Oracle Cloud Infrastructure Documentation

How Do I Assign the Roles?

If IDCS role synchronization hasn't been disabled for your Oracle Cloud Applications environment, you can follow the instructions in Assign Oracle Cloud Application Roles, wait a half hour while the roles are synchronized with the IDCS system, and then your users should be able to use VB Studio without any further involvement on your part.

If role synchronization has been disabled, role assignment is a two-step process:

  1. Create an Oracle Cloud Applications user, then assign a role to that user using the Oracle Cloud Applications Identity manager. See Assign Oracle Cloud Application Roles.
  2. In IDCS, manually assign a VB Studio role (DEVELOPER_ADMIN or DEVELOPER_USER) to the Oracle Cloud Applications user. See Assign VB Studio Roles in OCI Identity and Access Management.

Assign Oracle Cloud Application Roles

Before beginning the process, review some background information:

  • Standard roles (listed in step 7 below) are predefined. Their permissions are automatically updated as necessary, such as when new features or services are added.
  • Custom roles are created as substitutes for standard roles, allowing only specific privileges. These privileges are assigned in the Oracle Cloud Applications security console.
    A custom role can be one of the following:
    • If role synchronization is enabled, one of the Oracle Cloud Applications abstract roles (ORA_SYNC_ENABLED_ADMINISTRATOR_ABSTRACT or ORA_SYNC_ENABLED_DEVELOPER_ABSTRACT) will need to be assigned in the Oracle Cloud Applications security console along with the FND_ADMINISTER_SANDBOX_PRIV and FND_MANAGE_SANDBOX_PRIV privileges.
    • If role sync is disabled, one of the VB Studio IDCS roles (DEVELOPER_ADMINISTRATOR or DEVELOPER_USER) will need to be assigned instead of the Oracle Cloud Applications abstract roles. The VB Studio IDCS roles are assigned in the IDCS console.

      The custom roles are assigned to VB Studio IDCS roles in the same manner as standard roles, with administrative roles mapping to the VB Studio administrator role in IDCS and non-administrative roles being assigned the VB Studio developer role in IDCS.

To assign an Oracle Cloud Applications role to a new or existing Oracle Cloud Applications user:

  1. Sign in to the Applications Console.
    Make sure that you specify the identity domain where you want to create the user.
  2. Click Navigation the Menu icon menu to open the navigation menu and, under Tools, click Security Console.

    Description of fa-tools-security-console.png follows

  3. Click Users in the navigation pane.
    The User Accounts page is displayed.
    Description of fa-user-accounts-page.png follows

  4. To create a new user, click Add User Account and follow the prompts. To assign a role to an existing user, use the Search field to find the user you want, then skip to step 6.
    The Add User Account page is displayed.
  5. Fill out the User Information fields (First Name, Last Name, Email, Password, Confirm Password).

    Description of fa-add-user-account-page-filled.png follows

    The User Name field has been filled in for you, using the first and last names you entered separated by a period.

  6. Click Add Role.
    The Add Role Membership from Role page is displayed.
  7. Select one of the standard Oracle Cloud Applications roles:
    • Application Administrator (ORA_FND_APPLICATION_ADMINISTRATOR_JOB)
    • Sales Administrator (ORA_ZBS_SALES_ADMINISTRATOR_JOB)
    • Customer Relationship Management Application Administrator (ORA_ZCA_CUSTOMER_RELATIONSHIP_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)
    • Synchronization Enabled Administrator Identity (ORA_SYNC_ENABLED_ADMINISTRATOR_ABSTRACT)
    • Application Developer (ORA_FND_APPLICATION_DEVELOPER_JOB)
    • Synchronization Enabled Developer Identity (ORA_SYNC_ENABLED_DEVELOPER_ABSTRACT)
    • Human Capital Management Application Administrator (ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)
    Note

    To see the list of assignable roles when extending Oracle Cloud Applications, users need to be assigned a role with the PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV privilege, such as ORA_PER_EMPLOYEE_ABSTRACT or ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB.

    Note

    The ORA_SYNC_ENABLED_ADMINISTRATOR_ABSTRACT and ORA_SYNC_ENABLED_DEVELOPER_ABSTRACT roles grant access to VB Studio, but do not offer any additional privileges for Oracle Cloud Applications.

    If you created a custom role, you can select it instead of a standard role.

  8. After you select the role to assign to the user, click Add Role Membership.

    Description of fa-add-role-membership-done.png follows

  9. Click Done.
    The Add User Account page is displayed, showing the new user with an assigned role.
    Description of fa-add-user-account-role-all-filled.png follows

  10. Click Save and Close.

From the time role membership was granted via the security console, it will take approximately 30 minutes for a user to gain access. If, after 30 minutes, a user is still seeing a warning message indicating that they are not a member of the organization, it is very likely that IDCS role sync has been disabled on your environment, and you need to follow the instructions in Assign VB Studio Roles in OCI Identity and Access Management to assign one of the VB Studio roles in IDCS to the Oracle Cloud Application user.

Assign VB Studio Roles in OCI Identity and Access Management

If you just created a new user in Oracle Cloud Applications, it will take at least 30 minutes for the user profile to show up in OCI Identity and Access Management so that you can assign a VB Studio user role to it.

Assign VB Studio access to users in the identity domain associated to the Oracle Cloud Application instance:

  1. Sign in to your identity domain using your credentials and the URL you received.
    Note

    If you don't have access to the URL, see How Do I Access the IDCS Console From the Oracle Cloud Console?

    You'll see this page:
    Description of oci-upgrade-screen.png follows

  2. Click the Take me there button.
    The domain's Overview page is displayed.

    Tip:

    If you click the Don't show me this again check box, the page with the upgrade notice will be bypassed and you'll see the domain's Overview page after you log in.


    Description of oci-domain-overview-screen.png follows

  3. Under Identity domain, click Oracle Cloud Services to display the list of service instances that are available in your identity domain.
  4. Select the service that begins with DevServiceAppAUTO.
  5. In the Resources list, click Application roles.

    All roles that can be assigned for the VB Studio service are displayed.
    Description of oci-application-roles-list-screen.png follows

  6. Click the down arrow on the right side of the role's row to display the list of resources you can manage:


    Description of oci-application-roles-manage-users-screen.png follows

  7. Click Manage next to Assigned users.

    The Manage user assignments dialog is displayed.
    Description of oci-manage-user-assignments-screen.png follows

  8. Click + Show available users, then use Search to locate the user name you are searching for.


    Description of oci-manage-user-assignments-locate-user-screen.png follows

  9. After you locate the user, click the Assign checkbox on the left side of the user's row, then click the Assign button.

    The Assigned users section of the panel shows the new user you assigned.
    Description of oci-manage-user-assignments-adding-user-screen.png follows

  10. Click the Close button.
  11. Repeat these steps to assign VB Studio roles to additional users.