Adding Oracle Cloud Console Users

Give users access to work with your Applications environments in the Oracle Cloud Console.

This topic explains how you can set up additional users to view and work with application subscriptions in the Console.

The user entered when the Oracle Cloud Account was created is the default administrator of the tenancy. The default administrator can perform all tasks in Oracle Cloud Infrastructure, including view all applications subscriptions.

Important

If you need to add users to work in your application, see your application documentation.

Applications environment management integrates with the Identity and Access Management Service (IAM) service for authentication and authorization. IAM uses policies to grant permissions to groups. Users have access to resources (such as environments) based on the groups that they belong to. The default administrator can create groups, policies, and users to give access to the resources.

Management Tasks Vary for Different Applications Services

Management tasks, and therefore access options, differ for different applications services. Applications services can be divided into two management categories:

  • Applications services for which Oracle creates the environments. Because you don't create the environments, management tasks include only viewing details of the environments and your subscriptions. To create limited access users for these services, use the procedure described below in this topic.
  • Applications services for which you create and manage the environments. Because you create the environments, management tasks include create, delete, and update of the environments. To create limited access users for these services, see:

Add a Tenancy Administrator

This procedure describes how to add another user to your tenancy Administrators group. Members of the Administrators group have access to all features and services in the Oracle Cloud Console.

This procedure does not give the user access to sign in to the application service console. To add users to your application, see your application documentation.

To add an administrator:

  1. Open the navigation menu  and select Identity & Security. Under Identity, select Domains.
  2. Select the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want. Then, select Users.
  3. Select Create user.
  4. Enter the user's First name and Last name.
  5. To have the user log in with their email address:
    • Leave the Use the email address as the username check box selected.
    • In the Username / Email field, enter the email address for the user account.

    or

    To have the user log in with their user name:
    • Clear the Use the email address as the username check box.
    • In the Username field, enter the user name that the user is to use to log in to the Console.
    • In the Email field, enter the email address for the user account.
  6. Under Select groups to assign this user to, select the check box for Administrators.
  7. Click Create.

A welcome email is sent to the address provided for the new user. The new user can follow the account activation instructions in the email to sign in and start using the tenancy.

Add a Non-Admin User

This procedure describes how to create a group that has access to view applications in the Oracle Cloud Console, but can't perform other administrative tasks.

To give users permissions to view your applications in the Oracle Cloud Console, you need to:

  1. Create a group.
  2. Create a policy that grants the group access to view environment resources.
  3. Create a user and add them to the group.

The following tasks walk you through creating a group, policy, and user in the IAM service. The default administrator can perform these tasks, or another user that has been granted access to administer IAM.

Application Policy Reference

The following sections list the resource-type names for each of the applications services. Find your application in the table and use the provided statements in your policies.

Note

The applications services shown here don't support self-service environment provisioning. For help writing policies for applications services that do support self-service provisioning, see Managing User Access to Applications Environments.

Example: How to Copy and Paste a Policy

Assume you have a group called "environment-viewers". You want this group to be limited in the Oracle Cloud Console to viewing only Oracle Utilities Customer Cloud Service environments.

  1. Go to the Oracle Utilities Policies in the documentation.
  2. Find Utilities Customer Cloud Service in the table. Click Copy to copy the policy statements.

    Detail on using the Copy button in the documentation
  3. In the Policy Editor, paste the statements from the documentation table and then update the value for <your-group-name> in each of the statements with the group name you created.

    Detail showing the Policy Builder with pasted statements and updated group names

For More Information About Using IAM

This topic provides the basic procedures for creating specific user types in your account to get you started with application environment management. For full details on managing users who need to access this and other services, see:

Overview of IAM

Managing Users

Managing Access to Resources