use different documentation to manage users, groups, and access. If your region has been updated, follow the steps marked IAM. If your region hasn't been updated, follow the steps marked IDCS.

Oracle Content Management Roles

The following table describes the application roles involved with Oracle Content Management instances with a Universal Credits subscription, a Government subscription, or a SaaS subscription. For information on how to access the interfaces listed in the table, see Administrative Interfaces.

Application Role (application role name in bold)	Access and Actions	Notes
Cloud account administrator	Cloud account administrators use the Oracle Cloud Console to perform the following actions: Monitor and manage services for one or more Cloud accounts. Upgrade or terminate subscriptions. Create and manage users and groups. Provide access to services by assigning roles. IAM: Cloud account administrators manage users, groups, and roles in the Oracle Cloud Console. IDCS: Cloud account administrators manage users, groups, and roles in the IDCS Console.	Cloud account administrators are set up when the account is created. They use their Oracle Cloud account to sign in to Oracle Cloud and access the Oracle Cloud Console. If you need account administrator access and don’t have it, contact your primary account administrator. If you want cloud account administrators to use Oracle Content Management and modify the service configuration, they must also be assigned the standard user or enterprise user role.
Service administrator (CECServiceAdministrator)	From the Oracle Content Management Administration: System interface: General: Restrict file types and sizes; customize branding; enable or disable notifications; and set default time zone, language, and date/time format. Domain: Specify a friendly management domain to make it easier for your users to access your Oracle Content Management web client, the desktop app, the mobile apps, and any sites created with Oracle Content Management. Security: Set CORS origins, and enable the display of embedded content from Oracle Content Management within other domains. Billing: Specify the limits at which you want to be notified for billing metrics. These settings apply only to Oracle Content Management running on Oracle Cloud Infrastructure (OCI). Analytics: Control whether Oracle Content Management collects asset consumption information and anonymous product usage information. Users: Manage users; set the default role for new folder members; synchronize user data; set whether to show conversation membership messages by default for a user; override user storage quotas; and transfer ownership of files from deprovisioned users. Assets: Manage how many renditions can be saved for each asset and maximum video file size. Sites: Enable sites access control options, and install the default site templates. SEO for Sites: Enable prerendering for sites and configure additional user agents. Experiences: Enable experiences so that you can automatically update experiences managed outside of Oracle Content Management based on content changes or published status. Documents: Set default user storage quota and manage storage space and set default link behavior. Metadata: Manage metadata (custom properties) so that users can quickly categorize files and folders with additional descriptions. Note: For Custom Properties, you must also have the enterprise user role. From Oracle Content Management Administration: Integrations interface, configure integrations with Oracle Process Cloud Service, Oracle Eloqua Cloud Service, Oracle Visual Builder, Oracle Intelligent Advisor, Oracle Cobrowse Cloud Service, and custom applications. From Oracle Content Management Administration: Applications interface, manage content apps to discover and deploy web applications that run in the context of Oracle Content Management (using it as the content management system). From Oracle Content Management Analytics interface: View service usage statistics, content metrics, and reports to help you analyze system needs or issues.	Service administrators must also be assigned the standard user or enterprise user role to be able to use Oracle Content Management.
Repository administrator (CECRepositoryAdministrator)	From the Oracle Content Management Administration: Content page: Create asset repositories. Create publishing channels. Create localization policies. Create content workflows and workflow roles. Create editorial roles. From the Oracle Content Management Analytics interface: View assets and content metrics to help you analyze system needs or issues.	Repository administrators must also be assigned the enterprise user role to be able to use Oracle Content Management and access assets. A repository administrator is a user with a Manager role within at least one repository.
Content administrator (CECContentAdministrator)	From the Oracle Content Management Administration: Content page: Create asset types and publish items. Create and publish taxonomies. Create audience attributes. Create ranking policies. From the Oracle Content Management Developer page as long as these features haven’t been limited to site administrators: Create components. Create templates. Create themes. Configure the embeddable user interface.	Content administrators must also be assigned the enterprise user role to be able to use Oracle Content Management and access assets.
Capture administrator (CECCaptureAdministrator)	From the Oracle Content Management Administration: Capture page. Design and customize content capture workflows, or procedures, which are used to process physical and electronic documents in bulk for various business scenarios. From the Oracle Content Management Analytics interface: Capture Administrator users can access the Capture page and the Capture Activities report.	Procedure managers are typically assigned both the Capture administrator and Capture client user roles, so they can configure procedures and test them in the client.
Capture client user (CECCaptureClient)	From the Oracle Content Capture Client: Scan or import documents into Oracle Content Management.
Site administrator (CECSitesAdministrator)	From the Oracle Content Management Sites page: Create sites. From the Oracle Content Management Developer page: Create components. Create templates. Create themes. Configure the embeddable user interface.	When using site governance, site administrators make approved templates available to users for creating sites, approve site requests, and manage sites. This role also applies if your service administrator configured Oracle Content Management to allow only site administrators to create sites, templates, or components. Site administrators must also be assigned the standard user or enterprise user role to be able to use Oracle Content Management.
Developer (CECDeveloperUser)	From the Oracle Content Management Sites page as long as these features haven’t been limited to site administrators: Create, edit, and publish sites. From the Oracle Content Management Experiences page: Create and manage experience objects. From the Oracle Content Management Developer page as long as these features haven’t been limited to site administrators: Create components. Create templates. Create themes. Configure the embeddable user interface. From the Oracle Content Management Administration: Integrations interface: Configure application settings such as those described in Integrating and Extending Oracle Content Management.	Developers must also be assigned the standard user or enterprise user role to be able to use Oracle Content Management. Developers with the standard user role can create components, themes, and standard templates. Developers with the enterprise user role can also create layouts and save a site as a standard or enterprise template.
Enterprise user (CECEnterpriseUser)	From Oracle Content Management, enterprise users have access to all the Collaboration and Sites features that standard users have access to: Manage content (view, upload, and edit documents). Share content and sites with others. Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents). Manage groups. Create, edit, and publish sites as long as this feature hasn’t been limited to site administrators. View and interact with content items in sites. Manage and view custom properties and edit values. In addition they have access to Assets: Create and manage content items and digital assets. Create and manage collections. From the Oracle Content Management Recommendations: Enterprise users with access to contribute to at least one repository can create and manage recommendations. From the Oracle Content Management Analytics interface: Enterprise users with access to at least one repository can access the Assets and Content page. Enterprise users with access to at least one channel can access the Sites and Channels page.	Any users that need to actually use Oracle Content Management must be assigned the standard user or enterprise user role. These roles aren’t assigned by default to any user. See Task and Feature Comparison by Application Role.
Standard user (CECStandardUser)	From Oracle Content Management, standard users have access to Collaboration and Sites features: Manage content (view, upload, and edit documents). Share content and sites with others. Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents). Manage groups. Create, edit, and publish sites as long as this feature hasn’t been limited to site administrators. View and interact with content items in sites. Manage and view custom properties and edit values.	Any users that need to actually use Oracle Content Management must be assigned the standard user or enterprise user role. These roles aren’t assigned by default to any user. See Task and Feature Comparison by Application Role.
External user (CECExternalUser)	From Oracle Content Management, external users have access to Collaboration and Sites features for items that are shared with them: Manage content (view, upload, and edit documents). Use conversations to collaborate (discuss topics, direct message someone, assign flags to someone, add annotations to documents). Edit sites as long as this feature hasn’t been limited to site administrators.	External users have limited access to Oracle Content Management. See Task and Feature Comparison by Application Role.
Visitor (CECSitesVisitor)	Access sites restricted to visitors.	This role applies if a site is set to be accessed only by visitors. If that restriction is enabled, only users with this role will be able to access the site. Users and groups with this role can't be searched, so you must type the complete user or group name to add them to site security. Visitors don’t require a license.
Sauce Video enterprise user (SauceEnterpriseUser)	If you enabled Sauce Video during instance creation, you'll see the SauceEnterpriseUser application role. This role gives users full unlimited access to the Sauce Video application.	If you want Sauce users to be able to use Oracle Content Management, they must also be assigned the standard user or enterprise user role.

Sales Accelerator Roles

If you're an Oracle SaaS customer and you install Oracle Sales Accelerator, you'll see the following additional application roles:

Application Role (application role name in bold)	Assigned Privileges
Viewer (SAUser)	This role allows users to view published content, content properties, and analytics. Viewers access Sales Accelerator in seller view.
Contributor (SAContributor)	This role gives users the same privileges as viewers, plus it allows them to create and manage their own content. Contributors access Sales Accelerator in seller view, but they can turn on contributor view to manage content. To access contributor view, users must also be given the CECEnterpriseUser role.
Content Admin (SAContentAdmin)	This role gives users the same privileges as contributors, plus it allows them to manage content owned by other people, update assets in bulk, and configure home pages. Content admins access Sales Accelerator in seller view, but they can turn on contributor view to manage content. To access contributor view, users must also be given the CECEnterpriseUser role.
Report Admin (SAReports)	This role gives users the same privileges as viewers, plus it allows them to view system-wide analytics and reports. Report admins access Sales Accelerator in seller view.
Application Admin (SAAdmin)	This role gives users the same privileges as viewers, plus it allows them to perform administration tasks in Sales Accelerator and Oracle Content Management. Application admins access Sales Accelerator in seller view.

All Sales Accelerator application roles have viewing privileges. Therefore if someone is assigned the SAContentAdmin role, they don’t also need the SAUser role.