Managing Users and Roles Using the Identity Console

Overview

Purpose

This tutorial covers how to manage users and roles using the Identity Console.

Time to Complete

Approximately 40 minutes

Introduction

The Oracle Cloud is based on the Oracle Identity Manager product. This enables you to add and remove users, grant them permissions related to administration and usage of the service, and connect credentials across multiple instances you have purchased.

In this tutorial, you review your own user profile, change your password, set your security questions and review your current roles. In addition, you create a new user and assign the user to a variety of roles at different times to see the differences between them.

Prerequisites

Before starting this tutorial, you should have performed the following tutorials:

Accessing the Identity Console

In order to access the Identity Console for your service, login to your Identity Domain. Perform the following steps:

Open a browser and enter the following URL:

http://cloud.oracle.com

Click Sign In.

Make sure the correct Data Center for your service is selected and click Sign In to My Services.

If you receive the login window, enter your User ID, Password and the Identity Domain name you created when you created the service. Then click Sign In.

Your service is displayed. In the next section, you login to the Identity Console and review your profile. Click Identity Console.

Your need to login to the Identity Console the first time. Enter your credentials and click Sign In.

Updating Your User Profile

In this section, you review your user profile in the Identity Console. Perform the following steps:

Review your information. To change your password, expand the Change Password section..

Enter your existing password and then a new password for the fields presented based on the policy rules and click Apply.

Your password was changed successfully. Click OK.

It is important to setup challenge questions so that you can identify yourself if you forget your password. Expand the **Challenge Questions** section and select one of the questions from the drop down.

Once you have all the questions and answers specified, click **Apply**.

The Challenge questions have been saved. Click OK.

Reviewing Your Roles

Roles give users privileges within a service. In this section, you review the roles that have been assigned to you. Perform the following steps:

Under the My Profile option, select **My Roles**.

To see all the roles available, enter * in the search area and click **Search**.

On this page, you can change the columns that are displayed, and you can also reorder the columns. In the next section, you will create a new user.

Creating a New User

You are now ready to create a new user. Note only Identity domain Administrators can create users. Both Identity domain Administrators and Service Administrators can assign or revoke roles. Perform the following steps:

Under Administration, select **Manage Users**.

Enter the information about the user you want to create and click **Create**.

The user was created successfully. Click OK.

To see a list of all the users in this sevice, enter '*' in the search area and click **Search**.

A list of users in this service are displayed. Select the Last Name of the user you just created.

The User Details are displayed. Notice that there are no roles specified. In the next section, you assign a role to the user that will allow them to manage the service. Click **Close**.

Assigning Roles to Users

To assign a role to a user, perform the following steps:

Under Administration, select **Manage Roles**.

To see all the available roles, enter '*' in the search area and click **Search**.

Review the list of Roles. The Identity Domain Administrator will see all roles for all services in the identity domain, including the TenantAdminGroup role (which is not service specific). The Service Administrator will see all roles related to the services the Service Administrator manages in the identity domain (so the TenantAdminGroup role is not visible).

Select **database Database Administrator** from the list and click **Assign**.

Enter your new user name or a portion of the name in the search area and click **Search**.

Select your user from the list and click **Assign**.

The role was assigned to the user successfully. Click OK. In the next section, you review the roles assigned to a user.

Launching a Service as the New User

Now that you have setup your user in the Identity Console, you want to login as the new user and launch the service. Perform the following steps:

Navigate to the Oracle Public Cloud Home page and click Sign In.

Note: you may need to delete your browser cache/cookies to correctly login as the new user.

This time you want to enter the new User ID and password of the user you just created with the same Identity Domain name as before and click **Sign In**.

The first time you login as the new user, you will be prompted to change your password and enter challenge questions. Enter the information and click **Submit**.

Notice that you see your service in the list. Click the **Launch Service** icon.

You are now logged in to Application Express for your Service.

Accessing the Identity Console as the New User

The new user can view and change their information in the Identity Console but because they do not have the TenantAdminGroup role, they will not be able to add or modify other users in this service. Perform the following steps:

In the My Services window, click **Identity Console**.

You are automatically logged into the Identity Console as the same user which is the new user you created. Select the **Manage Users** link.

Enter '*' in the search area and click **Search**.

The list of users is displayed. Notice that the Create/Modify buttons are not displayed because you are not allowed to add or modify users.

Select **Sign Out**. In the next section, you change the role of the user to db_developer to see the differences between the roles.

