Oracle Cloud Infrastructure Documentation

Manage Access Requests

Learn how to manage Delegated Resource Access Requests to your Oracle Exadata Database Service on Cloud@Customer and Oracle Exadata Database Service on Dedicated Infrastructure using Delegation Control.

  • State of an Access Request
    Review the list of states in which an Service Provider operator access request can be listed in a status check.
  • View the List of Access Requests
    When you receive a notice of an Delegated Resource Access Requests, you can view the list of all access requests by compartment, and accept or reject an access request.
  • Filter Access Requests by State
    To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the workflow state of the request.
  • Filter Access Requests by Resource Type
    To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the resource type of the request.
  • Approve Access Request
    When you approve an access request, you permit access, enable or disable keyboard logging, and provide comments for the action as needed.
  • Request Access for a Future Date and Time
    When the operator submits an Access Request, you can schedule a future date and time for accessing resources. The operator can request access for a future time instead of immediate access. Additionally, the customer can approve a later time than the one requested by the operator.
  • Gather More Information About an Access Request
    If you need clarification of the information in the Access Request for you to approve the Access Request, you can use Delegate Access Control to send questions to the Service Provider operators working on the Access Request.
  • Download Operator Activity Audit Log Report
    To download audit log reports in HTML format, which contains Operator Activity including the commands and keystrokes entered by the operators, use this procedure.
  • Reject Access Request
    To reject an Access Request that you have previously granted, use this procedure.
  • Revoke Access Request
    To revoke access to your tenancy after you have granted access, complete this procedure.
  • Approve Extension Request
    When you receive an extension request, you approve an extended duration for the system access.
  • Reject Extension Request
    If you receive an access extension request that you want to reject, then use this procedure.

State of an Access Request

Review the list of states in which an Service Provider operator access request can be listed in a status check.

State Description
RAISED Operator has submitted an access request, and the approver or the system has not taken any action on the request.
IN-PROCESS The system is processing the last action taken on the access request.
APPROVED Approver has approved the access request.
PRE-APPROVED The system has automatically approved the access request.
APPROVED FOR FUTURE Approver has approved the access request for a future time.
EXTENSION REQUESTED Operator requests an extension of the period of the access request to have sufficient additional time for one or more operators to complete the task.
EXTENSION REJECTED Approver has rejected the extension request for the access request.
EXTENSION APPROVED Approver has approved the extension request for the access request.
REJECTED Approver has rejected the access request.
REVOKED Approver has revoked the approval of a request. Any operator that may have been accessing the system has been disconnected from the system. No new actions can be taken on the request.
COMPLETED The maintenance work for which the system access was requested is completed.
EXPIRED Access request approval time period has expired. The operator cannot access the system without raising and obtaining approval for a new access request.
FAILED TO CLOSE The system could not close an open access request. The close could have been triggered by REVOKE / COMPLETE / EXPIRE. Contact Oracle support.
FAILED TO DEPLOY The system failed to create a temporary user on the resource. Contact Oracle support.

Parent topic: Manage Access Requests

View the List of Access Requests

When you receive a notice of an Delegated Resource Access Requests, you can view the list of all access requests by compartment, and accept or reject an access request.

You can Approve, Reject, Approve Extension, Reject Extension, and Revoke access requests.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.

Requests are listed by request ID. The Resource Name column displays the resource for which the request was raised. The Resource Type column displays the type of the resource ("Exadata VM cluster" and "Cloud VM cluster"). The State column lists the status of a request. The Requested column displays the date and time of the request.

The Severity column displays the severity level (Severity 1 - Complete loss of service for mission-critical operations where work cannot reasonably continue, Severity 2 - Significant or degraded loss of service or resources, Severity 3 - Minor loss of services or resources, Severity 4 - No work being impeded at the time - information is requested or reported) set by the operator. The Access Request Reason column displays the reason for the operator's request for system access. To view individual requests, you can click a request ID.

Parent topic: Manage Access Requests

Filter Access Requests by State

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the workflow state of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, select an Action Request state from the list
    You can perform actions based on the state of the Access Request.
    Access Request State Allowed Action
    Raised Approve or Reject.
    Approved for future Approve or Reject.
    Approved Revoke
    In-Process No actions.
    Pre-Approved Revoke
    Extension Requested Approve Extension, Reject Extension, or Revoke
    Extension Rejected No actions.
    Extension Approved No actions.
    Rejected No actions.
    Revoked No actions.
    Completed No actions.
    Expired No actions.
    Failed to Close No actions.
    Failed to Deploy No actions.

Parent topic: Manage Access Requests

Filter Access Requests by Resource Type

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the resource type of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, select a Resource Type from the list.

