If you have any questions or comments about this topic or the online help, please contact us.

user_management/user_role.htm

User Role

User Role Grants | User Grants

User Role controls data visibility via a virtual private database (VPD) and functional security (Level) for a user. After a role is added, it can be assigned directly to a user or assigned to another role. If you assign multiple roles, a user can switch between each role without logging out and logging back into the system. For example, you may configure many user roles that provide domain level visibility into different sets of data for different companies. Then, you can assign one or more of these roles to a user and the user could switch between the roles as needed without logging in and out. You can also assign multiple roles to a master role and then assign the master role to a user thereby providing that user with visibility in multiple domains of select data.

This page is accessed via Configuration and Administration > User Management > User Role.

  1. Enter a User Role ID.

  2. Select a level from the drop-down list. Level determines the function groups that a user has permission to use. Generally, function groups provide read/write access into the database. All user roles must be assigned a user level, and user levels apply across domains. There are two public levels: ADMIN and DEFAULT. ADMIN provides access to all functions. DEFAULT provides access to all functions except security services. To customize access, you can add and delete user levels.

  3. Select a domain from the drop-down list.

  4. Select a data source profile ID from the drop-down list. The data source profile allows you to enter data into a different database other than the default. You can also configure data source connections that enable Oracle Trace functionality.

  5. Select a VPD context from the drop-down list. A VPD context is a set of context variables with defined values, used in creating external predicates.

  6. Select a VPD Profile from the drop-down list. A VPD profile can limit user access to specific table sets and data fields in a domain. In most cases, you should select the default VPD profile because it provides access to all the data in the domain, including its domain grants.

  7. The VPD Domain can be either blank or the same as current Domain Name.

User Role Grants

Use this section of the page to assign one or more roles to an existing role. This allows one role to assume the data visibility/functionality security attributes of multiple roles. When you assign the "master role" to a user, that person can switch to any role associated with the master.

  1. Find a grantee user role ID.

  2. Click Save for each grantee user role ID you select.

User Grants

Use this section to assign one or more users to an existing role.

  1. Find a grantee user.

  2. Click Save for each grantee user you select.

  3. Click Finished to save the user role.

Change User Role

A user with multiple or master role assignments can change roles by clicking the icon next to the current Role field at the top of the main OTM screen.