Configuring Enterprise Roles

An enterprise domain within an identity management realm can contain multiple enterprise roles. An enterprise role is a set of Oracle role-based authorizations across one or more databases in an enterprise domain.

Enterprise roles allow you to group global roles from different databases that are part of the enterprise domain. Enterprise roles can be assigned to enterprise users.

To create enterprise roles:

  1. Log in to Enterprise Manager Cloud Control, as an administrative user.

  2. To navigate to your database, select Databases from the Targets menu.

  3. Click the database name in the list that appears. The database page appears.

  4. Under the Administration menu, select Security, Enterprise User Security. The Oracle Internet Directory Login page appears.

  5. Enter the distinguished name (DN) of a directory user who can administer enterprise users in the User field. Enter the user password in the Password field. Click Login.

    The Enterprise User Security page appears.

  6. Click Manage Enterprise Domains.

    The Manage Enterprise Domains page appears. This page lists the enterprise domains in the identity management realm.

  7. Select the enterprise domain that you wish to configure. Click Configure.

    The Configure Domain page appears.

  8. Click the Enterprise Roles tab.

  9. Click Create to create a new enterprise role.

    The Create Enterprise Role page appears.

  10. Enter a name for the enterprise role in the Name field. Click Continue.

    The new role is displayed in the Configure Domain page.

Next, you can configure the enterprise role that you just created. Configuring an enterprise role includes adding database global roles to the enterprise role and assigning the enterprise role to enterprise users or groups.

To add database global roles to the enterprise role:

  1. Select the enterprise role that you just created in the Configure Domain page. Click Edit.

    The Edit Enterprise Role page is displayed.

  2. Make sure that the DB Global Roles tab is selected. Click Add to add global roles from databases that are part of the enterprise domain.

    The Search and Select Database Global Roles page appears.

  3. Select the Database that contains the global roles you wish to add. Log in to the selected database by supplying a User Name and Password. Click Go.

  4. Select the global roles to add. Click Select.

    The selected roles appear in the Edit Enterprise Role page.

  5. Repeat steps 2 to 4 for the other databases.

You can now assign the enterprise role to enterprise users or groups.

To assign the enterprise role to enterprise users or groups:

  1. Click the Grantees tab in the Edit Enterprise Role page.

  2. Click Add.

    The Select Users or Groups page is displayed.

  3. Select the Search Base or the subtree that contains the user or group. Select User under View if you are granting the enterprise role to a user. Select Group under View, if you are granting the role to a group. Optionally, enter the common name of the user or group in the Name field. Click Go.

  4. Select the users or groups to be granted the enterprise role. Click Select.

  5. Click Continue in the Edit Enterprise Role page.

  6. Click OK in the Configure Domain page.