Professional Documents
Culture Documents
Oracle
Learning
Cloud Access
Control
MAY 15, 2020
TABLE OF CONTENTS
Recommended Steps to Transition from Local Access Groups to Global Access Groups .........21
Advanced Method: Handling Learning Items Based on Learning Item vs Current User Flex Field
Value. .........................................................................................................................................45
There are two ways you can set up Access Control to achieve this:
Use Access Groups - This functionality is specific to Oracle Learning Cloud and enables you to control access to leaning
items.
Use Oracle HCM Cloud data security functionality – You can use data security policies to control access to learning items.
ACCESS GROUPS
Access groups define a set of rules at a learning item level. These rules determine:
Whether an item is visible to learners, and the pre-assignment behavior in learner self-service;
How much information displays to learners
How they can engage with the learning item.
When you create an access group, you are essentially creating an “access list” of all learners who can view a learning item based on a
set of rules. “Access records” represent the individual learners who can view a learning item within the access list.
Named – You can create a logical group of learners, based on selection criteria. These groups are evaluated on an
ongoing basis (at intervals that were determined during your implementation), and can account for organizational changes
and employee movement within the workforce structure. For example, you can define a named access group based on an
organization chart group. The access group rules are applied to new people moving into the group, and removed from the
people no longer in the group. (See Understanding Access Control Data Processing below for more details.)
Ad hoc - You can create access records outside of access groups. These are called “ad hoc access records”. Ad hoc
access groups are defined once, and remain based on the same set of learners as at the time of the group's creation. You
can only manage these groups manually.
Global Access Group - an access group that can be created once and then used across multiple learning items, utilizing
the same learner criteria (analysis object, org group, dynamic learner criteria, or other learning items) and access details.
Local Access Group – a unique set of learners and access details that are specific to a learning item.
Access Groups apply only until a learner is assigned a learning. Access Group has no impact after a learning is assigned to a
learner.
Access Groups are created and managed similar to learning records. They are stored as access records in the database, as a
relationship between the learner and the learning objects they can access.
Access Groups can be created once and reused on various learning items. Or, they can be created once for a learning item.
These settings are required to create and update access group records:
o OTBI security of “Run As” user if OTBI analysis is used to select learners
o Fusion Data Security (Choose Learner DSP) policy applied to the “Run As” user
These conditions then apply to the learner selection criteria used for creating access groups, which can be from OTBI analysis,
Person Org Hierarchy, Person Criteria and Assignment Criteria.
The access groups can be reconciled periodically (e.g. daily) to account for learners who fall in or out of the destinations they are
part of.
There could be more than one access group set on a learning. The access is resolved where the access group with higher priority
supersedes the lower priority access group rule. The priority of access groups can be managed anytime.
Read on for a detailed explanation of how to create and manage aspects of access groups and how they affect the access to learning
items.
There is a dynamic process called Generate a List of People from Analysis Report that is kicked off on access group save. This
process performs the following steps:
o Determines the user that has been identified in the “Run As” field on the Global Access Group.
o Review this user and the OTBI data access that they have if using an analysis object.
o Review this user and the Choose Learner Access Data: Person Details Resource associated with this learner.
Take the Intersection of the Data Access that this user has to determine the Target Person List
STEP 2: RECONCILE THIS PERSON LIST WITH THE CURRENT LIST OF PEOPLE IN THE ACCESS LIST
The reconciliation will be done as the Run As User. The Target person list will be placed in a person list table and
compared/reconciled against the current access list on the learning item.
Persons that are new in the person list will be added to the access list.
Persons that have are no longer present in the person list will be removed from the access list.
Note: The Generate a List of People from Analysis Report is run dynamically on create/edit and this job cannot be
scheduled by the Administrator.
People can fall in or out the destinations that are associated to the access group. For example, a new hire can come into an
Organization destination or a Person could fall off an analysis object. Therefore, there needs to be processes that are scheduled to
evaluate changes that are occurring within the organization and have impact on the access lists.
