Automatically Grant Permissions to User Groups

You can automatically generate and add policies to grant permissions to user groups in Database Management.

Using the guided policy setup on the Database Management Overview page, you can automatically perform the following tasks:

  1. Generate the user policies to grant the permissions required to enable and use Database Management for MySQL HeatWave.
  2. Add the generated user policies to a collection of policies called DBMgmt_User_Policy in the Oracle Cloud Infrastructure Identity and Access Management (IAM) service.

The guided policy setup simplifies the process of providing access to Database Management features to user groups and reduces the number of policy-related errors.

Before you access the Overview page to automatically generate and add user policies, you must:

  • Belong to your tenancy's Administrators group.
  • Ensure that a user group is created and users are added to the group. For information, see Managing Groups.

To automatically generate and add user policies:

  1. Sign in to the Oracle Cloud Infrastructure console.
  2. Open the navigation menu, click Observability & Management. Under Database Management, click Overview.
  3. On the Get started tile, click Add policies.
  4. In the Add policies panel, specify the following details:
    1. Policy compartment: Select the compartment in which the automatically generated Database Management policies will be added.

      If automatically generated policies were previously added to the selected compartment, then Current policies is displayed. Click the link adjacent to Current policies to view the Database Management policies that are already added to DBMgmt_User_Policy in the IAM service.

    2. User group: Select the user groups to which you want to grant permissions.
    3. Access: Select the type of access you want to provide to the user groups:
      • Read: Grants read-only access.
      • Manage: Grants the permission to perform the entire set of tasks in Database Management.
    4. Database type: Select MySQL databases to generate the list of policies required to enable and use Database Management for MySQL HeatWave.
    5. Database compartment: Select the compartments in which the resource-types reside. The resource-types include MySQL HeatWave, Database Management and other service resource-types, to which permissions must be defined in the policies.
      Note

      The Database compartment drop-down list only includes the child compartments of the Policy compartment selected in a previous step.
    6. Click Generate.
    7. Review the list of recommended policies to use Database Management for MySQL HeatWave and click Add policies.

      The IAM service creates the policies and adds them to the DBMgmt_User_Policy collection of policies.

      Note

      If the limit for policies in the tenancy is reached, an error may be displayed when you attempt to add policies. You can then increase the limit, or create a new policy in the IAM service and manually add the recommended policy statements, or edit the existing policy statements in DBMgmt_User_Policy to manually add new user groups or compartments. For information on how to create, edit, or delete a policy in the IAM service, see Managing Policies.
    8. Click Close to close the Add policies panel.

Based on the permissions granted, the user groups can perform the associated Database Management tasks. For more information on the permissions required to enable and use Database Management for MySQL HeatWave, see: