Learn About Cloud Account Roles

An Oracle Cloud account has roles assigned to it.

The role assigned to a user’s account determines the privileges a user has, and these privileges let a user do things like purchase an Oracle Cloud service, manage Oracle Cloud services, or manage the accounts of the users who can access a service. A user can have more than one role.

This table describes some of the Oracle Cloud administrator roles.

User Role Privileges

Buyer Administrator

A buyer administrator controls the buying process, and can:

  • Make purchases on behalf of a company or an organization.

  • Designate who the initial account administrator is for the Oracle Cloud service. When a subscription to an Oracle Cloud service is purchased, the buyer or another person must be designated as the account administrator.

  • Change (upsize or update) a paid subscription to an Oracle Cloud service.

  • Terminate a paid subscription to an Oracle Cloud service.

Purchase Entitlement Buyer Administrator

A purchase entitlement administrator can manage purchases in Oracle Store.

Cloud Account Administrator/ Account Administrator

An account administrator monitors and manages services of one or more cloud accounts. The account administrator can also create users, provide access to, and upgrade or terminate subscriptions. An account administrator signs in to My Account in Oracle Cloud in order to manage services that belong to a traditional cloud account or an identity domain.

Each solution requires different combination of roles, so an account administrator assign s roles to service administrator depending on the services needed by each solution.

Purchase Entitlement Account Administrator

A purchase entitlement account administrator has similar privileges as the service administrator and can create new cloud accounts, or use an existing account to provision purchases in that account.

Business Administrator

A business administrator can only view and monitor the account usage from the Account Management page in Infrastructure Classic Console or Applications Console. They have read-only access to Infrastructure Classic Console or Applications Console and can change their password from the My Profile page. However, they won’t have access to other tabs in the Account Management page nor can they perform other operations such as creating instances, alerts, or users.

Typically, a cloud account administrator will also have this role, but not vice versa.

This role is useful when you want a person to actively monitor your account usage and provide periodic reports.

Identity domain administrator

Identity domain administrators can perform all the administrative functions related to Oracle Cloud services within an identity domain or a cloud account, and can create or manage users. They can:

  • Create user accounts and roles within a given identity domain, independent of any service.

  • Assign one or more roles (privileges) to a user. Can assign the identity domain administrator role to other users.

  • Manage roles assigned to a user.

  • Create custom roles.

  • Reset user passwords.

  • Set up secure SFTP user accounts for Oracle Cloud services

Service Administrator

Service administrator manage or use specific Cloud Services within the cloud account. A service administrator has access to both services and instances. For example, if you’re assigned the Database Cloud Service administrator role, then you can create and manage Oracle Database service instances in Oracle Cloud. See About Service Administrator Roles.

  • Service-specific administrator roles vary from one Oracle Cloud service to another, but they typically include at least one administrator role and has access for everything about the assigned service.

  • Instance administrator role is assigned to manage specific instances of the assigned service.

Non-administrator (user)

In addition to the predefined roles, Oracle Cloud automatically creates several user accounts such as service-specific user or developer roles, and assigns the appropriate role to the user. The user accounts created depends on the type of Oracle Cloud service being provisioned. All names for predefined roles related to a specific service are typically prefixed by the name and type of service.

A user works with one or more Oracle Cloud services. A user is assigned service and application roles. These roles let a user access the Oracle Cloud service instances within an identity domain.As a non-administrative user, you use the Infrastructure Classic Console or Applications Console application to manage your password. You can access only the My Profile page.