Oracle Cloud Infrastructure Documentation
Try Free Tier

Audit Delegate Access Control Lifecycle Events

Learn how to audit Delegate Access Control lifecycle events and critical activities of operators (log in and log out) on Exadata Cloud@Customer and Oracle Exadata Database Service on Dedicated Infrastructure machine events.

For more information about auditing generally, see Overview of Audit.

Delegate Access Control Event Types

The Delegate Access Control resources emit events, which are structured messages that indicate changes in resources.

Delegation Control

  • Display Name: Delegation Control - Create

    Description: Create the Delegation Control resource in the specified compartment. The Delegation Control defines a policy on the customer's Exadata VM Cluster or Cloud VM Cluster resources, specifying the delegated resources and whether access requests for those resources require automatic approval or manual approval.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.CreateDelegationControl.begin
    • com.oraclecloud.delegateaccesscontrol.CreateDelegationControl.end

  • Display Name: Delegation Control - Update

    Description: Modify the configuration details of a specified Delegation Control.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.UpdateDelegationControl.begin
    • com.oraclecloud.delegateaccesscontrol.UpdateDelegationControl.end

  • Display Name: Delegation Control - Change Compartment

    Description: Move the specified Delegation Control resource to a different compartment.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.ChangeDelegationControlCompartment.begin
    • com.oraclecloud.delegateaccesscontrol.ChangeDelegationControlCompartment.end

  • Display Name: Delegation Control - Delete

    Description: Delete the specified Delegation Control resource.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.DeleteDelegationControl.begin
    • com.oraclecloud.delegateaccesscontrol.DeleteDelegationControl.end

Delegation Subscription

  • Display Name: Delegation Subscription - Create

    Description: Handshake or agreement between the customer and service providers, which defines the specified services to be provided to the customer. Operators from the service provider tenancy can request access to the resources delegated by the customer

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.CreateDelegationSubscription.begin
    • com.oraclecloud.delegateaccesscontrol.CreateDelegationSubscription.end

  • Display Name: Delegation Subscription - Update

    Description: Modify the details of a specified delegation subscription.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.UpdateDelegationSubscription.begin
    • com.oraclecloud.delegateaccesscontrol.UpdateDelegationSubscription.end

  • Display Name: Delegation Subscription - Delete

    Description: Delete the specified delegation subscription.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.DeleteDelegationSubscription.begin
    • com.oraclecloud.delegateaccesscontrol.DeleteDelegationSubscription.end

Delegated Resource Access Request Operations

  • Display Name: Delegated Resource Access Request - Create

    Description: Create a delegated resource access request on the customer's delegated Exadata VM Cluster or Cloud VM Cluster resources within a specified time frame.

    Event Type: com.oraclecloud.delegateaccesscontrol.CreateOpDelegatedResourceAccessRequest

  • Display Name: Delegated Resource Access Request - Auto Approve

    Description: Auto-approve delegated resource access requests when the customer's Exadata VM Cluster or Cloud VM Cluster resource is assigned to a pre-approved Delegation Control.

    Event Type: com.oraclecloud.delegateaccesscontrol.AutoApproveDelegatedResourceAccessRequest

  • Display Name: Delegated Resource Access Request - Approve

    Description: Approve the delegated resource access request made by an operator from the service provider tenancy to access the customer's Exadata VM Cluster or Cloud VM Cluster resource for a specific time duration.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.ApproveDelegatedResourceAccessRequest.begin
    • com.oraclecloud.delegateaccesscontrol.ApproveDelegatedResourceAccessRequest.end

  • Display Name: Delegated Resource Access Request - Service Provider Operator Login/Logout

    Description: For the customers to know the service provider operator’s log in and log out time details on their Exadata VM Cluster or Cloud VM Cluster resource.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.ServiceProviderOperatorLogin
    • com.oraclecloud.delegateaccesscontrol.ServiceProviderOperatorLogout

  • Display Name: Delegated Resource Access Request - Reject

    Description: Reject the delegated resource access request made by the operator from the service provider tenancy to access the customer's resource for a specific time duration.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.RejectDelegatedResourceAccessRequest.begin
    • com.oraclecloud.delegateaccesscontrol.RejectDelegatedResourceAccessRequest.end

  • Display Name: Delegated Resource Access Request - Revoke

    Description: Revoke the delegated resource access request initiated by the operator from the service provider tenancy, and remove all current access granted to the operator.

    Event Type:
    • com.oraclecloud.delegateaccesscontrol.RevokeDelegatedResourceAccessRequest.begin
    • com.oraclecloud.delegateaccesscontrol.RevokeDelegatedResourceAccessRequest.end

  • Display Name: Delegated Resource Access Request - Extend

    Description: Extend the delegated resource access request for the customer's delegated Exadata VM Cluster or Cloud VM Cluster for a specific duration.

    Event Type: com.oraclecloud.delegateaccesscontrol.ExtendDelegatedResourceAccessRequest

  • Display Name: Delegated Resource Access Request - Renew Delegated Resource Access Request Bastion Session

    Description: Renew the Bastion session for the active delegated resource access request created on the customer's Exadata VM Cluster or Cloud VM Cluster.

    Event Type: com.oraclecloud.delegateaccesscontrol.RenewDelegatedResourceAccessRequestBastionSession

  • Display Name: Delegated Resource Access Request - Close

    Description: Close the delegated resource access request on the customer's Exadata VM Cluster or Cloud VM Cluster resource, requested by the operator, before its actual expiration time.

    Event Type: com.oraclecloud.delegateaccesscontrol.CloseDelegatedResourceAccessRequest

  • Display Name: Delegated Resource Access Request - Add Operator

    Description: Add a user to the existing delegated resource access request.

    Event Type: com.oraclecloud.delegateaccesscontrol.AddDelegatedResourceAccessRequestOperator

  • Display Name: Delegated Resource Access Request - Execute Delegated Resource Access Request Command

    Description: Execute the command on the customer's Exadata VM Cluster or Cloud VM Cluster resource through the active delegated resource access request.

    Event Type: com.oraclecloud.delegateaccesscontrol.ExecuteDelegatedResourceAccessRequestCommand

  • Display Name: Delegated Resource Access Request - Add Interaction

    Description: Add an interaction by the customer to discuss in detail the access required on the delegated resource.

    Event Type: com.oraclecloud.delegateaccesscontrol.ServiceProviderInteractionRequest

  • Display Name: Delegated Resource Access Request - Service Provider Interaction Response

    Description: Response from the service provider operator regarding the customer's query on the access request for the delegated resource.

    Event Type: com.oraclecloud.delegateaccesscontrol.ServiceProviderOperatorInteractionResponse

  • Display Name: Delegated Resource Access Request - Resource Principal Session Token

    Description: Get the delegated resource access request resource principal session token.

    Event Type: com.oraclecloud.delegateaccesscontrol.GetDelegatedResourceAccessRequestRpst

  • Display Name: Delegated Resource Access Request - Expired Delegated Resource Access Request

    Description: When the time-bound delegated resource access request on the customer's Exadata VM Cluster or Cloud VM Cluster resource expires or completes its duration.

    Event Type: com.oraclecloud.delegateaccesscontrol.ExpiredDelegatedResourceAccessRequest

Customer Alert

Display Name: Delegate Access Control - Customer Alert

Description: This is a general alert for customers, triggered by policy issues, service failures, or any urgent notifications

Event Type: com.oraclecloud.delegateaccesscontrol.CustomerAlert

Review Audit Log Events

Audit provides records of API operations performed against supported services as a list of log events.

For more information on searching logs, see Using the Console.

Also, refer to:

Was this article helpful?