Oracle Cloud Infrastructure Documentation

Policy Details for Exadata Cloud Infrastructure

This topic covers details for writing policies to control access to Exadata Cloud Infrastructure resources.

Note

For more information on Policies, see "How Policies Work".

For a sample policy, see "Let database admins manage Exadata Cloud Infrastructure instances".

Related Topics

Parent topic: Reference Guides for Exadata Cloud Infrastructure

About Resource-Types

Learn about resource-types you can use in your policies.

An aggregate resource-type covers the list of individual resource-types that directly follow. For example, writing one policy to allow a group to have access to the database-family is equivalent to writing separate policies for the group that would grant access to the cloud-exadata-infrastructures, cloud-vmclusters, db-nodes, db-homes, databases, database-software-image, and backups resource-types. For more information, see Resource-Types.

Resource-Types for Exadata Cloud Service Instances

Aggregate Resource-Type

database-family

Individual Resource-Types:

cloud-exadata-infrastructures

cloud-vmclusters

db-nodes

db-homes

databases

pluggable-databases

db-backups

application-vips

Supported Variables

Use variables when adding conditions to a policy.

Exadata Cloud Infrastructure supports only the general variables. For more information, see "General Variables for All Requests".

Details for Verb + Resource-Type Combinations

Review the list of permissions and API operations covered by each verb.

For more information, see "Permissions", "Verbs", and "Resource-Types".

  • Database-Family Resource Types
    Understand the level of access of each verb.
  • cloud-exadata-infrastructures
    Review the list of permissions and API operations for cloud-exadata-infrastructures resource-type.
  • cloud-vmclusters
    Review the list of permissions and API operations for cloud-vmclusters resource-type.
  • db-nodes
    Review the list of permissions and API operations for db-nodes resource-type.
  • db-homes
    Review the list of permissions and API operations for db-homes resource-type.
  • dbServers
    Review the list of permissions and API operations for dbServers resource-type.
  • database-software-images
    Review the list of permissions and API operations for database-software-images resource-type.
  • pluggable-databases (PDBs)
    Review the list of permissions and API operations for pluggable-databases resource-type.
  • databases (CDBs)
    Review the list of permissions and API operations for databases resource-type.
  • db-backups
    Review the list of permissions and API operations for db-backups resource-type.
  • data-guard-association
    Review the list of permissions and API operations for data-guard-association resource-type.
  • key-stores
    Review the list of permissions and API operations for key-store resource-type.
  • application-vips
    Review the list of permissions and API operations for application-vips resource-type.
  • oneoffPatch
    Review the list of permissions and API operations for oneoffPatch resource-type.
  • Permissions Required for Each API Operation
    The following tables list the API operations for Exadata Cloud Infrastructure instances in a logical order, grouped by resource type.

Related Topics

Parent topic: Policy Details for Exadata Cloud Infrastructure

Database-Family Resource Types

Understand the level of access of each verb.

The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

For example, the read verb for the vmclusters resource-type covers no extra permissions or API operations compared to the inspect verb. However, the use verb includes one more permission, fully covers one more operation, and partially covers another additional operation.

cloud-exadata-infrastructures

Review the list of permissions and API operations for cloud-exadata-infrastructures resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect CLOUD_EXADATA_INFRASTRUCTURE_INSPECT

ListCloudExadataInfrastructures

GetCloudExadataInfrastructures

 none
read no extra no extra none
use CLOUD_EXADATA_INFRASTRUCTURE_UPDATE no extra ChangeCloudExadataInfrastructureCompartment (also needs use cloud-vmclusters, use db-homes, use databases, and inspect db-backups)
manage

USE +

CLOUD_EXADATA_INFRASTRUCTURE_CREATE

CLOUD_EXADATA_INFRASTRUCTURE_DELETE

 UpdateCloudExadataInfrastructure CreateCloudExadataInfrastructure, DeleteCloudExadataInfrastructure, AddStorageCapacityCloudExadataInfrastructure (also needs use cloud-vmclusters)

cloud-vmclusters

Review the list of permissions and API operations for cloud-vmclusters resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect CLOUD_VM_CLUSTER_INSPECT

