Oracle Cloud Infrastructure Documentation

Set Access Control List for an Autonomous Database

An Access Control List (ACL) provides additional protection to your Autonomous Database by allowing only the client with specific IP addresses to connect to the database. You can add IP addresses individually, or in CIDR blocks. Enabling an ACL with an empty list of IP addresses makes the database inaccessible.

  1. Go to the Details page of the Autonomous Database to which you want to set access control.
  2. In the Autonomous Database Information tab, locate Access Control List under Network and click Edit.

    Editing an ACL is enabled only when the database state is Available.

    Note

    For Autonomous Data Guard enabled databases, the Access Control List for both the primary and standby databases can be edited only from the primary database. The Details page of a standby database allows you only to view the ACLs.
  3. The Edit Access Control List dialog appears with existing ACLs and their values.
    Optionally, edit an existing ACL by overwriting its values or remove it completely by clicking X next to it.
    Note

    If Access Control List is disabled for this Autonomous Database, you do not see any ACL to edit. Click Enable database level access control to enable ACL.
  4. Optionally, add an ACL by selecting or entering basic information:
    1. Click + Access Control Rule.
    2. Depending on the types of addresses in your list, select one of the following options from the IP notation type drop-down selector:
      • IP Address: Specify individual IP addresses. You can use commas to separate multiple IP addresses.
        Note

        An IP address specified in a network ACL entry should be the public IP address of the client that is visible on the public internet that you want to grant access. For example, for an Oracle Cloud Infrastructure VM, this is the IP address shown in the Public IP field on the Oracle Cloud Infrastructure console for that VM.
      • CIDR Block: Specify ranges of public IP addresses using CIDR notation. You can use commas to separate multiple values.
  5. For Autonomous Data Guard enabled databases, you see options to define access control for the standby database. Depending on your preference, select one of the following options for Standby database access control:
    • Choose Same as primary database to apply the ACL that you already defined for the primary database to the standby database as well. This is the default selection.
      Note

      By default, the ACL defined for the primary database applies to the standby database also.
    • Choose Define standby database access control to define a separate ACL for the standby database. By default, the standby database ACL is initialized with the same values as the primary database ACL. Add or modify the entries as needed.
  6. Click Save Changes.

If the Lifecycle State is Available when you click Save the Lifecycle State changes to Updating until the ACL is set. The database is still up and accessible, there is no downtime. When the update is complete the Lifecycle State returns to Available and the network ACLs from the access control list are in effect.