If you have created the appropriate Active Directory groups and role definitions that you want to assign, you can now assign the roles to set of users as required.
To add role assignments to users in Active Directory groups:
- Expand the computer role you just created, for example, expand OracleServers.
- Select Role Assignments, right-click, then click Assign Role.
- Select the role definition from the list of roles, then click OK.
For example, select the
Oracle_DBAsrole definition. By default, the role is set to start immediately and never expire. You can set a Start time, End time, or both start and end times for the role assignment. For example, if the role applies to a contractor who will be hired for a specific amount of time and you want to automatically disable the role after they finish the job and leave the organization, you can specify the start and end times when you assign the role.
- Select whether the role assignment applies to all Active Directory accounts, all local accounts, or specific Active Directory and local accounts, then click OK to complete the role assignment.
For example, to assign the
Oracle_DBAsrole to the Active Directory
OracleServers_Role_DBAssecurity group, click Add AD Account. You can then select Group to search for the group, select it from the results, then click OK.
Repeat Step 1 through Step 4 for each group that you want to add to this computer role. For example, repeat the steps to assign the
Oracle_AppUsersrole to the
OracleServers_Role_AppUserssecurity group and the
Oracle_Backuprole to the
Select the Role Assignments node to see all of the role assignments you have defined for groups associated with the computer role.
Select the Members node to see the computers or groups of computers to which the role assignments apply.