ListCloudVmClusters

GetCloudVmCluster

ListCloudVmClusterUpdates

ListCloudVmClusterUpdateHistoryEntries

GetCloudVmClusterUpdate

GetCloudVmClusterUpdateHistoryEntry

none
read no extra no extra none
use CLOUD_VM_CLUSTER_UPDATE no extra ChangeCloudVmClusterCompartment (also needs use db-homes, use databases, and inspect db-backups)
manage

USE +

CLOUD_VM_CLUSTER_CREATE

CLOUD_VM_CLUSTER_DELETE

 UpdateCloudVmCluster CreateCloudVmCluster, DeleteCloudVmCluster (both also need manage db-homes, manage databases, use vnics, and use subnets) ; RemoveVmFromCloudVmCluster, AddVmToCloudVmCluster (both also need use cloud_exadata_infrastructure_update

db-nodes

Review the list of permissions and API operations for db-nodes resource-type.

Note

For Exadata Cloud Infrastructure VM clusters, the database node is sometimes referred to as a virtual machine.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

DB_NODE_INSPECT

DB_NODE_QUERY

 GetDbNode none
read no extra no extra none
use no extra no extra none
manage

USE +

DB_NODE_POWER_ACTIONS

 DbNodeAction none

db-homes

Review the list of permissions and API operations for db-homes resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect DB_HOME_INSPECT

ListDBHome

GetDBHome

ListDbHomePatches

ListDbHomePatchHistoryEntries

GetDbHomePatch

GetDbHomePatchHistoryEntry

none
read no extra no extra none
use DB_HOME_UPDATE UpdateDBHome ChangeCloudVmClusterCompartment (also needs use cloud-vmclusters, use databases, and inspect backups)
manage

USE +

DB_HOME_CREATE

DB_HOME_DELETE

 no extra

CreateCloudVmCluster, DeleteCloudVmCluster (both also need manage cloud-vmclusters, manage databases, use vnics, and use subnets). If automatic backups are enabled on the default database, also needs manage backups

CreateDbHome, (also needs use cloud-vmclusters and manage databases). If creating the Database Home by restoring from a backup, also needs read backups

DeleteDbHome, (also needs use cloud-vmclusters and manage databases). If automatic backups are enabled on the default database, also needs manage backups. If the performFinalBackup option is selected, also needs manage backups and read databases.

dbServers

Review the list of permissions and API operations for dbServers resource-type.

Table 6-4 INSPECT

Permissions APIs Fully Covered APIs Partially Covered

EXADATA_INFRASTRUCTURE_INSPECT

none

GetDbServer

ListDbServers

Table 6-5 READ

Permissions APIs Fully Covered APIs Partially Covered

No extra

none

none

Table 6-6 USE

Permissions APIs Fully Covered APIs Partially Covered

READ +

VM_CLUSTER_UPDATE

EXADATA_INFRASTRUCTURE_UPDATE

none

AddVirtualMachineToVmCluster, RemoveVirtualMachineFromVmCluster

Table 6-7 MANAGE

Permissions APIs Fully Covered APIs Partially Covered

No extra

none

none

database-software-images

Review the list of permissions and API operations for database-software-images resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect DB_SOFTWARE_IMG_INSPECT

ListDatabaseSoftwareImages

GetDatabaseSoftwareImage

none
read no extra none none
use

READ +

DB_SOFTWARE_IMG_UPDATE

UpdateDatabaseSoftwareImage

ChangeDatabaseSoftwareImageCompartment

none
manage

USE +

DB_SOFTWARE_IMG_CREATE

DB_SOFTWARE_IMG_DELETE

CreateDatabaseSoftwareImage

DeleteDatabaseSoftwareImage

none

pluggable-databases (PDBs)

Review the list of permissions and API operations for pluggable-databases resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect PLUGGABLE_DATABASE_INSPECT

ListPluggableDatabases

GetPluggableDatabase

UpdatePluggableDatabase

StartPluggableDatabase

StopPluggableDatabase

LocalClonePluggableDatabase

RemoteClonePluggableDatabase

RefreshPluggableDatabase

ConvertRefreshablePluggableDatabase

DATABASE_INSPECT

no extra

CreatePluggableDatabase

DeletePluggableDatabase

LocalClonePluggableDatabase

RemoteClonePluggableDatabase
read

INSPECT +

PLUGGABLE_DATABASE_CONTENT_READ

 no extra

CreatePluggableDatabase (Additional permissions are required if auto-backups are enabled on the CDB and includes this PDB.)