Changing the Role to a Developer

You want to change the role of the new user from db_administrator to db_developer to see what effect it has. Perform the following steps:

Login with the user name and password you used to create the Identity Domain and click **Sign In**.

Under Administration, select the **Manage Roles** link.

You need to revoke the database Database Administrator role and then assign the database Database Developer role. Select the **database Database Administrator** role from the list and click **Revoke**.

Enter '**Nancy**' in the search area and click **Search**.

Select the user you added from the list and click **Revoke**.

The database Database Administrator role was revoked successfully. Click OK.

Now you can assign the database Database Developer role. Select **database Database Developer** from the list of roles and click **Assign**.

Select the user you added from the list and click **Assign**.

The database Database Developer role was assigned successfully. Click OK. In the next section, you again access the service as the new user but with the database Database Developer role.

Launching a Service as a Developer

This time, you want to launch the service as a Database Developer. Perform the following steps:

Enter the user name and password of the user you just assigned the database Database Developer role and click **Sign In**.

This time the service is not listed. Note that for General Availability a user with database Database Developer role will see the service and be able to launch it from this interface.

To access the Database Cloud Service directly, enter the URL as follows:

http://<service-name>-<identity-domain>.db.cloud.oracle.com/apex

where <service-name> is the name of the Database Cloud Service you created and <identity-domain> is the Identity Domain the service is a part of

You receive the Sign In window. Enter the information for the user you just assigned the db_developer role and click Sign In.

The Application Express Home page is displayed. At this point, applications may be developed and run. In the next section you change the role for the user you created from db_developer to db_user to see the differences.

Changing the Role to an End User

You want to change the role of the new user from db_developer to db_user to see what affect it has. Perform the following steps:

Enter your User ID and password and the same Identity Domain name as before and click Sign In.

You need to revoke the database Database Developer role and then assign the database Database User role. Select the database Database Developer role from the list and click Revoke.

Enter 'Nancy' or the username in the search area and click **Search**.

The database Database Developerrole was revoked successfully. Click OK.

Now you can assign the database Database User role. Select database Database User from the list of roles and click Assign.

The database Database User role was assigned successfully. Click OK. In the next section, you again access the service as the new user but with the database Database User role.

Running an Application as an End User

As an End User, you will only be able to run the applications developed by the administrator or developers. Perform the following steps:

Enter the following URL to access an installed packaged application or a developed database application or websheet, the developer would need to give you the specific URL. It would be something similar to the following:

http://<service-name>-<identity-domain>.db.cloud.oracle.com/apex//f?p=<appid>

You can find the URL by following the instructions in the Finding Direct URLs to Give to Various Users section.

If an end user tries to access the Application Express Development Environment as you did when you had the Database Developer role, the result would be as follows. The URL would be something like the following:

http://<service-name>-<identity-domain>.db.cloud.oracle.com/apex

Finding Direct URLs to Give to Various Users

In this section, you learn how to find the URL you need to give to your developers to develop in Application Express and also how to find the URL you can give to end users so they can access the applications you have built and installed in your Database Cloud Service. Perform the following steps:

Navigate to the Oracle Public Cloud Home Page and select My Services.

Sign in as a user who has the database Database Administrator role.

The value for the host is what you want to send to your developers so they can access Application Express in your database cloud service.

In addition, you can find the URL for packaged applications that you have installed by clicking the Applications tab.

Right click the Run button and select Copy link address to get the URL to run this application in a separate window. This URL is what you would give to an end user to run this application.

Summary

In this tutorial, you have learned how to:

Access the identity console
Update your user profile
Review your roles
Create a new user
Assign roles to users
Review roles assigned to a user
Launch a service as the new user
Access the identity console as the new user
Change the role to a developer
Launch a service as the developer
Change the role to an end user
Run an application as an end user
Find direct URLS to give to various users

Resources

Oracle Cloud Home Page
To learn more about Oracle Application Express, refer to additional OBEs in the Oracle Learning Library

To help navigate this Oracle by Example, note the following:

Hiding Header Buttons:: Click the Title to hide the buttons in the header. To show the buttons again, simply click the Title again.
Topic List Button:: A list of all the topics. Click one of the topics to navigate to that section.
Expand/Collapse All Topics:: To show/hide all the detail for all the sections. By default, all topics are collapsed
Show/Hide All Images:: To show/hide all the screenshots. By default, all images are displayed.
Print:: To print the content. The content currently displayed or hidden will be printed.

To navigate to a particular section in this tutorial, select the topic from the list.