Adding Oracle Cloud Console Users

Give users access to work with your Applications environments in the Oracle Cloud Console.

This topic explains how you can set up additional users to view and work with application subscriptions in the Console.

The user entered when the Oracle Cloud Account was created is the default administrator of the tenancy. The default administrator can perform all tasks in Oracle Cloud Infrastructure, including view all applications subscriptions.

Important

If you need to add users to work in your application, see your application documentation.

Applications environment management integrates with the Identity and Access Management Service (IAM) service for authentication and authorization. IAM uses policies to grant permissions to groups. Users have access to resources (such as environments) based on the groups that they belong to. The default administrator can create groups, policies, and users to give access to the resources.

Management Tasks Vary for Different Applications Services

Management tasks, and therefore access options, differ for different applications services. Applications services can be divided into two management categories:

  • Applications services for which Oracle creates the environments. Because you don't create the environments, management tasks include only viewing details of the environments and your subscriptions. To create limited access users for these services, use the procedure described below in this topic.
  • Applications services for which you create and manage the environments. Because you create the environments, management tasks include create, delete, and update of the environments. To create limited access users for these services, see:

Add a Tenancy Administrator

This procedure describes how to add another user to your tenancy Administrators group. Members of the Administrators group have access to all features and services in the Oracle Cloud Console.

This procedure does not give the user access to sign in to the application service console. To add users to your application, see your application documentation.

To add an administrator:

  1. On the Oracle Cloud Console home page, under Quick actions, click Add a user to your tenancy. The list of users in the current identity domain is displayed.
  2. Click Create user.
  3. Enter the user's First name and Last name.
  4. To have the user log in with their email address:
    • Leave the Use the email address as the username check box selected.
    • In the Username / Email field, enter the email address for the user account.

    or

    To have the user log in with their user name:
    • Clear the Use the email address as the username check box.
    • In the Username field, enter the user name that the user is to use to log in to the Console.
    • In the Email field, enter the email address for the user account.
  5. Under Select groups to assign this user to, select the check box for Administrators.
  6. Click Create.

A welcome email is sent to the address provided for the new user. The new user can follow the account activation instructions in the email to sign in and start using the tenancy.

Add a Non-Admin User

This procedure describes how to create a group that has access to view applications in the Oracle Cloud Console, but can't perform other administrative tasks.

To give users permissions to view your applications in the Oracle Cloud Console, you need to:

  1. Create a group.
  2. Create a policy that grants the group access to view environment resources.
  3. Create a user and add them to the group.

The following tasks walk you through creating a group, policy, and user in the IAM service. The default administrator can perform these tasks, or another user that has been granted access to administer IAM.

Create a Group
  1. From the Oracle Cloud Console home page, under Quick actions, click Add a user to your tenancy. This action takes you to the list of users in the default domain.
  2. Under the list of Identity domain resources on the left, click Groups.
  3. Click Create group.
  4. Enter the following:
    • Name: A unique name for the group, for example, "environment-viewers". The name must be unique across all groups in your tenancy. You can't change this later.
    • Description: A friendly description. You can change this later if you want to.
    • Advanced options - Tags: Optionally, you can apply tags. If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.
  5. Click Create.
Create the Policy

Before you create the policy, you'll need to know the correct value for your application's resource-type. The resource-type is what the policy grants access to. See Application Policy Reference to find the correct resource-type for your application.

  1. Navigate to the policies page of the identity domain:
    • If you are still on the Groups page from the preceding step, click Domains in the breadcrumb links at the top of the page. On the Domains page, click Policies on the left side of the page.
    • Otherwise, open the navigation menu, under Infrastructure, click Identity & Security to expand the menu, and then under Identity, click Policies. The list of policies is displayed.

      Detail showing navigation path to the Policies page
  2. Click Create Policy.
  3. Enter the following:
    • Name: A unique name for the policy. The name must be unique across all policies in your tenancy. You cannot change this later.
    • Description: A friendly description. You can change this later if you want to.
    • Compartment: Ensure that the tenancy (root compartment) is selected.
  4. On the Policy Builder, toggle on Show manual editor to display the text box for free-form text entry.

    Detail showing the Policy Builder and manual editor toggle
  5. Enter the appropriate statements for the service you want to grant access to. See Application Policy Reference for the statements required for your application. The policy statements take the form of:
    Allow group <your-group-name> to read <application-environment> in tenancy
    Allow group <your-group-name> to read organizations-subscriptions in tenancy
    Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
     

    where

    <your-group-name> is the group you created in a previous step and

    <application-environment> is the resource-type for your application. For a list of the resource-types, see Application Policy Reference.

  6. Click Create.
Tip

You can use the Copy option in the policy sample shown in the Application Policy Reference to copy the set of policy statements. You can then paste the statements into the Policy Builder text box so that you only need to update the value for <your-group-name>. See Example: How to Copy and Paste a Policy.

Create a User
  1. From the Oracle Cloud Console home page, under Quick actions, click Add a user to your tenancy.
  2. Click Create User.
  3. Enter the user's First name and Last name.
  4. To have the user log in with their email address:
    • Leave the Use the email address as the username check box selected.
    • In the Username / Email field, enter the email address for the user account.

    or

    To have the user log in with their user name:
    • Clear the Use the email address as the username check box.
    • In the Username field, enter the user name that the user is to use to log in to the Console.
    • In the Email field, enter the email address for the user account.
  5. To assign the user to a group, select the check box for each group that you want to assign to the user account.
  6. Click Create.

Application Policy Reference

The following sections list the resource-type names for each of the applications services. Find your application in the table and use the provided statements in your policies.