UpdatePluggableDatabase (Additional permissions are required if auto-backups are enabled on the CDB and includes this PDB.)

LocalClonePluggableDatabase

RemoteClonePluggableDatabase
use

READ +

PLUGGABLE_DATABASE_CONTENT_WRITE

no extra

LocalClonePluggableDatabase

RemoteClonePluggableDatabase

PLUGGABLE_DATABASE_UPDATE

no extra

UpdatePluggableDatabase

StartPluggableDatabase

StopPluggableDatabase

LocalClonePluggableDatabase

RemoteClonePluggableDatabase

RefreshPluggableDatabase

ConvertRefreshablePluggableDatabase

DATABASE_UPDATE

no extra

CreatePluggableDatabase

DeletePluggableDatabase

LocalClonePluggableDatabase

RemoteClonePluggableDatabase
manage

USE +

PLUGGABLE_DATABASE_CREATE

 no extra

CreatePluggableDatabase

LocalClonePluggableDatabase

RemoteClonePluggableDatabase

PLUGGABLE_DATABASE_DELETE

 no extra

DeletePluggableDatabase

databases (CDBs)

Review the list of permissions and API operations for databases resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect DATABASE_INSPECT

ListDatabases

GetDatabase

ListDataGuardAssociations

GetDataGuardAssociation

enableDatabaseManagement

disableDatabaseManagement

updateDatabaseManagement
read

INSPECT+

DATABASE_CONTENT_READ

 no extra no extra
use

READ +

DATABASE_CONTENT_WRITE

DATABASE_UPDATE

UpdateDatabase

SwitchoverDataGuardAssociation

FailoverDataGuardAssociation

ReinstateDataGuardAssociation

CreateDataGuardAssociation

ChangeCloudVmClusterCompartment (also needs use cloud-vmclusters, use db-homes, and inspect db-backups)

enableDatabaseManagement

disableDatabaseManagement

updateDatabaseManagement
manage

USE +

DATABASE_CREATE

DATABASE_DELETE

 no extra

CreateDatabase (also needs use cloud-vmclusters, use db-homes, and if automatic backups to be enabled, also needs manage backups)

DeleteDatabase (also needs use cloud-vmclusters, use db-homes, and if automatic backups to be enabled, also needs manage backups)

CreateCloudVmCluster, DeleteCloudVmCluster (both also need manage cloud-vmclusters, manage db-homes, use vnics, and use subnets)

db-backups

Review the list of permissions and API operations for db-backups resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect DB_BACKUP_INSPECT

GetBackup

ListBackups

ChangeCloudVmClusterCompartment (also needs use cloud-vmclusters, use db-homes, and use databases)
read

INSPECT +

DB_BACKUP_CONTENT_READ

 none RestoreDatabase (also needs use databases)
use no extra no extra none
manage

USE +

DB_BACKUP_CREATE

DB_BACKUP_DELETE

 DeleteBackup CreateBackup (also needs read databases)

data-guard-association

Review the list of permissions and API operations for data-guard-association resource-type.

Table 6-8 INSPECT

Permissions APIs Fully Covered APIs Partially Covered

DATABASE_INSPECT

ListDataGuardAssociations, GetDataGuardAssociation

CreateDataGuardAssociation

Table 6-9 READ

Permissions APIs Fully Covered APIs Partially Covered

no extra

no extra

no extra

Table 6-10 USE

Permissions APIs Fully Covered APIs Partially Covered

READ + VM_CLUSTER_UPDATE + DB_HOME_UPDATE

DATABASE_UPDATE

DeleteDatabase

SwitchoverDataGuardAssociation,FailoverDataGuardAssociation, ReinstateDataGuardAssociation

CreateDataGuardAssociation

Table 6-11 MANAGE

Permissions APIs Fully Covered APIs Partially Covered

USE +

DATABASE_DELETE

DeleteDatabase

none

key-stores

Review the list of permissions and API operations for key-store resource-type.

