Oracle Cloud Infrastructure Documentation
Try Free Tier

Manage Delegation Controls

Learn how to control access to Exadata VM clusters on Oracle Exadata Database Service on Cloud@Customer and cloud VM clusters on Oracle Exadata Database Service on Dedicated Infrastructure.

Create Delegation Control

To create a Delegation Control using the Oracle Cloud Console, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Create delegation.
    The Create delegation control window opens.
  4. In the Compartment field, select a compartment where you want to create the Delegation Control.
    To find the compartment in the tenancy, you can search for a string in the compartment name. For example, if there are three compartments in the tenancy with "Exadata" in the compartment name, then entering the search phrase "Exadata" returns all three of those compartments.
  5. In the Delegation control name field, enter an Delegation Control name to which you want to grant access to your compartment. For the Description field that is associated with that Delegation Control name, provide information that explains the purpose of this control, and other access information that you require for regulatory compliance.
  6. In the Subscriptions field, select one or more subscriptions.
  7. In the Resource Type section, choose resource type: Exadata VM Cluster.
  8. In the Deployment Platform section, you can select either Cloud@Customer or Oracle Cloud if you have chosen the resource type Exadata VM Cluster.
  9. In the Delegated resources section, select the resources (Exadata VM cluster or cloud VM cluster) and then click Add resource.
    The selected resource will be listed below. You can remove them as and when needed by clicking Remove.
  10. In the Select actions to pre-approve field, choose particular actions that you want to grant automatically.
    If you select this option, then the Pre-Approved Actions list appears. To view and select actions from the Pre-Approved Actions list, click the arrow keys on the right side of the field, and select the actions that you want to approve.

    Requires Second approval: Choose Yes if you want a second approval for the Access Request using this Operator Control.

    Note

    • A banner is displayed on the Access Request details page indicating that this Access Request requires 2 approvals to move to the Approved state.
    • A banner is displayed if there are any pending approvals.
    • If any of the two users reject the Access Request, then the Access Request is moved to the Rejected state.
    • If one user approves the Access Request now (Approve Now) and the other user approves it for later (Approve Later), then Approve Later takes precedence.
  11. In the Notification requirements section, select a notification topic. Only JSON notification message format is supported.

    Notifications related to support access requests will be published on the selected topic. You must select a valid topic or create one. For more information, see Creating a Topic.

  12. (Optional) To specify additional features, select Show Advanced Options. In the Tag Namespace field, consider adding a tag namespace (an identifying text string applied to a set of compartments), or tagging the control with an existing tag namespace.

    For more information, see Overview of Tagging.

View Delegation Control Details

To view the details of Delegation Controls, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. From the list of Delegation Controls, click the name of the Delegation Control that you want to view details.
  4. In the Delegation Control Information section, you can verify the Resource Type for which you have created the Delegation Control and other details such as Delegation control information, Subscriptions information, and Notifications.

View Delegated Resources Details

To view the details of Delegated Resources, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. From the list of Delegation Controls, click the name of the Delegation Control that you want to view details.
    Delegated resources under Resources list the resources associated with this Delegation Control.

Edit Delegation Control

To change the name and description of the Delegation Control, add more resources, and other control settings for a Delegation Control, you can use the Edit Delegation Control option.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. From the list of Delegation Controls, click the name of the Delegation Control that you want to edit.
  4. On the Delegation Control details page, click Edit delegation control.
  5. On the resulting Edit Delegation Control page, you can edit:
    • Name and description
    • Add or remove subscription
    • Add or remove second approval
    • Add or remove delegated resources
    • Select more actions to pre-approve
    • Modify notification requirements
  6. Click Save.

Add Tags to Delegation Control

Add tags to a Delegation Control to make it easier to find, or to track resources used for specific purposes.

Applying tags to resources is optional. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, then skip this option (you can apply tags later), or ask your administrator.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. From the list of Delegation Controls, select the Delegation Control for which you want to add tags.
  4. On the Delegation Control details page, click Add Tags.

Filter Delegation Control by Compartment

To find Delegation Controls specific to an individual compartment, you can use List Scope to filter Delegation Controls by compartment.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Under List Scope, select a compartment from the list.

Filter Delegation Control by State

To review the assignment states, you can filter the Assignments based on the workflow state of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Under Filters, select a State from the list.
    You can perform actions based on the state of the Delegation Control.
    Delegation Controls Allowed Action
    Create in progress No actions.
    Active Update, Move, or Remove.
    Update in progress No actions.
    Delete in progress No actions.
    Deleted No actions.
    Failed Update, Move, or Remove.
    Needs Attention Update, Move, or Remove.

Filter Delegation Control by Resource Type

To filter Operator Controls by resource types, complete this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Under Filters, select a Resource Type from the list.

Move Delegation Control to Another Compartment

To relocate a Delegation Control to another compartment, use this procedure.

Moving a Delegation Control to a different compartment will not affect associated resources. They remain in their current compartments.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. From the list of Delegation Controls, click the name of the Delegation Control that you want to move.
  4. On the Delegation Control details page, click Move resource.
  5. On the resulting Move resource dialog, choose a new compartment, and then click Move resource.

Remove Delegation Control

To remove a Delegation Control, complete this procedure.

From the Delegation Control dashboard

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. From the list of Delegation Controls, select the Delegation Control that you want to remove.
  4. Click Remove.
  5. On the resulting Remove delegation control dialog, add a comment, and then type the word REMOVE to confirm your choice.
  6. Click Remove.

From the Delegation Control details page

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. From the list of Delegation Controls, click the name of the Delegation Control that you want to remove.
  4. On the Delegation Control details page, click Remove delegation control.
  5. On the resulting Remove delegation control dialog, add a comment, and then type the word REMOVE to confirm your choice.
  6. Click Remove.

Was this article helpful?