Oracle Cloud Infrastructure Documentation

How Do I Assign the Roles?

If IDCS role synchronization hasn't been disabled for your Oracle Cloud Applications environment, you can follow the instructions in Assign Oracle Cloud Applications Roles, wait a half hour while the roles are synchronized with the IDCS system, and then your users should be able to use VB Studio without any further involvement on your part.

If role synchronization has been disabled, role assignment is a two-step process:

  1. Create an Oracle Cloud Applications user, then assign a role to that user using the Oracle Cloud Applications Security Console. See Assign Oracle Cloud Applications Roles.
  2. In IDCS, manually assign a VB Studio role (DEVELOPER_ADMINISTRATOR or DEVELOPER_USER) to the Oracle Cloud Applications user. See Assign VB Studio Roles in OCI Identity and Access Management.

Assign Oracle Cloud Applications Roles

Before beginning the process, review some background information:

  • Standard roles (listed in step 7 below) are predefined. Their privileges are automatically updated as necessary, such as when new features or services are added.
  • Custom roles are created as substitutes for standard roles, allowing only specific privileges. These privileges are assigned in the Oracle Cloud Applications Security Console.

    If you're using custom roles, you'll want to be sure that your custom roles have the privileges and permissions required for working in VB Studio. See Configure Oracle Cloud Applications Custom Roles.

To assign an Oracle Cloud Applications role to a new or existing Oracle Cloud Applications user:

  1. Sign in to Oracle Cloud Applications as an administrator with access to the Security Console.
  2. Click Navigation the Menu icon menu to open the navigation menu and, under Tools, click Security Console.

    Description of fa-tools-security-console.png follows

  3. Click Users in the navigation pane.
    The User Accounts page is displayed.
    Description of fa-user-accounts-page.png follows

  4. To create a new user, click Add User Account and follow the prompts. To assign a role to an existing user, use the Search field to find the user you want, then skip to step 6.
    The Add User Account page is displayed.
  5. Fill out the User Information fields (First Name, Last Name, Email, Password, Confirm Password).

    Description of fa-add-user-account-page-filled.png follows

    The User Name field has been filled in for you, using the first and last names you entered separated by a period.

  6. Click Add Role.
    The Add Role Membership from Role page is displayed.
  7. Select one of the standard Oracle Cloud Applications roles:
    • Application Administrator (ORA_FND_APPLICATION_ADMINISTRATOR_JOB)
    • Application Developer (ORA_FND_APPLICATION_DEVELOPER_JOB)
    • Human Capital Management Application Administrator (ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)
    • Sales Administrator (ORA_ZBS_SALES_ADMINISTRATOR_JOB)
    • Customer Relationship Management Application Administrator (ORA_ZCA_CUSTOMER_RELATIONSHIP_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)
    Note

    To see the list of assignable roles when extending Oracle Cloud Applications, users need to be assigned a role with the PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV privilege, such as ORA_PER_EMPLOYEE_ABSTRACT or ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB.

    Instead of standard roles, you can also select custom roles. If you use custom roles and role synchronization is enabled, you must also assign one of these roles:

    • Synchronization Enabled Administrator Identity (ORA_SYNC_ENABLED_ADMINISTRATOR_ABSTRACT)
    • Synchronization Enabled Developer Identity (ORA_SYNC_ENABLED_DEVELOPER_ABSTRACT)
    Note

    The ORA_SYNC_ENABLED_ADMINISTRATOR_ABSTRACT and ORA_SYNC_ENABLED_DEVELOPER_ABSTRACT roles grant access to VB Studio, but don't offer any additional privileges for Oracle Cloud Applications.
  8. After you select the role to assign to the user, click Add Role Membership.

    Description of fa-add-role-membership-done.png follows

  9. Click Done.
    The Add User Account page is displayed, showing the new user with an assigned role.
    Description of fa-add-user-account-role-all-filled.png follows

  10. Click Save and Close.

From the time role membership was granted via the Security Console, it will take approximately 30 minutes for a user to gain access. If, after 30 minutes, a user is still seeing a You are not a member of this organization warning message when attempting to create a simple extension, it's very likely that IDCS role sync has been disabled on your environment. In this case, you need to follow the instructions in Assign VB Studio Roles in OCI Identity and Access Management to assign one of the VB Studio roles in IDCS to the Oracle Cloud Applications user.

Assign VB Studio Roles in OCI Identity and Access Management

If you just created a new user in Oracle Cloud Applications, it will take at least 30 minutes for the user profile to show up in OCI Identity and Access Management so that you can assign a VB Studio user role to it.

Assign VB Studio access to users in the identity domain associated to the Oracle Cloud Application instance:

  1. Sign in to your identity domain using your credentials and the URL you received.
    Note

    If you don't have access to the URL, see How Do I Access the IDCS Console From the Oracle Cloud Console?

    You'll see this page:
    Description of oci-upgrade-screen.png follows

  2. Click the Take me there button.
    The domain's Overview page is displayed.

    Tip:

    If you click the Don't show me this again check box, the page with the upgrade notice will be bypassed and you'll see the domain's Overview page after you log in.


    Description of oci-domain-overview-screen.png follows

  3. Under Identity domain, click Oracle Cloud Services to display the list of service instances that are available in your identity domain.
  4. Select the service that begins with VisualBuilderStudioInstance.
  5. In the Resources list, click Application roles.

    All roles that can be assigned for the VB Studio service are displayed.
    Description of oci-application-roles-list-screen.png follows

  6. Click the down arrow on the right side of the role's row to display the list of resources you can manage:


    Description of oci-application-roles-manage-users-screen.png follows

  7. Click Manage next to Assigned users.

    The Manage user assignments dialog is displayed.
    Description of oci-manage-user-assignments-screen.png follows

  8. Click + Show available users, then use Search to locate the user name you are searching for.


    Description of oci-manage-user-assignments-locate-user-screen.png follows

  9. After you locate the user, click the Assign checkbox on the left side of the user's row, then click the Assign button.

    The Assigned users section of the panel shows the new user you assigned.
    Description of oci-manage-user-assignments-adding-user-screen.png follows

  10. Click the Close button.
  11. Repeat these steps to assign VB Studio roles to additional users.