Table 6-12 INSPECT

Permissions APIs Fully Covered APIs Partially Covered

KEY_STORE_INPSECT

AUTONOMOUS_CONTAINER_DATABASE_INSPECT

AUTONOMOUS_DATABASE_INSPECT

AUTONOMOUS_DB_BACKUP_INSPECT

GetKeyStore

GetAutonomousContainerDatabase

GetAutonomousDatabase

GetAutonomousDatabaseBackup

ChangeKeyStoreCompartment

RotateAutonomousContainerDatabaseKey

Table 6-13 READ

Permissions APIs Fully Covered APIs Partially Covered

no extra

no extra

no extra

Table 6-14 USE

Permissions APIs Fully Covered APIs Partially Covered

READ + KEY_STORE_UPDATE +

AUTONOMOUS_VM_CLUSTER_UPDATE +

AUTONOMOUS_CONTAINER_DATABASE_UPDATE

AUTONOMOUS_DATABASE_UPDATE

UpdateKeyStore

none

none

none

RotateAutonomousDatabaseKey

ChangeKeyStoreCompartment

CreateAutonomousContainerDatabase

RotateAutonomousContainerDatabaseKey

none

Table 6-15 MANAGE

Permissions APIs Fully Covered APIs Partially Covered

USE + KEY_STORE_CREATE +

KEY_STORE_DELETE +

AUTONOMOUS_CONTAINER_DATABASE_CREATE

CreateKeyStore

DeleteKeyStore

CreateAutonomousContainerDatabase

none

none

none

application-vips

Review the list of permissions and API operations for application-vips resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect APPLICATION_VIP_INSPECT

ListApplicationVips

GetApplicationVips

none
read

INSPECT +

no extra

none
use

READ +

no extra

none
manage

USE +

APPLICATION_VIP_CREATE

APPLICATION_VIP_DELETE

CreateApplicationVip

DeleteApplicationVip

none

oneoffPatch

Review the list of permissions and API operations for oneoffPatch resource-type.

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect ONEOFF_PATCH_INSPECT

DownloadOneoffPatch

GetOneoffPatch

ListOneoffPatches

CreateOneoffPatch

DeleteOneoffPatch

UpdateOneoffPatch

ChangeOneoffPatchCompartment
read

INSPECT +

no extra

DownloadOneoffPatch

none
use

READ +

ONEOFF_PATCH_UPDATE

no extra

UpdateOneoffPatch

ChangeOneoffPatchCompartment
manage

USE +

ONEOFF_PATCH_CREATE

ONEOFF_PATCH_DELETE

no extra

CreateOneoffPatch

DeleteOneoffPatch

Permissions Required for Each API Operation

The following tables list the API operations for Exadata Cloud Infrastructure instances in a logical order, grouped by resource type.

Database API Operations

For information about permissions, see:

Permissions.

The following tables list of API operations and permissions by API peration.

Table 6-16 Cloud Exadata Infrastructure Resource

API Operation Permissions Required to Use the Operation
ListCloudExadataInfrastructures CLOUD_EXADATA_INFRASTRUCTURE_INSPECT
GetCloudExadataInfrastructure CLOUD_EXADATA_INFRASTRUCTURE_INSPECT
CreateCloudExadataInfrastructure CLOUD_EXADATA_INFRASTRUCTURE_CREATE
UpdateCloudExadataInfrastructure CLOUD_EXADATA_INFRASTRUCTURE_UPDATE
ChangeCloudExadataInfrastructureCompartment CLOUD_EXADATA_INFRASTRUCTURE_UPDATE
DeleteCloudExadataInfrastructure CLOUD_EXADATA_INFRASTRUCTURE_DELETE
AddStorageCapacityCloudExadataInfrastructure CLOUD_EXADATA_INFRASTRUCTURE_UPDATE

