Oracle Cloud Infrastructure Documentation

Configure Oracle Cloud Applications Custom Roles

Oracle delivers a set of predefined Oracle Cloud Applications standard roles that already have the required VB Studio-related privileges. If you use your own custom roles, you'll need to manually add those specific privileges so that assigned users can work with extensions. And, your users will require some additional roles, as well.

You create custom roles in the Security Console. Generally, the most efficient approach is to copy a standard role and then edit it to add or remove privileges. If your custom role will have only a few privileges, you can create it from scratch. See Copy Job Role and Abstract Role and Create Job Role and Abstract Role from Scratch in Oracle Fusion Cloud Applications Securing Applications.

Note

The privileges listed below are required for custom roles assigned to VB Studio users, but don't—by themselves—provide access to VB Studio. For access to VB Studio, see How Do I Assign the Roles?

Required Privileges

Your custom roles must include these privileges:

  • View Administration Link (FND_VIEW_ADMIN_LINK_PRIV) - this privilege allows users to see the Edit Page in Visual Builder Studio link on Oracle Cloud Applications pages, if enabled by Oracle. Users click this link to jump over to VB Studio.
  • Administer Sandbox (FND_ADMINISTER_SANDBOX_PRIV) - this privilege allows users to deploy and manage the extension lifecycle from VB Studio.

The best practice is to copy and then edit one of these standard roles:

  • Application Administrator (ORA_FND_APPLICATION_ADMINISTRATOR_JOB)
  • Application Developer (ORA_FND_APPLICATION_DEVELOPER_JOB)
  • Human Capital Management Application Administrator (ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)
  • Sales Administrator (ORA_ZBS_SALES_ADMINISTRATOR_JOB)
  • Customer Relationship Management Application Administrator (ORA_ZCA_CUSTOMER_RELATIONSHIP_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)

If you copy one of the preceding roles, the resulting custom role will automatically include both the View Administration Link and Administer Sandbox privileges.

Additional Roles Required for VB Studio Access

If you're using custom roles, you'll also need to assign some additional roles to your users to enable VB Studio access:

  • If role synchronization is enabled, you must assign one of the Synchronization Enabled abstract roles to your users:
    • Synchronization Enabled Administrator Identity (ORA_SYNC_ENABLED_ADMINISTRATOR_ABSTRACT)
    • Synchronization Enabled Developer Identity (ORA_SYNC_ENABLED_DEVELOPER_ABSTRACT)
  • If role synchronization isn't enabled, you'll need to log into the IDCS console and follow the instructions in Assign VB Studio Roles in OCI Identity and Access Management for assigning VB Studio access.