Note

The applications services shown here don't support self-service environment provisioning. For help writing policies for applications services that do support self-service provisioning, see Managing User Access to Applications Environments.
Oracle Communications Policies

When you subscribe to one of the Oracle Communications applications, Oracle creates the application service environment for you. You can view details about your subscriptions and your application URLs from the Oracle Cloud Console.

To give another user access to interact with your Oracle Communications application services in the Oracle Cloud Console, you use one of the following verbs in your policy statements:

  • read - allows the user to view all information about the environment.
  • inspect - allows the user to list the environments only; user can't view the details pages.

The following table lists the resource type names and sample policy statements you can copy and paste to create the policy to give access to a group. The samples all use the readverb. If you want to grant inspect access only, replace read with inspect when you create your policy.

Application Service Resource Types and Policy Sample
Security Shield

Resource type: cgbuocss-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read cgbuocss-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Session Delivery Management Cloud

Resource type: cgbuosdmc-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read cgbuosdmc-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
SD-WAN Orchestration Cloud Service

Resource type: cgbusdwan-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read cgbusdwan-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Financial Services Policies

When you subscribe to one of the Oracle Financial Services applications, Oracle creates the application service environment for you. You can view details about your subscriptions and your application URLs from the Oracle Cloud Console.

To give another user access to interact with your Oracle Financial Services application services in the Oracle Cloud Console, you use one of the following verbs in your policy statements:

  • read - allows the user to view all information about the environment.
  • inspect - allows the user to list the environments only; user can't view the details pages.

The following table lists the resource type names and sample policy statements you can copy and paste to create the policy to give access to a group. The samples all use the readverb. If you want to grant inspect access only, replace read with inspect when you create your policy.

Application Service Resource Types and Policy Sample
Oracle Banking Virtual Account Management Cloud Service

Resource type: fsgbuobvam-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read fsgbuobvam-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Banking Credit Facilities Process Management Cloud Service

Resource type: fsgbuobcfpm-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read fsgbuobcfpm-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Banking Corporate Lending Process Management Cloud Service

Resource type: fsgbuobclpm-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read fsgbuobclpm-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Banking Digital Experience Cloud Service

Resource type: fsgbuobdx-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read fsgbuobdx-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Banking Liquidity Management Cloud Service

Resource type: fsgbuoblm-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read fsgbuoblm-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Banking Payments Cloud Service

Resource type: fsgbuobpm-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read fsgbuobpm-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Banking Supply Chain Finance Cloud Service

Resource type: fsgbuobscf-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read fsgbuobscf-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Banking Trade Finance Process Management Cloud Service

Resource type: fsgbuobtfpm-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read fsgbuobtfpm-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Financial Revenue Management and Billing Cloud Service

Resource type: ofsrmbcs-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read ofsrmbcs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Financial Service Cloud

Resource type: fsgbufsc-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read fsgbufsc-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Health Insurance

Resource type: ohi-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read ohi-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Financial Services Lending & Leasing Cloud Service

Resource type: ofsllcs-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read ofsllcs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Financial Services Crime and Compliance Management Anti Money Laundering Cloud Service - Transaction Monitoring

Resource type: fsgbufccmamlcs-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read fsgbufccmamlcs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Financial Services Performance Analytics Cloud Service

Resource type: ofspacs-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read ofspacs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Financial Services Price Creation and Discovery Cloud Service

Resource type: ofspcdcs-environment

Sample policy to copy and paste:

Allow group <your-group-name> to read ofspcdcs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Oracle Utilities Policies

When you subscribe to one of the Oracle Utilities applications, Oracle creates the application service environment for you. You can view details about your subscriptions and your application URLs from the Oracle Cloud Console.

To give another user access to interact with your Oracle Utilities application services in the Oracle Cloud Console, you use one of the following verbs in your policy statements:

  • read - allows the user to view all information about the environment.
  • inspect - allows the user to list the environments only; user can't view the details pages.

The following table lists the resource type names and sample policy statements you can copy and paste to create the policy to give access to a group. The samples all use the readverb. If you want to grant inspect access only, replace read with inspect when you create your policy.

Application Service Resource Types and Policy Sample
Utilities Analytics Insights Cloud Service

Resource type: ugbuaics-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbuaics-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Customer Cloud Service

Resource type: ugbuccs-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbuccs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Customer Care and Billing

Resource type: ugbuccb-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbuccb-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Generation Asset Manager

Resource type: ugbugam-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbugam-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Meter Solution Cloud Service

Resource type: ugbumscs-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbumscs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Rate Cloud Service

Resource type: ugburcs-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugburcs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Billing Cloud Service

Resource type: ugbubcs-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbubcs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Work and Asset Cloud Service

Resource type: ugbuwacs-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbuwacs-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy
Utilities Digital Self Service Transaction

Resource type: ugbudsst-environment

Sample policy to copy and paste:
Allow group <your-group-name> to read ugbudsst-environment in tenancy
Allow group <your-group-name> to read organizations-subscriptions in tenancy
Allow group <your-group-name> to read organizations-assigned-subscriptions in tenancy

Example: How to Copy and Paste a Policy

Assume you have a group called "environment-viewers". You want this group to be limited in the Oracle Cloud Console to viewing only Oracle Utilities Customer Cloud Service environments.

  1. Go to the Oracle Utilities Policies in the documentation.
  2. Find Utilities Customer Cloud Service in the table. Click Copy to copy the policy statements.

    Detail on using the Copy button in the documentation
  3. In the Policy Editor, paste the statements from the documentation table and then update the value for <your-group-name> in each of the statements with the group name you created.

    Detail showing the Policy Builder with pasted statements and updated group names

For More Information About Using IAM

This topic provides the basic procedures for creating specific user types in your account to get you started with application environment management. For full details on managing users who need to access this and other services, see:

Overview of IAM

Managing Users

Managing Access to Resources