Oracle Cloud User Security Providing for Separation of Duties and Appropriate Access by Job Function

  • Michelle Malcher

Your browser needs to be JavaScript capable to view this video

Try reloading this page, or reviewing your browser settings

You're watching a preview of subscription content. Log in to check access

Enhance the security of your Oracle cloud environment by providing users appropriate access for their respective job functions, and by providing for separation of duties such that no single user has enough access by which to exceed their level of authority. See how to think through and plan for the access requirements of technical experts such as cloud administrators and database administrators through to business-level users such as those accessing cloud applications and databases. Make use of your own enterprise identity management system, or use Oracle Identity Cloud Service.

What You Will Learn

  • Design a role-based plan for managing users in the Oracle Cloud

  • Create users in the Oracle Cloud for services and databases

  • Manage roles and groups

  • Manage single-sign-on in Oracle Identity Cloud Service

  • Create customized groups through Oracle Identity Cloud Service

  • Test to ensure users can connect to the cloud service and database server

  • Verify user groups by showing that the right roles have been assigned

Who This Video Is For

Database administrators who are just starting to use Oracle’s cloud services, or who are getting ready to migrate to the Oracle cloud. For security administrators who want to learn best practices related to separation of duties and for centrally managing cloud users.

The video begins by showing how to create a plan based on enterprise roles for managing the database environment in the cloud. This plan includes a component on separation of duties. The video goes on to show how to create groups from the plan, and how to create users and assign users to groups. There are default groups and custom groups, so the video will cover creating and managing custom groups as well as the default ones. Connections to cloud services and databases are tested as a final step to verify the users and groups that have been created.

About The Author

Michelle Malcher

Michelle Malcher is a security architect for databases at Extreme-Scale Solutions. Her deep technical expertise, from database to security, as well as her senior level contributions as a speaker, author, Oracle ACE Director and customer advisory board participant have aided many corporations in the areas of architecture and risk assessment, purchasing and installation, and ongoing systems oversight. She is on the board of directors for FUEL, Palo Alto Networks User community, as well as volunteering for the Independent Oracle User Group (IOUG). She has built out teams for database security and data services, and enjoys sharing knowledge about data intelligence and providing secure and standardized database environments.


About this video

Michelle Malcher
Online ISBN
Total duration
1 hr 2 min
Copyright information
© Michelle Malcher 2019

Related content

Video Transcript


Welcome to the Oracle Cloud User Security Video Series. This series is designed to enhance the security of your Oracle Cloud environment by providing users appropriate access for the respective job functions. This includes separation of duties such that no single user has enough access by which to exceed their level of authority.

I am Michelle Malcher. And I have been working as a database and security professional for over the past 20 years. I am also an Oracle ACE Director for database security and have earned my CISM Certificate.

In this video series, we’ll start with a walkthrough of the Oracle Cloud User Management with the Dashboard. Next we’ll briefly plan our enterprise roles and separation of duties for security policies. This will allow us to know what we want to create for users and groups.

After that, we can create the groups for Cloud Service access and then the users for– in the Oracle Cloud. Since we are looking at enterprise users, there are users that should be imported from an on-premise environment into the Cloud for the Federation model. Users can be managed to gain access to cloud resources, which will be the demonstration of creating the database users in the cloud– after that, managing the roles and groups to be granted to these users.

Next in the series, we’ll look at single sign on, which is available through the Identity Cloud Service. Users and roles can be created and managed through the Identity Cloud Service, which will be the next. Demonstration and finally, we will walk through how to connect as users and test the cloud service to test and validate user access and roles. I hope you find these videos valuable in managing your users in the cloud.