The first job process is scheduled to run for this evaluation and reconciliation process is the Evaluate Person IDs for Assignment
Rule. This job will:
Determine the Person List – Determining the person list is dependent on the type of Destination that is used:
o Analysis Object, Organization and Person: Extract the persons that are in the destinations based on the User
that created the job.
o Note: it is critical to ensure that the user that is creating the job has elevated data security privileges (viewing
largest data set) so that there are not any issues with the data being limited during the evaluate process. It is in
the customer’s best interest to use a user that has access to all data, so data security issues do not arise and so
that this job performs very quickly because there is less data filtering needed.
o Learning Assignment Criteria and Person Criteria: Review the user that created the criteria and apply this
Users Choose Learner Access Data: Person Details Resource.
Note: In a future release, we will be changing the way we handle Learning Assignment Criteria and Person Criteria in the reconciliation
list of a person’s job. We will use the Run As user like we have done for the analysis object and the organization and person.
John Doe, our Learning Administrator would like to create a global access group and use an analysis object to create the access list.
John Doe has different data security setup across OTBI and Fusion.
Analysis Object Created by Administrator that Shows all data in Business Units (BU A -> BU G)
John Doe, has OTBI access but only has data access to BU A, and BU B
John Doe in Fusion has data access to BU A, BU B and BU C
Let’s walk through the steps above to see what happens when John Doe creates an Access Group and then what happens if changes
are made to the global access group or to the destinations associated to the access group at a later point in time.
John Doe Creates an Access Group and Selects his User as the Run As User
Determine what user should be used, this is the User that has been identified in the “Run As” field. Take this Run As User and
determine what type of data access they have across OTBI and Fusion and then choose the most restrictive data set. In this case, the
Global Access Group will have an access list that contains people from Business Unit A and Business Unit B, which is the most
restrictive data set.
Review this user and the OTBI data access that they have if using an Analysis object.
John Doe has access to Business Unit A and Business Unit B in OTBI
Review this user and the Choose Learner Access Data: Person Details Resource associated with this Learner in Fusion security.
John Doe has access to Business Unit A, Business Unit B, and Business Unit C in Fusion
The final access list for the global access list will include persons from Business Unit A, and Business Unit B.
John adds a new Analysis object to the Global Access Group. This analysis object has only the person Jane Doe in it, for simplicity
sake, and John has access to Jane’s person record in both OTBI and Fusion. Let’s also say at this time Ron Black leaves the company
so is no longer in Business Unit B.
Analysis Object Created by Administrator that Shows all data in Business Units (BU A -> BU G)
John Doe, has OTBI access but only has data access to BU A, and BU B and Jane Doe
John Doe in Fusion has data access to BU A, BU B and BU C and Jane Doe
Because a change has been done to the Global Access Group the Generate a List of People from Analysis Report will run on edit
and determining the person list and the reconciling this list to update the access list will need to be done.
Determine what User should be Used, this is the User that has been identified in the “Run As” field. Take this Run As User and
determine what type of data access they have across OTBI and Fusion and then choose the most restrictive data set. In this case the
Global Access Group will have an access list that contains people from Business Unit A and Business Unit B and Jane, which is the
most restrictive data set.
Review this User and the OTBI data access that they have if using an Analysis object.
John Doe has access to Business Unit A and Business Unit B in OTBI and Jane Doe
Review this User and the Choose Learner Access Data: Person Details Resource associated with this Learner in Fusion security.
John Doe has access to Business Unit A, Business Unit B, and Business Unit C and Jane Doe in Fusion
Reconcile the New list of Persons with the current list of people in the final data access temp table. Jane is a new person that is
identified in a new analysis object destination and Ron Black was in Business Unit B but has left the organization. The reconciliation
job will compare persons in the final data access temp table with persons that are currently in the global access group and reconcile the
two.
Add persons to the access list if they do not exist, Jane is in the final data access temp table but she is not in the current
global access list. Jane will be added to the Global Access List.
Remove persons from the access group if they do not exist. Ron is no longer in Business Unit B, so he is no longer in the final
data access temp table but he is in the current Global Access List. Ron will be removed from the Global Access List.
Ongoing Person Evaluation and Reconciliation – 1 week later BU A is no longer in the Analysis object and Business Unit B
has Person Z added and Jane removed.
The first job that is scheduled to run for this evaluation and reconciliation process is the Evaluate Person IDs for Assignment Rule.
Determine what User should be Used, this will be a User that has created the job, since this is an Analysis object, so let’s say they have
access to All Persons. Determine what type of data access this person has across OTBI and Fusion. In this case the Data Access set
will have BU A, BU B Jane and Person Z.
Review the user that should be used in Reconciliation. The user that should be used is the individual that is in the Run As field who is
John Doe. We will then use John Doe’s Choose Learner Access Data: Person Details Resource data privilege to determine what data
to reconcile. John Doe in Fusion has data access to BU A, BU B and BU C, and Jane Doe. Therefore, in the reconciliation process it
will ignore reconciling Person Z, even though this person exists in the initial data access.
Click Setup.
Self-Service Details View Mode: Defines if the learning item is discoverable in self-service, and if so, the level of detail
displayed on the learning item’s details page to learners.
o No Access: The learning item is not discoverable and not included in search results.
o Details View: The learning item is discoverable, and on the item self-service details page learners see all the
available information. This setting is not supported for offerings.
o Summary View: The learning item is discoverable, and on the item self-service details page, most of the details
are hidden to the user.
Created by Learner: Defines if learners must obtain an approval or not when registering into a learning item.
o Active: No approval needed and learners can register themselves directly.
o Requested: Approval will be triggered when learner request to register.
A voluntary or required learning assignment on the item always provides full access to it and bypasses the access rules that are
defined. Additionally, when creating an offering, its default access rules are obtained from its parent course, not the system level rules.
Named access groups are accessible from the Access Groups sub tab, and represent a logical grouping or people with a specific set of
rules. You can select people in a variety of ways, similar to learning initiatives. The group or set of people defined in an access group
are evaluated on a continuous basis for changes. This is why named access groups are used to capture those group definition
changes, apply rules to new people, and remove rules for people no longer in that definition. Ad hoc access groups are created from
the access tab. While a logical group of people can be defined when creating an ad hoc access group, once created, they can only be
managed individually. Furthermore, ad hoc access groups only evaluate the learner selection at creation time and not continuously
afterwards; therefore, group criteria changes are not applied.
Rules per the highest priority named access group that includes the learner
If not included in any named access groups, then rules per the ad hoc access for that learner
If no ad hoc access for this learner, then rules per the item’s default access rules
For example, let’s say there’s a sales group as priority 1 and a US employees group as priority 2. A person in both groups will have the
rules of the sales group applied, as that is the first priority, whereas a person only in the US employees group would get the rules of that
group applied. Rule evaluation priority also extends to ad hoc groups that have the lowest of the priorities and apply only if the person is
not included in any named access group.
The key value proposition points for the global access group feature are:
Streamline the creation of access control in Oracle Learning Cloud. You no longer need to create the same access group
with the same destination across multiple learning items. This will be very efficient for administrators because they can
create one global access group, and then associate it to multiple learning items.
Reduce data growth in certain tables within Oracle Learning Cloud.
Increase performance for features that utilize access control by minimizing the number of records that must be evaluated
for access.
Increase performance in the jobs that reconcile access in Oracle Learning Cloud. Currently, jobs are scheduled to be run
on a schedule to determine if there are new people that need to be added to access or removed from access. If there is
one global access group vs. multiple local access groups per learning item, there are fewer records to review during the
reconciliation process.
Improve the usability of the Follow feature so it is clear how to associate access on an object based on a parent object’s
access.
You can use the search capability at the top of the page to find existing global access groups. You can use the common search
capabilities by clicking Advanced for more search fields. You can also add more columns to the Search Results table by clicking View.
If you edit viewers for learners, organization chart groups, select learning assignments, worker criteria, and learning assignment criteria
the changes will occur synchronously. All learning items associated with the global access group are updated. The Generate a List of
People from Analysis Report job is called to process this change.
If you edit viewers on an analysis, the changes occur asynchronously after the scheduled job Evaluate Person IDs for Assignment Rule
runs. All learning items associated with the global access group are updated. When you change an asynchronous item, a message
displays to alert you that the changes are processed.
If you edit any basic information or the access details of the access group, the changes will occur synchronously.
On the Catalog Resources page, click the Global Access Groups tab.