Table 6-17 Cloud VM Cluster

API Operation Permissions Required to Use the Operation
ListCloudVmClusters CLOUD_VM_CLUSTER_INSPECT
GetCloudVmCluster CLOUD_VM_CLUSTER_INSPECT
CreateCloudVmCluster CLOUD_VM_CLUSTER_CREATE and CLOUD_EXADATA_INFRASTRUCTURE_UPDATE and VNIC_CREATE and VNIC_ATTACH and SUBNET_ATTACH and (needed if Private DNS is used: DNS_ZONE_READ, DNS_RECORD_UPDATE, DNS_ZONE_CREATE DNS_VIEW_INSPECT)
ChangeCloudVmClusterCompartment CLOUD_VM_CLUSTER_UPDATE
UpdateCloudVmCluster CLOUD_VM_CLUSTER_UPDATE and CLOUD_EXADATA_INFRASTRUCTURE_UPDATE
GetCloudVmClusterIormConfig CLOUD_VM_CLUSTER_INSPECT
UpdateCloudVmClusterIormConfig CLOUD_VM_CLUSTER_UPDATE
DeleteCloudVmCluster CLOUD_VM_CLUSTER_DELETE and CLOUD_EXADATA_INFRASTRUCTURE_UPDATE and DB_HOME_DELETE and VNIC_DELETE and SUBNET_DETACH and VNIC_DETACH and (needed if Private DNS is used: DNS_ZONE_READ, DNS_RECORD_UPDATE, DNS_ZONE_DELETE)
AddVmToCloudVmCluster CLOUD_VM_CLUSTER_UPDATE and CLOUD_EXADATA_INFRASTRUCTURE_UPDATE and (needed if Private DNS is used: DNS_ZONE_READ, DNS_RECORD_UPDATE, DNS_ZONE_CREATE, DNS_VIEW_INSPECT)
RemoveVmFromCloudVmCluster CLOUD_VM_CLUSTER_UPDATE and CLOUD_EXADATA_INFRASTRUCTURE_UPDATE and (needed if Private DNS is used: DNS_ZONE_READ, DNS_RECORD_UPDATE, DNS_ZONE_DELETE)

Table 6-18 Cloud VM Cluster Maintenance Updates and Update History

API Operation Permissions Required to Use the Operation
ListCloudVmClusterUpdates CLOUD_VM_CLUSTER_INSPECT
GetCloudVmClusterUpdate CLOUD_VM_CLUSTER_INSPECT
ListCloudVmClusterUpdateHistoryEntries CLOUD_VM_CLUSTER_INSPECT
GetCloudVmClusterUpdateHistoryEntry CLOUD_VM_CLUSTER_INSPECT

Table 6-19 Virtual Machines / Nodes

API Operation Permissions Required to Use the Operation
ListDbNodes DB_NODE_INSPECT
GetDbNode DB_NODE_INSPECT
DbNodeAction DB_NODE_POWER_ACTIONS

Table 6-20 Database Homes

API Operation Permissions Required to Use the Operation
ListDbHomes DB_HOME_INSPECT
GetDbHome DB_HOME_INSPECT
ListDbHomePatches DB_HOME_INSPECT
ListDbHomePatchHistoryEntries DB_HOME_INSPECT
GetDbHomePatch DB_HOME_INSPECT
GetDbHomePatchHistoryEntry DB_HOME_INSPECT
CreateDbHome

DB_SYSTEM_INSPECT and DB_SYSTEM_UPDATE and DB_HOME_CREATE and DATABASE_CREATE

To enable automatic backups for the database, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ
UpdateDbHome DB_HOME_UPDATE
DeleteDbHome

DB_SYSTEM_UPDATE and DB_HOME_DELETE and DATABASE_DELETE

If automatic backups are enabled, also need DELETE_BACKUP

If performing a final backup on termination, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ

Table 6-21 Databases (CDB)

API Operation Permissions Required to Use the Operation
ListDatabases DATABASE_INSPECT
GetDatabase DATABASE_INSPECT
CreateDatabase

DATABASE_UPDATE

To enable automatic backups, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ
UpdateDatabase

DATABASE_UPDATE

To enable automatic backups, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ
DeleteDatabase

For new resource model using VM cluster resource:

CLOUD_VM_CLUSTER_INSPECT and DB_HOME_UPDATE and DATABASE_DELETE
enableDatabaseManagement DATABASE_INSPECT and DATABASE_UPDATE
disableDatabaseManagement DATABASE_INSPECT and DATABASE_UPDATE
disableDatabaseManagement DATABASE_INSPECT and DATABASE_UPDATE

Table 6-22 Pluggable Databases (PBDs)

