24-4 Oracle Fusion Middleware Administrators Guide for Oracle SOA Suite and Oracle BPM Suite When the user logs on to the Oracle BAM start page, there is a button for each of the Oracle BAM applications. Whether these buttons are enabled or not is based on the users Oracle BAM application role membership. 4. Populate Users In Oracle BAM Applications Users are not visible from Oracle BAM Administrator until they have logged into Oracle BAM for the first time. Oracle BAM also provides a utility that you can run to populate the users in Oracle BAM Administrator. See Section 24.3.6, Populating Users in Oracle BAM Administrator for more information. 5. Set Up Data Access Permissions on Oracle BAM Specific data access permissions can be granted to users and groups using Oracle BAM Architect and Oracle BAM Active Studio. Users and groups can be granted read, update, and delete operation permissions on specific data objects and folders. See Creating Permissions on Data Objects and Using Data Object Folders in Oracle Fusion Middleware Developers Guide for Oracle SOA Suite for more information. Data access permissions can also be granted to users and groups at the row level for data objects. See Creating Security Filters in Oracle Fusion Middleware Developers Guide for Oracle SOA Suite for information about row-level data security. Individual report authors can control which Oracle BAM users have access to reports. See Setting Folder Permissions in Oracle Fusion Middleware Users Guide for Oracle Business Activity Monitoring for more information. 6. Manage Oracle BAM Object Ownership When Oracle BAM users are removed from the security provider, the user accounts still appear in Oracle BAM Administrator because they may own Oracle BAM objects that must be transferred to other users before the user is completely removed from Oracle BAM. Object ownership is managed using Oracle BAM Administrator see Section 24.3.7, Managing Oracle BAM Object Ownership . 7. Remove Users From Oracle BAM The administrator must also remove users from Oracle BAM Administrator after they are deactivated in the security provider see Section 24.3.8, Removing Invalid Users from Oracle BAM Administrator . OracleSystemUser OracleSystemUser is the default owner of all Oracle BAM objects. It is required by Oracle BAM Server and must not be deleted.

24.3.1 Defining Users and Groups

Users are defined in the configured security providers identity store for example, Oracle WebLogic Server embedded LDAP server. Groups, also referred to as enterprise-level roles, are also defined in this identity store. Groups are referred to as enterprise-level roles to distinguish them from application-level roles. Note: Changes to a users group and role membership could take as long as 5 minutes to propagate throughout the system.