Enter the details for the access group. The fields are the same as those used with the local access groups feature. (The
difference between the global access group and the local access group creation process is that global access groups
does not maintain pricing data, and it does not support using a learning item as a destination.)
The table below shows an example of the difference in data volume when global access is used vs local access only. In
the example, the Learning Cloud had over 2900 local access groups defined for each learning item, and many of the
destinations were repetitive across these access groups. The administrators created learning items using a default access
of “no access” and then created an analysis object for 40,000 employees. They then created an access group on every
learning item with this 40,000-person analysis object to grant them access. This caused the data in the system to explode
due to all the records being created in the system. Groups Access Records Creation Reconciliation Impact
Global Access Group – 54 (53 Partner Groups and 1 Employee Group) Local Access Groups – 100 million rows
(75K Partners and 50K Employees) Local Access Groups - Reconciliation has to Process 100 million rows
View Global Access Groups - Allows administrators to view the Global Access tab, search and find Global Access
Groups, and view the Global Access Group details.
Manage Global Access Groups - Allows administrators to create and edit global access groups.
These are the recommended steps to enable Global Access Groups in the system with these aggregate privileges:
Add the View Global Access Group abstract role to the Administrators data role.
Add Manage Global Access Group abstract role to the Administrators data role.
Go to Workforce Structures, and update the description for the Administrator Data role to ensure that it reinitializes
successfully once it has been saved.
Log out as the User, and log back in as the Administrator, and validate that the Administrator can View and Manage the
global access group.
Reconcile Access Groups – This job only reconciles local and global access groups. Recommended run frequency is
daily.
Reconcile Dynamic Assignments – This job reconciles initiatives, community assignments, and other dynamic
assignments.
There are additional settings for access control of a course when it is a part of a specialization backing its activity or when it is added to
the catalog of any community. The course can use its own access settings or follow the access details defined for the specialization and
community. These settings can be seen on the Default Access pop-up accessed from Course -> Learners->Access/Access Groups-
>Manage Default Access under the Self-Service View Mode Override.
These two settings are available on a course and can be selected in under the Self-Service View Mode Override.
- When a Course Is Accessed from the Learning Community, Let the Learning Community Control Access and Visibility
For example, create a course with default access set to No Access and the Learning Community Access and Visibility is selected. In this case, learners
will not be able to search and browse the course from the learning catalog. However, for an open community, the course will be visible to all learners.
For a closed and secret community, the course will be visible for its members. Learners will also be able to browse and search for the course within the
community catalog.
- When a Course Is Accessed from Specialization, Let Specialization Control Access and Visibility
In this case the course will follow the rules assigned to the specialization if the course is an activity within the specialization.
For example, create a course with the default access set to No Access, and Let Specialization Control Access and Visibility is selected. The
specialization has default access as Detail View. In such a case, learners can search the specialization and complete the course backing the
specialization activity. The course will not be searchable directly in the catalog, however.
Specialization
Similarly, a specialization can be configured such that its access mode can be overridden by the community access settings when the
specialization is part of this community catalog. This setting is available on the Default Access pop-up accessed from Specialization ->
Learners->Access/Access Groups->Manage Default Access under the Self-Service View Mode Override.
The specialization will be available for browse and search within the community catalog.
The self-service view of the learning item page is affected by the View Mode defined for the learning item. The View Mode can have
three different values.
- Details View – shows detailed information about the learning item including DFFs, Prerequisites, Learning Outcomes, Price etc.
- Summary View – shows limited restricted information about the learning item.
- No Access – cannot be searched or browsed from self-service.
The self-service View Mode affects the information that is visible to learner of a learning item when accessed from self-service.
The View Mode becomes irrelevant when the learner has an Active assignment of the learning item, in which case learner will always
see Details View.
The visibility of a learning item is has different treatment in the Mobile Port and the Mobile First UIs of Learning Cloud. We will discuss
both here.
In the mobile port UI, the specific attributes are indicated for Details View and Summary View for Course, Offering and Specialization.
