Oracle Cloud Infrastructure Documentation
Try Free Tier

Policies for SQL Endpoints

You must have these policies in place to use Data Flow with SQL Endpoints.

User Permissions

Allow the Data Flow SQLEndpoint administration user to manage dataflow-sqlendpoint in Data Flow:
ALLOW GROUP dataflow-admins to MANAGE dataflow-sqlendpoint IN tenancy
Allow the Data Flow SQLEndpoint user to read dataflow-sqlendpoint in Data Flow:
ALLOW GROUP dataflow-sql-users to READ dataflow-sqlendpoint IN tenancy
Allow the Data Flow SQLEndpoint user to use dataflow-sqlendpoint in Data Flow:
ALLOW GROUP dataflow-sql-users to USE dataflow-sqlendpoint IN tenancy

Metastore Access

Create a new compartment to add into, and manage your SQL Endpoint resources using Identity.

Create a dynamic group and add the following rules:
ALL {resource.compartment.id = 'YOUR_COMPARTMENT_ID'}
Create a policy to give the Dynamic Group access to the Metastore for creating SQL Endpoints in Data Flow:
Allow dynamic-group <dynamic_group_name> to {CATALOG_METASTORE_EXECUTE, CATALOG_METASTORE_INSPECT, CATALOG_METASTORE_READ}
 in tenancy WHERE ALL {request.principal.type='dataflowsqlendpoint'}

Read from Object Storage

Create a policy to manage objects where the table data is present. Coarse-Grained rules for all the request.principal.type='dataflowsqlendpoint':
ALLOW DYNAMIC-GROUP YOUR_DYNAMIC_GROUP TO MANAGE objects IN TENANCY WHERE ALL {request.principal.type='dataflowsqlendpoint'}
ALLOW DYNAMIC-GROUP YOUR_DYNAMIC_GROUP TO MANAGE buckets IN TENANCY WHERE ALL {request.principal.type='dataflowsqlendpoint'}

Was this article helpful?