API Operation Permissions Required to Use the Operation
ListPluggableDatabase PLUGGABLE_DATABASE_INSPECT
GetPluggableDatabase PLUGGABLE_DATABASE_INSPECT
CreatePluggableDatabase PLUGGABLE_DATABASE_CREATE and DATABASE_INSPECT and DATABASE_UPDATE
UpdatePluggableDatabase PLUGGABLE_DATABASE_INSPECT and PLUGGABLE_DATABASE_UPDATE
StartPluggableDatabase PLUGGABLE_DATABASE_INSPECT and PLUGGABLE_DATABASE_UPDATE
StopPluggableDatabase PLUGGABLE_DATABASE_INSPECT and PLUGGABLE_DATABASE_UPDATE
DeletePluggableDatabase PLUGGABLE_DATABASE_DELETE and DATABASE_INSPECT and DATABASE_UPDATE
LocalClonePluggableDatabase PLUGGABLE_DATABASE_INSPECT and PLUGGABLE_DATABASE_UPDATE and PLUGGABLE_DATABASE_CONTENT_READ and PLUGGABLE_DATABASE_CONTENT_WRITE and PLUGGABLE_DATABASE_CREATE and DATABASE_INSPECT and DATABASE_UPDATE
RemoteClonePluggableDatabase PLUGGABLE_DATABASE_INSPECT and PLUGGABLE_DATABASE_UPDATE and PLUGGABLE_DATABASE_CONTENT_READ and PLUGGABLE_DATABASE_CONTENT_WRITE and PLUGGABLE_DATABASE_CREATE and DATABASE_INSPECT and DATABASE_UPDATE
enableDatabaseManagement DATABASE_INSPECT and DATABASE_UPDATE
disableDatabaseManagement DATABASE_INSPECT and DATABASE_UPDATE
disableDatabaseManagement DATABASE_INSPECT and DATABASE_UPDATE

Table 6-23 System Shapes and Database Versions

API Operation Permissions Required to Use the Operation
ListDbSystemShapes (no permissions required; available to anyone)
ListDbVersions (no permissions required; available to anyone)

Table 6-24 Oracle Data Guard Associations

API Operation Permissions Required to Use the Operation
GetDataGuardAssociation DATABASE_INSPECT
ListDataGuardAssociations DATABASE_INSPECT
CreateDataGuardAssociation DB_SYSTEM_UPDATE and DB_HOME_CREATE and DB_HOME_UPDATE and DATABASE_CREATE and DATABASE_UPDATE
SwitchoverDataGuardAssociation DATABASE_UPDATE
FailoverDataGuardAssociation DATABASE_UPDATE
ReinstateDataGuardAssociation DATABASE_UPDATE

Table 6-25 Backups and Database Restore

API Operation Permissions Required to Use the Operation
GetBackup DB_BACKUP_INSPECT
ListBackups DB_BACKUP_INSPECT
CreateBackup DB_BACKUP_CREATE and DATABASE_CONTENT_READ
DeleteBackup DB_BACKUP_DELETE and DB_BACKUP_INSPECT
RestoreDatabase DB_BACKUP_INSPECT and DB_BACKUP_CONTENT_READ and DATABASE_CONTENT_WRITE

Table 6-26 Application VIP

API Operation Permissions Required to Use the Operation
CreateApplicationVip APPLICATION_VIP_CREATE and CLOUD_VM_CLUSTER_UPDATE and PRIVATE_IP_CREATE and PRIVATE_IP_ASSIGN and VNIC_ASSIGN and SUBNET_ATTACH
DeleteApplicationVip APPLICATION_VIP_DELETE and CLOUD_VM_CLUSTER_UPDATE and PRIVATE_IP_DELETE and PRIVATE_IP_UNASSIGN and VNIC_UNASSIGN and SUBNET_DETACH
ListApplicationVips APPLICATION_VIP_INSPECT
ListApplicationVips APPLICATION_VIP_INSPECT

Table 6-27 Serial Console Access to VM

API Operation Permissions Required to Use the Operation
AddVirtualMachineToVmCluster VM_CLUSTER_UPDATE and EXADATA_INFRASTRUCTURE_UPDATE
RemoveVirtualMachineFromVmCluster VM_CLUSTER_UPDATE and EXADATA_INFRASTRUCTURE_UPDATE
CreateDbNodeConsoleConnection DBNODE_CONSOLE_CONNECTION_CREATE and DBNODE_CONSOLE_CONNECTION_INSPECT
GetDbNodeConsoleConnection DBNODE_CONSOLE_CONNECTION_INSPECT
ListDbNodeConsoleConnections DBNODE_CONSOLE_CONNECTION_INSPECT
DeleteDbNodeConsoleConnection DBNODE_CONSOLE_CONNECTION_DELETE
UpdateDbNodeConsoleConnection DBNODE_CONSOLE_CONNECTION_UPDATE
UpdateDbNode DB_NODE_UPDATE