Add IAM Users on Autonomous Database
To add IAM users to allow access to Autonomous Database, map database global users to IAM groups or users with
CREATE USER
or ALTER USER
statements (with
IDENTIFIED GLOBALLY AS
clause).
The authorization of IAM users to an Autonomous Database instance works by mapping IAM global users (schemas) to IAM users (exclusive mapping) or IAM groups (shared schema mapping).
To authorize IAM users on an Autonomous Database instance:
Database users that are not
IDENTIFIED GLOBALLY
can continue to
login as before, even when the Autonomous Database is enabled for IAM authentication.
To exclusively map a local IAM user to an Oracle Database Global User:
-
Log in as the ADMIN user to the database that is enabled to use IAM (the ADMIN user has the required
CREATE USER
andALTER USER
system privileges that you need for these steps). -
Create a mapping between the Autonomous Database user (schema) with
CREATE USER
orALTER USER
statements and include theIDENTIFIED GLOBALLY AS
clause, specifying the IAM local IAM user name.For example, to create a new database global user named
peter_fitch
and map this user to an existing local IAM user namedpeterfitch
:CREATE USER peter_fitch IDENTIFIED GLOBALLY AS 'IAM_PRINCIPAL_NAME=peterfitch'
The following example shows how to create the user by specifying a non-default domain,
sales_domain
:CREATE USER peter_fitch2 IDENTIFIED GLOBALLY AS 'IAM_PRINCIPAL_NAME=sales_domain/peterfitch';