Title
Syllabus -
Short Description -
Expected Effort -
DFF - -
Prerequisites - -
Learning Outcomes - -
Offering List -
Learning Outcomes - -
Price - -
Title
Description - -
Instructors - -
Offering Type -
Offering DFF - -
Offering Dates - -
Language -
Expected Effort - -
Language - -
Remaining Seats - -
Title
Short Description -
Description -
Sections - -
DFF - -
Section Activities - -
Details View shows all the learning item detail page sections and attributes within.
Summary View shows a message “Content restricted to members.” Learners need to enroll before they can see the complete details.
Privacy
Open - Learning community appears in search results, and anyone can view the content in this learning community.
Closed - Learning community appears in search results, but only members can view the content in this learning community.
Secret - Learning community appears in search results only for members of the community.
Once a learner becomes member of a learning community, the visibility becomes irrelevant and the access becomes the same as an
open community in self-service.
Membership controls what privilege members have with the community. Membership can be Community Manager, Member and
Required Member.
Community Managers can edit a learning community definition and create assignments. They can also add other members with any
level of community membership.
Required Members have access to the community catalog. Any required assignments get assigned to them depending on the
assignment settings. They can contribute to the community catalog if it is enabled.
Members can access learning from a catalog. They can contribute to the community catalog if it is enabled under privacy settings.
In the case of self-service Video and Tutorial, the visibility is managed using the Privacy attribute which can be either open to everyone
or restricted via the Secret option to a selected list of people the user can add explicitly. In the current version it supports adding a
single user at a time. In such case, the learning item is visible in search results only for the specified list of users that acts as access
list. Note: Changes to Privacy or Access Lists do NOT affect Approvals.
Tutorial Privacy is defined as Open or Secret. In the case of Secret, the author of tutorial can select individual people who can view this
tutorial. Selecting privacy is required and this value defaults to Open.
Open: appears in search results and anyone can view the content in this community.
Closed: appears in search results but only members can view the content in this learning community.
Secret: appears in search results only for the members of the community
The creator of a Learning community has Community Manager access by default. A Learning Community Manager can optionally be
added as a member. Learning Community Managers can define user access at the individual user level or at the group access level.
The member list shows the complete list of members currently in the community, either added directly, or as a result of group access
definition. Note: Self Service Learning Communities do not have Required Members unlike the admin community.
However, you may not want an offering to follow the same access as the course. Maybe an offering on a course is only offered to C
level employees and the other offerings are available to everyone. In this case, the course would have an access group that allows
everyone and when the offering is created, they would create an access group for only the C level employees.
In Oracle Learning Cloud, this is generally used to restrict access to items from the Learning Specialist user interface (Catalog, Catalog
Resources, and assignments).
In general, data security policies articulate the security requirement of "Who can do what with which set of data." A data security policy
identifies the entitlement (the actions that can be made on logical business objects), the roles that can perform those actions, and the
conditions that define the access. Conditions are readable WHERE clauses. The WHERE clause is defined in the data as an instance
set, and this is then referenced on a grant that also records the table name and required entitlement. In the below setup example, let’s
look at an Admin and a Learner and how we would set up a custom condition for a group of Administrators and a group of Learners.
Create a group of administrators that is only able to see learning Items that have been created by someone within their hierarchy, and
learners that can only see learning items that have a certain language code.
Create database conditions. The condition defines the WHERE clause (what data can this action be done against).
Conditions can be created by a filter or a SQL predicate. In our example, we are going to create a condition with an SQL
predicate for the Administrator to analyze the Administrator’s hierarchy, and a condition with a simple filter for learners.
o Administrator: Create a Custom SQL predicate to indicate only learning items in their hierarchy can be
displayed.
Learner: Create a filter to indicate only learning items where the language code is equal to English (en-us).
Actions: Actions should not need to be defined. They should already be seeded.
Administrator: Associate the newly created administrator condition to the Data role that has been created by the
administrator. In the example below, we are going to put the custom condition on the Manage Catalog Learning Offerings
Privilege by editing the data security policy associated to the data role. The custom data security policy condition selected
will only allow administrators to manage offering learning items that have been created by individuals in their hierarchy.
Learner: Associate the newly created Learner condition to the Data role that has been created by the Administrator. In the
below example we are going to put the custom condition on the View Catalog Learning Items in Self Service Privilege by
editing the data security policy. The custom data security policy condition selected will only allow Learners to view
learning items that have a language code equal to English (en-us).
