Overview of Role-Based Access Control

When you receive your Oracle Cloud application, access to its functionality and data is secured using a role-based access control security model. In a role-based access control security model, you provide users with roles which are assigned access privileges to protected resources.

This diagram shows the relationship between users, roles, and privileges.

Components in role-based access control models

In the sales application, users gain access to application data and functions when you assign them these types of roles:

  • Job roles, which provide users with the permissions they need to perform tasks that are specific to a job, such as a sales representative

  • Abstract roles, which provide users with the permissions to complete tasks that are common to all users

Users can have any number of different roles concurrently, and this combination of roles determines the user's level of access to protected system resources. For example, a user might be assigned the Sales Manager role, the Sales Analyst role, and the Employee role. In this case, the user has this access:

  • As an employee, the user can access employee functions and data.

  • As a sales manager, the user can access sales manager functions and data.

  • As a sales analyst, the user can access sales analysis functions and data.

When the user signs in to the application and is successfully authenticated, a user session is established and all the roles assigned to the user are loaded into the session repository. The application determines the set of privileges to application resources that are provided by the roles, then grants the user the most permissive level of access.

You can assign roles to a user manually when you create the user, or automatically, by creating role provisioning rules.