4 Create Users and Assign Roles

About Roles

You use the Role-Based Access Control model to protect your application. Roles control the access that you have to different features of your application.

This table describes the job roles that you can assign for integrating and configuring applications. You can create the usersand assign only these predefined roles to them. These roles are created as groups in Oracle Identity Cloud Service.

Table 4-1 Job Roles for Integrating and Configuring Applications

Job Role Job Role Code Description
DX4C_Configuration_Endpoint_Read

<Workspace- ID>_DX4C_Configuration_Endpoint_Read

For example: DX-PROD_DX4C_Configuration_Endpoint_Read

 Views the endpoint and system configuration.
DX4C_Configuration_Endpoint_Write

<Workspace- ID>_DX4C_Configuration_Endpoint_Write

For example: DX-PROD_DX4C_Configuration_Endpoint_Write

 Views or updates the endpoint and system configuration.
DX4C_Configuration_Eventing_Read

<Workspace- ID>_DX4C_Configuration_Eventing_Read

For example: DX-PROD_DX4C_Configuration_Eventing_Read

 Views the event listener configuration.
DX4C_Configuration_Eventing_Write

<Workspace- ID>_DX4C_Configuration_Eventing_Write

For example: DX-PROD_DX4C_Configuration_Eventing_Write

 Views or updates the event listener configuration.
DX4C_Configuration_API_Registration_Read

<Workspace- ID>_DX4C_Configuration_Registration_Read

For example: DX-PROD_DX4C_Configuration_Registration_Read

 Views TM Forum (TMF) Open APIs and the non-TMF custom APIs registered in the application.
DX4C_Configuration_API_Registration_Write <Workspace- ID>_DX4C_Configuration_Registration_Write

For example: DX-PROD_DX4C_Configuration_Registration_Write

 Views,updates, or removes the non-TMF custom APIs registered in the application.

Table 4-2 Job Roles for Different Users

User Job Roles Description
TMF Specialist
  • DX4C_Configuration_Endpoint_Read
  • DX4C_Configuration_Endpoint_Write
  • DX4C_Configuration_Eventing_Read
  • DX4C_Configuration_Eventing_Write
  • DX4C_Configuration_Routing_Read
 Performs TM Forum Open APIs specific configuration, such as reviewing routing and gatekeeper rules and setting up event listeners.
System Configuration Viewer
  • DX4C_Configuration_Routing_Read
  • DX4C_Configuration_Endpoint_Read
  • DX4C_Configuration_Eventing_Read
  • DX4C_Configuration_API_Registration_ Read

Views the following configuration in a restricted and read-only manner:

  • Integratedapplications
  • Gatekeeperrules
  • Event listeners
System Administrator
  • DX4C_Configuration_Routing_Read
  • DX4C_Configuration_Endpoint_Read
  • DX4C_Configuration_Endpoint_Write
  • DX4C_Configuration_Eventing_Read
  • DX4C_Configuration_Eventing_Write
  • DX4C_Configuration_API_Registration_ Read
  • DX4C_Configuration_API_Registration_ Write

An administration user who performs all the configuration required to:

  • Set up or modify custom APIs (TMF or non-TMF) or gatekeepers.
  • Route requests to integrated applications.
  • Publish events to listeners.

Create Users and Assign Roles

As an initial user or administrator, you create users and assign them the predefined roles to perform certain necessary tasks in your application. You use the Security Console to create users.

After you have signed up with your Oracle cloud service, you receive the user name and password for one initial user. This user is provisioned with the job role necessary to perform the necessary setup tasks, including creating users.

Here's how you can create users. You must be an initial user or administrator to do this task.

Caution:

  • Create unique users for each environment.
  • Assign the users only the roles required to perform their assigned tasks.
  1. Go to Navigator Tools > Security Console.
  2. In the Users tab, click Add User Account.
  3. Specify the following details to create a user:
    1. Specify the required details, such as First Name, Last Name, Email, and User Name.
    2. Select the Associated Person Type as Employee.

  4. Enter any user-defined password for the account and then confirm the password.

    The user is now created. You can assign individual roles to this user or assign the user to a group that contains all the relevant roles for this user, for example, DX4C_System_Administrator. If you are assigning individual roles, go to next step. If you are assigning a group, skip adding roles and save the changes. See the following topics for creating groups and assigning roles and users.

  5. Click Add Role.
  6. On the Add Role Membership dialog box, search and select the appropriate roles for the users.
  7. Click Add Role Membership. A confirmation dialog appears.
  8. Click OK and then Done.
  9. Click Save and Close.

  10. To assign additional roles to the user, select the same account and repeat steps 5 to 9.

    Selected roles or groups are assigned to the user.

Create Groups and Assign Roles

Here's how you create groups and assign roles to that group:

  1. In the Oracle Cloud Infrastructure Console, click the navigation menu icon, navigate to identity and security, then under Identity, click Federation.
  2. On the Federation page, click OracleIdentityCloudService.
  3. On the identity provider details page, click the Oracle Identity Cloud Service Console link.

    The Oracle Identity Cloud Service Console opens in a new window.

  4. In the Identity Cloud Service Console, click navigation menu icon, and then click Groups.
  5. To create a group, click Add.
  6. Enter a name and description for the group that outlines the purpose of this group.
  7. To allow users to request access to this group, click User can request access.
  8. Click Finish.

Now you can assign roles to the group you created. Though you can assign roles to the users directly, it's easier to manage assignments when you create a group for roles and then assign roles and users to those groups.

Here's how you assign roles to a group:

  1. In the Identity Cloud Service console, click navigation menu icon, and then click Applications.
  2. Open the Oracle Identity Cloud Service application defined for your application.
  3. Click the Application Roles tab.
  4. Next to the role you want to assign, click action menu icon, and then select Assign Groups.
  5. Find and select the group you just created, and then click Assign. For a description of the predefined roles, see the About Roles topic.

Assign Users to Groups

Assign users to groups to automatically assign them the appropriate roles and permissions.

Here's how you assign users to a group:

  1. In the Identity Cloud Service console, click navigation menu icon, and then click Groups.
  2. Open the group you want to assign users to.
  3. Click Users and then Assign.
  4. Select the users you want to add, and then click OK.

Remove Users

You use Oracle Identity Cloud Service to remove users from your application.

Only the initial or administrative user can perform this task. You can remove users in either of these ways:

  • Deactivate users: The user and all related information remain in the application. The user can be reactivated in the future.
  • Delete users: The user and all related information are removed from the application. The user can't be reactivated.

Refer to the chapter Manage Oracle Identity Cloud Service Users in Administering Oracle Identity Cloud Service for more information.

Set Up Password Policies

Here's the default password policy for your application:

  • Minimum length: 8 characters
  • Minimum numeric characters: 1
  • Minimum alphabet characters: 2
  • Minimum uppercase characters: 1
  • Minimum lowercase characters: 1
  • Minimum special characters: 1

For information about modifying this policy, refer to the chapter Managing Oracle Identity Cloud Service Password Policies in Administering Oracle Identity Cloud Service.