Parent topic: Manage Access Requests

Approve Access Request

When you approve an access request, you permit access, enable or disable keyboard logging, and provide comments for the action as needed.

Note

The user who approves, reject, revoke, or request more information about access request needs to be in the Administrators group or a user group which has DELEGATED_RESOURCE_ACCESS_REQUEST_UPDATE permission in the compartment based on IAM policy.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, select Raised from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to approve.
    You can also select the request and click Actions to Approve the access request.
    Note

    If you have not configured notifications, then a warning banner is displayed.

    1. Click Configure.

      Configure notifications dialog is displayed.

    2. In the Configure notifications dialog, enter valid email addresses, and then click Create.
  6. On the Request ID page, click Approve.
  7. On the Approve Access Request page, do the following:
    1. To enable keyboard logging, click the box next to that option.
    2. In the comments field, enter additional comments or instructions you want to provide to the operator.
    3. Enter an approval comment.
    4. Under Approval Time, select either Approve Now or Approve Later. If you choose to approve later, then select a timezone, UTC, or Browser Timezone, and then select date and time from the calendar control.
  8. Click Approve.

In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Parent topic: Manage Access Requests

Request Access for a Future Date and Time

When the operator submits an Access Request, you can schedule a future date and time for accessing resources. The operator can request access for a future time instead of immediate access. Additionally, the customer can approve a later time than the one requested by the operator.

The Access Request details page shows the scheduled date and time. Even if your request moves to the Approved state, you can access resources only at the scheduled date and time.

Parent topic: Manage Access Requests

Gather More Information About an Access Request

If you need clarification of the information in the Access Request for you to approve the Access Request, you can use Delegate Access Control to send questions to the Service Provider operators working on the Access Request.

Service Provider operators will answer your question through Delegate Access Control interfaces, and you can ask further clarifying questions to get the details you need. To ask for further clarification of details in the Access Request, use the following procedure:
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, for example, select Raised from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to get clarified.
  6. In the Request ID page, click the Service Provider Interaction tab.
  7. Post your message and click Send.

Parent topic: Manage Access Requests

Download Operator Activity Audit Log Report

To download audit log reports in HTML format, which contains Operator Activity including the commands and keystrokes entered by the operators, use this procedure.

Note

Audit reports are generated automatically or updated periodically.

Audit log reports contain information about the commands and keystrokes entered by operators per session in human-decipherable HTML format. You can download the audit log report for any access that an operator has utilized to access your Exadata infrastructure. The audit log report will be available only if the operator has utilized it to log in to the infrastructure. After the audit log report is generated, it will be available for one year for the customers to download.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. From the list of access requests, identify the Access Request for which you want the audit log report, then click it.
  5. On the access request details page, click Download Audit Report.

Parent topic: Manage Access Requests

Reject Access Request

To reject an Access Request that you have previously granted, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, select Raised from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to reject.
    You can also click Action next to the request, and reject the access request.
  6. On the Request ID page, click Reject.
  7. On the Reject Access Request dialog, enter a reason for rejecting the request.
  8. Click Reject.

Parent topic: Manage Access Requests

Revoke Access Request

To revoke access to your tenancy after you have granted access, complete this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, select Pre-Approved from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to revoke.
    You can also click Action to revoke the access request.
  6. On the Request ID page, click Revoke.
  7. On the Revoke Access Request dialog, enter the explanation for revoking access in the comment field.
  8. Click Revoke.

Parent topic: Manage Access Requests

Approve Extension Request

When you receive an extension request, you approve an extended duration for the system access.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, select Extension Requested from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to extend the duration.
    You can also click the action button to Approve Extension.
  6. On the Request ID page, click Approve Extension.
  7. On the Approve Extension Request page, do the following:
    1. Enter additional comments you want to provide to the operator.
    2. Enter an approval comment.
  8. Click Approve Extension.

In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Parent topic: Manage Access Requests

Reject Extension Request

If you receive an access extension request that you want to reject, then use this procedure.

Access Request expires when an already approved duration elapses. If the Service Provider operator requests an extension to the duration you approved for access to your infrastructure, and this request is not acceptable, based on your service commitments, or for any other reason, then you can reject that access request.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. Under Filters, select Extension Requested from the list.
  5. From the list of Access Requests, click the name of the request for which you want to reject the extension.
    You can also click Action and select Reject Extension.
  6. In the Request ID page, click Reject Extension.
  7. In the Reject Extension Request page, in the comment field, enter your reason for rejecting the extension request.
  8. Click Reject Extension.

Parent topic: Manage Access Requests