Modify the condition on the View Catalog Learning Items in Self Service Privilege
For this, you need to add a general data policy at the role level (in this case it is preferable to have created a new role based on the
existing seeded roles).
In Setup and Maintenance, search and select “Assign Security Profile to Role”
In the various parts, either select an existing security profile of your choice, or create new ones
Verify changes.
Return to the security console. View the role to see that in the Data Policies applied, it has now been filled up with different data policies
on different privileges.
You can customize this per privilege, and on each you can apply a different security policy if available. This means each privilege
identified in a role can hold its own predifined condition. (For example, Course view and creation could be Global, but Offering View and
Creation could be AOR-based).
If you want more details on how that policy works, you can go directly in the Administration panel of the security console and click
Manage Database Resources.
Click Edit.
Make sure the user has the right AOR and AOR criteria set up (here, by business unit).
Once it has successfully run, use the user to whom you added that custom role. In the offering search, notice that you cannot find any
other offering existing in the catalog:
However, users can create their own courses, and they will see all courses created by users who are part of the business unit covered
by the same AOR.
It works better when segregating the catalog by learning item criteria (like a catalog category) rather than by criteria related to the
current page user.
FROM WLF_LI_COURSES_F c
Next, perform the same changes as the ones described in the above chapter to apply this condition to the role. This newly created
condition can be applied as an exception to the following privileges depending on the desired effect.
Make sure to run the Retrieve Latest LDAP Changes scheduled process.
EXISTS
SELECT 1
WLF_ACCESS_PERMISSIONS_F prms,
WLF_ASSIGNMENT_RECORDS_F recs
UNION
SELECT 1
wlf_li_classes_f c,
wlf_instructor_resources r
UNION
SELECT 1
);
Then perform the same changes as the ones described in the above chapter to apply this condition to the role. This newly created
condition can be applied as an exception to the following privileges depending on the desired effect.
Make sure to run the Retrieve Latest LDAP Changes scheduled process.
When an administrator searches for a learning item, the system will filter out the learning item result entries which do NOT contain a
specific value in a flex field.
This flex field value needs to be the same as the value of another flex field from the current user person profile value. A similar method
could be used on the Learner’s role.
User D creates a learning item and adds ABCD in the flex field of the learning item.
User A will be able to find the learning item because both his profile flex field and the learning item flex field values are matching.
User B will not be able to find the learning item (unless the flex field value of this course changes to EFGH or his own profile flex
field changes to ABCD)
The SQL predicate demonstrated here needs to be implemented just like in the above example, by creating a custom condition that will
later on be applied to a specific privilege of a specific role:
EXISTS
SELECT 1
FROM FUSION.WLF_LEARNING_ITEMS_F T
AND T.LEARNING_ITEM_ID =
QRSLT.LEARNING_ITEM_ID
UNION
Make sure to run the Retrieve Latest LDAP Changes scheduled process.
Data security
Access records
Assignments
1. Data Security - Data security trumps all the other types of access. If through data security learners don’t have the authority to
view the learning item, they will not be able to view the learning item and the other access control types are not evaluated.
2. Assignment Records - Assignments trump access records. If a learner has access to an item via data security, and they have
a required or voluntary assignment, then the access record control type does not need to be evaluated.
a. Required or Voluntary Assignment – If a learner has a required or voluntary assignment then they can access the
learning item even though they are not granted access via an access record.
b. Recommended by an Administrator - If a learner has a recommended assignment then they can access the learning
item even though they are not granted access via an access record. Recommended assignments by the learner’s
manager or via Self-Service recommendations do not override access records.
3. Access Records: If learners don’t have access to the learning item because the learning item is set to no access by default
and they do not have a corresponding learning access record, then they will not have access.
Worldwide Headquarters
Worldwide Inquiries
CONNECT W ITH US
Call +1.800.ORACLE1 or visit oracle.com. Outside North America, find your local office at oracle.com/contact.
Copyright © 2020, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are
subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed
orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any
liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be
reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks
of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0520
White Paper Understanding Oracle Learning Cloud Access Control
May 2020
Author: Oracle Learn Cloud Product Management
Contributing Authors: