Projects: Control User Access

On This Page

Access at a Glance

Area	More information
People who need access
Authentication method: Authentication method that is used by the user interface or APIs	The way that you access a project determines your authentication method. You have the following options for accessing projects: Through the Oracle Integration instance user interface. For details, see Oracle Integration Instance User Interface: Control User Access. Through the Oracle Integration built-in REST APIs. For details, see Oracle Integration Instance APIs: Control User and Client System Access.
Authorization method: Role-based access control	Role-based access control governs access to a project and its integration components within an Oracle Integration instance, including actions that you perform using the Oracle Integration built-in APIs. Role-based access control, sometimes called RBAC, determines the users and groups who can edit, view, and monitor a project. Role-based access control can be more restrictive than a service role but can never give a user more permissions than a service role allows. For example: When a user with a developer service role has monitoring rights in a project, the user can view but not update the components. The user's service role would ordinarily grant the user edit rights, but the role-based access control in the project limits the user to read-only access. When a user with a monitoring service role is granted developer access in a project, the user cannot delete components in the project. The user's service role doesn't allow the user to delete components, and the role-based access control in the project does not provide more access than the user's service role. Notes: A project administrator can add and remove other project administrators within a given project. People with the ServiceAdministrator role always have unrestricted access to every project in an instance.

Area

More information

People who need access

Instance users

Authentication method:

Authentication method that is used by the user interface or APIs

The way that you access a project determines your authentication method. You have the following options for accessing projects:

Through the Oracle Integration instance user interface.

For details, see Oracle Integration Instance User Interface: Control User Access.
Through the Oracle Integration built-in REST APIs.

For details, see Oracle Integration Instance APIs: Control User and Client System Access.

Authorization method:

Role-based access control

Role-based access control governs access to a project and its integration components within an Oracle Integration instance, including actions that you perform using the Oracle Integration built-in APIs. Role-based access control, sometimes called RBAC, determines the users and groups who can edit, view, and monitor a project.

Role-based access control can be more restrictive than a service role but can never give a user more permissions than a service role allows. For example:

When a user with a developer service role has monitoring rights in a project, the user can view but not update the components.

The user's service role would ordinarily grant the user edit rights, but the role-based access control in the project limits the user to read-only access.
When a user with a monitoring service role is granted developer access in a project, the user cannot delete components in the project.

The user's service role doesn't allow the user to delete components, and the role-based access control in the project does not provide more access than the user's service role.

Notes:

A project administrator can add and remove other project administrators within a given project.
People with the ServiceAdministrator role always have unrestricted access to every project in an instance.

How to Control Access

Security goal	Owner	More information
Control the people who can access each project	Instance users with the ServiceAdministrator role, or project administrators with the ServiceDeveloper role	Assign role-based access control within each project. To learn about role-based access control, and to set up access, see Control Who Can Edit, View, and Monitor in a Project in Using Integrations in Oracle Integration 3.

Security goal

Owner

More information

Control the people who can access each project

Instance users

Instance users with the ServiceAdministrator role, or project administrators with the ServiceDeveloper role

Assign role-based access control within each project.

To learn about role-based access control, and to set up access, see Control Who Can Edit, View, and Monitor in a Project in Using Integrations in Oracle Integration 3.