Policy Details for Oracle Exadata Database Service on Exascale Infrastructure

This topic covers details for writing policies to control access to Oracle Exadata Database Service on Exascale Infrastructure resources.

Note

For more information on Policies, see "How Policies Work".

For a sample policy, see "Let database admins manage Oracle Exadata Database Service on Exascale Infrastructure instances".

About Resource-Types
Learn about resource-types you can use in your policies.
Resource-Types for Exadata Cloud Service Instances
Instance resource types include aggregate resource types and individual resource types.
Supported Variables
Use variables when adding conditions to a policy.
Details for Verb + Resource-Type Combinations
Review the list of permissions and API operations covered by each verb.

About Resource-Types

Learn about resource-types you can use in your policies.

An aggregate resource-type covers the list of individual resource-types that directly follow. For example, writing one policy to allow a group to have access to the database-family is equivalent to writing separate policies for the group that would grant access to the cloud-exadata-infrastructures, cloud-vmclusters, db-nodes, db-homes, databases, database-software-image, and backups resource-types. For more information, see Resource-Types.

Parent topic: Policy Details for Oracle Exadata Database Service on Exascale Infrastructure

Resource-Types for Exadata Cloud Service Instances

Instance resource types include aggregate resource types and individual resource types.

Aggregate Resource-Type

database-family

Individual Resource-Types

db-nodes

db-homes

databases

pluggable-databases

db-backups

dbnode-console-connection

Parent topic: Policy Details for Oracle Exadata Database Service on Exascale Infrastructure

Supported Variables

Use variables when adding conditions to a policy.

Oracle Exadata Database Service on Exascale Infrastructure supports only the general variables. For more information, see "General Variables for All Requests".

Related Topics

General Variables for All Requests

Parent topic: Policy Details for Oracle Exadata Database Service on Exascale Infrastructure

Details for Verb + Resource-Type Combinations

Review the list of permissions and API operations covered by each verb.

For more information, see "Permissions", "Verbs", and "Resource-Types".

Database-Family Resource Types
Permissions and API operation details for DB Backups
Permissions and API operation details for Databases (CDBs)
Permissions and API operation details for Data Guard Association
Permissions and API operation details for DB Nodes
Permissions and API operation details for DB Homes
Permissions and API operation details for Database Software Image
exadb-vm-clusters
Review the list of permissions and API operations for the exadb-vm-clusters resource-type.
exascale-db-storage-vaults
Review the list of permissions and API operations for the exascale-db-storage-vaults resource-type.
Permissions and API operation details for Key Stores
Permissions Required for Each API Operation
Permissions and API operation details for Pluggable Databases (PDBs)

Database-Family Resource Types

The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

For example, the read verb for the vmclusters resource-type covers no extra permissions or API operations compared to the inspect verb. However, the use verb includes one more permission, fully covers one more operation, and partially covers another additional operation.

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Backups

The table below lists permissions and API operations for db-backups.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`DB_BACKUP_INSPECT`	`GetBackup` `ListBackups`	`ChangeCloudVmClusterCompartment` (also needs `use cloud-vmclusters, use db-homes,` and `use databases`)
read	INSPECT + `DB_BACKUP_CONTENT_READ`	none	`RestoreDatabase` (also needs `use databases`)
use	no extra	no extra	none
manage	USE + `DB_BACKUP_CREATE` `DB_BACKUP_DELETE`	`DeleteBackup`	`CreateBackup` (also needs `read databases`)

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Databases (CDBs)

The table below lists permissions and API operations for databases.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`DATABASE_INSPECT`	`ListDatabases` `GetDatabase` `ListDataGuardAssociations` `GetDataGuardAssociation`	`enableDatabaseManagement` `disableDatabaseManagement` `updateDatabaseManagement`
read	INSPECT+ `DATABASE_CONTENT_READ`	no extra	no extra
use	READ + `DATABASE_CONTENT_WRITE` `DATABASE_UPDATE`	`UpdateDatabase` `SwitchoverDataGuardAssociation` `FailoverDataGuardAssociation` `ReinstateDataGuardAssociation`	`CreateDataGuardAssociation` `ChangeCloudVmClusterCompartment` (also needs `use cloud-vmclusters, use db-homes,` and `inspect db-backups`) `enableDatabaseManagement` `disableDatabaseManagement` `updateDatabaseManagement`
manage	USE + `DATABASE_CREATE` `DATABASE_DELETE`	no extra	`CreateDatabase` (also needs `use cloud-vmclusters, use db-homes`, and if automatic backups to be enabled, also needs `manage backups`) `DeleteDatabase` (also needs `use cloud-vmclusters, use db-homes`, and if automatic backups to be enabled, also needs `manage backups`) `CreateCloudVmCluster, DeleteCloudVmCluster` (both also need `manage cloud-vmclusters, manage db-homes, use vnics,` and `use subnets`)

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Data Guard Association

The table below lists permissions and API operations for data-guard-association.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`DATABASE_INSPECT`	`ListDataGuardAssociations, GetDataGuardAssociation`	`CreateDataGuardAssociation`
READ	no extra	no extra	none
USE	READ + `VM_CLUSTER_UPDATE` + `DB_HOME_UPDATE` `DATABASE_UPDATE`	`DeleteDatabase` `SwitchoverDataGuardAssociation,FailoverDataGuardAssociation`, `ReinstateDataGuardAssociation`	`CreateDataGuardAssociation`
MANAGE	USE + `DATABASE_DELETE`	`DeleteDatabase`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Nodes

Note

For Oracle Exadata Database Service on Exascale Infrastructure VM clusters, the database node is sometimes referred to as a virtual machine.

The table below lists permissions and API operations for db-nodes.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`DB_NODE_INSPECT` `DB_NODE_QUERY`	`GetDbNode`	none
read	no extra	no extra	none
use	`DB_NODE_UPDATE`	`UpdateDbNode`	none
manage	USE + `DB_NODE_POWER_ACTIONS`	`DbNodeAction`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Homes

The table below lists permissions and API operations for db-homes.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`DB_HOME_INSPECT`	`ListDBHome` `GetDBHome` `ListDbHomePatches` `ListDbHomePatchHistoryEntries` `GetDbHomePatch` `GetDbHomePatchHistoryEntry`	none
read	no extra	no extra	none
use	`DB_HOME_UPDATE`	`UpdateDBHome`	`ChangeCloudVmClusterCompartment` (also needs `use cloud-vmclusters, use databases,` and `inspect backups`)
manage	USE + `DB_HOME_CREATE` `DB_HOME_DELETE`	no extra	`CreateCloudVmCluster, DeleteCloudVmCluster` (both also need `manage cloud-vmclusters, manage databases, use vnics,` and `use subnets`). If automatic backups are enabled on the default database, also needs `manage backups` `CreateDbHome`, (also needs `use cloud-vmclusters` and `manage databases`). If creating the Database Home by restoring from a backup, also needs `read backups` `DeleteDbHome`, (also needs `use cloud-vmclusters` and `manage databases`). If automatic backups are enabled on the default database, also needs `manage backups`. If the `performFinalBackup` option is selected, also needs `manage backups` and `read databases`.

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Database Software Image

The table below lists permissions and API operations for database-software-image.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`DB_SOFTWARE_IMG_INSPECT`	`ListDatabaseSoftwareImages` `GetDatabaseSoftwareImage`	none
read	no extra	none	none
use	READ + `DB_SOFTWARE_IMG_UPDATE`	`UpdateDatabaseSoftwareImage` `ChangeDatabaseSoftwareImageCompartment`	none
manage	USE + `DB_SOFTWARE_IMG_CREATE` `DB_SOFTWARE_IMG_DELETE`	`CreateDatabaseSoftwareImage` `DeleteDatabaseSoftwareImage`	none

Parent topic: Details for Verb + Resource-Type Combinations

exadb-vm-clusters

Review the list of permissions and API operations for the exadb-vm-clusters resource-type.

Table 6-6 INSPECT

Permissions APIs Fully Covered APIs Partially Covered

Permissions	APIs Fully Covered	APIs Partially Covered
`EXADB_VM_CLUSTER_INSPECT`	`ListExadbVmClusters` `GetExadbVmCluster` `ListExadbVmClusterUpdates` `GetExadbVmClusterUpdate` `ListExadbVmClusterUpdateHistoryEntries` `GetExadbVmClusterUpdateHistoryEntry`	None

EXADB_VM_CLUSTER_INSPECT

ListExadbVmClusters

GetExadbVmCluster

ListExadbVmClusterUpdates

GetExadbVmClusterUpdate

ListExadbVmClusterUpdateHistoryEntries

GetExadbVmClusterUpdateHistoryEntry

None

Table 6-7 READ

Permissions	APIs Fully Covered	APIs Partially Covered
No extra	No extra	None

Table 6-8 USE

Permissions APIs Fully Covered APIs Partially Covered

Permissions	APIs Fully Covered	APIs Partially Covered
`inspect + EXADB_VM_CLUSTER_UPDATE`	`RemoveVirtualMachineFromExadbVmClusterDetails`	`ChangeExadbVmClusterCompartment` (also needs `use db-homes`, `use databases`, and `inspect db-backups`)

inspect + EXADB_VM_CLUSTER_UPDATE

RemoveVirtualMachineFromExadbVmClusterDetails

ChangeExadbVmClusterCompartment

(also needs use db-homes, use databases, and inspect db-backups)

Table 6-9 MANAGE

Permissions APIs Fully Covered APIs Partially Covered

Permissions	APIs Fully Covered	APIs Partially Covered
`use + EXADB_VM_CLUSTER_CREATE, EXADB_VM_CLUSTER_DELETE`	No extra	`CreateExadbVmCluster` (also needs `manage db-homes`, `manage databases`, `use exascale-db-storage-vaults`, `use vnics`, and `use subnets`) `DeleteExadbVmCluster` (also needs `manage db-homes`, `manage databases`, `use exascale-db-storage-vaults`, `use vnics`, and `use subnets`) `UpdateExadbVmCluster` (also needs `use subnets`, `use vnics`, and `use private-ip`)

use + EXADB_VM_CLUSTER_CREATE, EXADB_VM_CLUSTER_DELETE

No extra

CreateExadbVmCluster

(also needs manage db-homes, manage databases, use exascale-db-storage-vaults, use vnics, and use subnets)

DeleteExadbVmCluster

(also needs manage db-homes, manage databases, use exascale-db-storage-vaults, use vnics, and use subnets)

UpdateExadbVmCluster

(also needs use subnets, use vnics, and use private-ip)

Parent topic: Details for Verb + Resource-Type Combinations

exascale-db-storage-vaults

Review the list of permissions and API operations for the exascale-db-storage-vaults resource-type.

Table 6-10 INSPECT

Permissions APIs Fully Covered APIs Partially Covered

Permissions	APIs Fully Covered	APIs Partially Covered
`EXASCALE_DB_STORAGE_VAULT_INSPECT`	`ListExascaleDbStorageVaults` `GetExascaleDbStorageVault`	None

EXASCALE_DB_STORAGE_VAULT_INSPECT

ListExascaleDbStorageVaults

GetExascaleDbStorageVault

None

Table 6-11 READ

Permissions	APIs Fully Covered	APIs Partially Covered
No extra	No extra	None

Table 6-12 USE

Permissions APIs Fully Covered APIs Partially Covered

Permissions	APIs Fully Covered	APIs Partially Covered
`inspect + EXASCALE_DB_STORAGE_VAULT_UPDATE`	`ChangeExascaleDbStorageVaultCompartment` `UpdateExascaleDbStorageVault`	None

inspect + EXASCALE_DB_STORAGE_VAULT_UPDATE

ChangeExascaleDbStorageVaultCompartment

UpdateExascaleDbStorageVault

None

Table 6-13 MANAGE

Permissions APIs Fully Covered APIs Partially Covered

Permissions	APIs Fully Covered	APIs Partially Covered
`use + EXASCALE_DB_STORAGE_VAULT_CREATE` `EXASCALE_DB_STORAGE_VAULT_DELETE`	`CreateExascaleDbStorageVault` `DeleteExascaleDbStorageVault`	None

use + EXASCALE_DB_STORAGE_VAULT_CREATE

EXASCALE_DB_STORAGE_VAULT_DELETE

CreateExascaleDbStorageVault

DeleteExascaleDbStorageVault

None

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Key Stores

The table below lists permissions and API operations for key-stores.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`KEY_STORE_INPSECT` `AUTONOMOUS_CONTAINER_DATABASE_INSPECT` `AUTONOMOUS_DATABASE_INSPECT` `AUTONOMOUS_DB_BACKUP_INSPECT`	`GetKeyStore` `GetAutonomousContainerDatabase` `GetAutonomousDatabase` `GetAutonomousDatabaseBackup`	`ChangeKeyStoreCompartment` `RotateAutonomousContainerDatabaseKey`
READ	no extra	no extra	none
USE	READ + `KEY_STORE_UPDATE` + `AUTONOMOUS_VM_CLUSTER_UPDATE` + `AUTONOMOUS_CONTAINER_DATABASE_UPDATE` `AUTONOMOUS_DATABASE_UPDATE`	`UpdateKeyStore` none none none `RotateAutonomousDatabaseKey`	`ChangeKeyStoreCompartment` `CreateAutonomousContainerDatabase` `RotateAutonomousContainerDatabaseKey` none
MANAGE	USE + `KEY_STORE_CREATE` + `KEY_STORE_DELETE` + `AUTONOMOUS_CONTAINER_DATABASE_CREATE`	`CreateKeyStore` `DeleteKeyStore` `CreateAutonomousContainerDatabase`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions Required for Each API Operation

Database API Operations

For information about permissions, see:

Permissions.

The following tables list of API operations and permissions by API operation.

Table 6-14 Cloud Exadata Infrastructure Resource

API Operation	Permissions Required to Use the Operation
`ListCloudExadataInfrastructures`	`CLOUD_EXADATA_INFRASTRUCTURE_INSPECT`
`GetCloudExadataInfrastructure`	`CLOUD_EXADATA_INFRASTRUCTURE_INSPECT`
`CreateCloudExadataInfrastructure`	`CLOUD_EXADATA_INFRASTRUCTURE_CREATE`
`UpdateCloudExadataInfrastructure`	`CLOUD_EXADATA_INFRASTRUCTURE_UPDATE`
`ChangeCloudExadataInfrastructureCompartment`	`CLOUD_EXADATA_INFRASTRUCTURE_UPDATE`
`DeleteCloudExadataInfrastructure`	`CLOUD_EXADATA_INFRASTRUCTURE_DELETE`
`AddStorageCapacityCloudExadataInfrastructure`	`CLOUD_EXADATA_INFRASTRUCTURE_UPDATE`

Table 6-15 Cloud VM Cluster

API Operation	Permissions Required to Use the Operation
`ListCloudVmClusters`	`CLOUD_VM_CLUSTER_INSPECT`
`GetCloudVmCluster`	`CLOUD_VM_CLUSTER_INSPECT`
`CreateCloudVmCluster`	`CLOUD_VM_CLUSTER_CREATE` and `CLOUD_EXADATA_INFRASTRUCTURE_UPDATE` and `VNIC_CREATE and VNIC_ATTACH` and `SUBNET_ATTACH` and (needed if Private DNS is used: `DNS_ZONE_READ`, `DNS_RECORD_UPDATE`, `DNS_ZONE_CREATE` `DNS_VIEW_INSPECT`)
`ChangeCloudVmClusterCompartment`	`CLOUD_VM_CLUSTER_UPDATE`
`UpdateCloudVmCluster`	`CLOUD_VM_CLUSTER_UPDATE` and `CLOUD_EXADATA_INFRASTRUCTURE_UPDATE`
`GetCloudVmClusterIormConfig`	`CLOUD_VM_CLUSTER_INSPECT`
`UpdateCloudVmClusterIormConfig`	`CLOUD_VM_CLUSTER_UPDATE`
`DeleteCloudVmCluster`	`CLOUD_VM_CLUSTER_DELETE` and `CLOUD_EXADATA_INFRASTRUCTURE_UPDATE` and `DB_HOME_DELETE` and `VNIC_DELETE` and `SUBNET_DETACH` and `VNIC_DETACH` and (needed if Private DNS is used: `DNS_ZONE_READ`, `DNS_RECORD_UPDATE`, `DNS_ZONE_DELETE`)
`AddVmToCloudVmCluster`	`CLOUD_VM_CLUSTER_UPDATE` and `CLOUD_EXADATA_INFRASTRUCTURE_UPDATE` and (needed if Private DNS is used: `DNS_ZONE_READ`, `DNS_RECORD_UPDATE`, `DNS_ZONE_CREATE`, `DNS_VIEW_INSPECT`)
`RemoveVmFromCloudVmCluster`	`CLOUD_VM_CLUSTER_UPDATE` and `CLOUD_EXADATA_INFRASTRUCTURE_UPDATE` and (needed if Private DNS is used: `DNS_ZONE_READ`, `DNS_RECORD_UPDATE`, `DNS_ZONE_DELETE`)

Table 6-16 Cloud VM Cluster Maintenance Updates and Update History

API Operation	Permissions Required to Use the Operation
`ListCloudVmClusterUpdates`	`CLOUD_VM_CLUSTER_INSPECT`
`GetCloudVmClusterUpdate`	`CLOUD_VM_CLUSTER_INSPECT`
`ListCloudVmClusterUpdateHistoryEntries`	`CLOUD_VM_CLUSTER_INSPECT`
`GetCloudVmClusterUpdateHistoryEntry`	`CLOUD_VM_CLUSTER_INSPECT`

Table 6-17 Virtual Machines / Nodes

API Operation	Permissions Required to Use the Operation
`ListDbNodes`	`DB_NODE_INSPECT`
`GetDbNode`	`DB_NODE_INSPECT`
`DbNodeAction`	`DB_NODE_POWER_ACTIONS`

Table 6-18 Database Homes

API Operation	Permissions Required to Use the Operation
`ListDbHomes`	`DB_HOME_INSPECT`
`GetDbHome`	`DB_HOME_INSPECT`
`ListDbHomePatches`	`DB_HOME_INSPECT`
`ListDbHomePatchHistoryEntries`	`DB_HOME_INSPECT`
`GetDbHomePatch`	`DB_HOME_INSPECT`
`GetDbHomePatchHistoryEntry`	`DB_HOME_INSPECT`
`CreateDbHome`	`DB_SYSTEM_INSPECT` and `DB_SYSTEM_UPDATE` and `DB_HOME_CREATE` and `DATABASE_CREATE` To enable automatic backups for the database, also need `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`
`UpdateDbHome`	`DB_HOME_UPDATE`
`DeleteDbHome`	`DB_SYSTEM_UPDATE` and `DB_HOME_DELETE` and `DATABASE_DELETE` If automatic backups are enabled, also need `DELETE_BACKUP` If performing a final backup on termination, also need `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`

Table 6-19 Databases (CDB)

API Operation	Permissions Required to Use the Operation
`ListDatabases`	`DATABASE_INSPECT`
`GetDatabase`	`DATABASE_INSPECT`
`CreateDatabase`	`DATABASE_UPDATE` To enable automatic backups, also need `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`
`UpdateDatabase`	`DATABASE_UPDATE` To enable automatic backups, also need `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`
`DeleteDatabase`	For new resource model using VM cluster resource: `CLOUD_VM_CLUSTER_INSPECT` and `DB_HOME_UPDATE` and `DATABASE_DELETE`
`enableDatabaseManagement`	`DATABASE_INSPECT` and `DATABASE_UPDATE`
`disableDatabaseManagement`	`DATABASE_INSPECT` and `DATABASE_UPDATE`
`disableDatabaseManagement`	`DATABASE_INSPECT` and `DATABASE_UPDATE`

Table 6-20 Pluggable Databases (PBDs)

API Operation	Permissions Required to Use the Operation
`ListPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT`
`GetPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT`
`CreatePluggableDatabase`	`PLUGGABLE_DATABASE_CREATE` and `DATABASE_INSPECT` and `DATABASE_UPDATE`
`UpdatePluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`StartPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`StopPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`DeletePluggableDatabase`	`PLUGGABLE_DATABASE_DELETE` and `DATABASE_INSPECT` and `DATABASE_UPDATE`
`LocalClonePluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE` and `PLUGGABLE_DATABASE_CONTENT_READ` and `PLUGGABLE_DATABASE_CONTENT_WRITE` and `PLUGGABLE_DATABASE_CREATE` and `DATABASE_INSPECT` and `DATABASE_UPDATE`
`RemoteClonePluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE` and `PLUGGABLE_DATABASE_CONTENT_READ` and `PLUGGABLE_DATABASE_CONTENT_WRITE` and `PLUGGABLE_DATABASE_CREATE` and `DATABASE_INSPECT` and `DATABASE_UPDATE`
`enableDatabaseManagement`	`DATABASE_INSPECT` and `DATABASE_UPDATE`
`disableDatabaseManagement`	`DATABASE_INSPECT` and `DATABASE_UPDATE`
`disableDatabaseManagement`	`DATABASE_INSPECT` and `DATABASE_UPDATE`

Table 6-21 System Shapes and Database Versions

API Operation	Permissions Required to Use the Operation
`ListDbSystemShapes`	(no permissions required; available to anyone)
`ListDbVersions`	(no permissions required; available to anyone)

Table 6-22 Oracle Data Guard Associations

API Operation	Permissions Required to Use the Operation
`GetDataGuardAssociation`	`DATABASE_INSPECT`
`ListDataGuardAssociations`	`DATABASE_INSPECT`
`CreateDataGuardAssociation`	`DB_SYSTEM_UPDATE` and `DB_HOME_CREATE` and `DB_HOME_UPDATE` and `DATABASE_CREATE` and `DATABASE_UPDATE`
`SwitchoverDataGuardAssociation`	`DATABASE_UPDATE`
`FailoverDataGuardAssociation`	`DATABASE_UPDATE`
`ReinstateDataGuardAssociation`	`DATABASE_UPDATE`

Table 6-23 Backups and Database Restore

API Operation	Permissions Required to Use the Operation
`GetBackup`	`DB_BACKUP_INSPECT`
`ListBackups`	`DB_BACKUP_INSPECT`
`CreateBackup`	`DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`
`DeleteBackup`	`DB_BACKUP_DELETE` and `DB_BACKUP_INSPECT`
`RestoreDatabase`	`DB_BACKUP_INSPECT` and `DB_BACKUP_CONTENT_READ` and `DATABASE_CONTENT_WRITE`

Table 6-24 Application VIP

API Operation	Permissions Required to Use the Operation
`CreateApplicationVip`	`APPLICATION_VIP_CREATE` and `CLOUD_VM_CLUSTER_UPDATE` and `PRIVATE_IP_CREATE` and `PRIVATE_IP_ASSIGN` and `VNIC_ASSIGN` and `SUBNET_ATTACH`
`DeleteApplicationVip`	`APPLICATION_VIP_DELETE` and `CLOUD_VM_CLUSTER_UPDATE` and `PRIVATE_IP_DELETE` and `PRIVATE_IP_UNASSIGN` and `VNIC_UNASSIGN` and `SUBNET_DETACH`
`ListApplicationVips`	`APPLICATION_VIP_INSPECT`
`ListApplicationVips`	`APPLICATION_VIP_INSPECT`

Table 6-25 Serial Console Access to VM

API Operation	Permissions Required to Use the Operation
`AddVirtualMachineToVmCluster`	`VM_CLUSTER_UPDATE` and `EXADATA_INFRASTRUCTURE_UPDATE`
`RemoveVirtualMachineFromVmCluster`	`VM_CLUSTER_UPDATE` and `EXADATA_INFRASTRUCTURE_UPDATE`
`CreateDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_CREATE` and `DBNODE_CONSOLE_CONNECTION_INSPECT`
`GetDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_INSPECT`
`ListDbNodeConsoleConnections`	`DBNODE_CONSOLE_CONNECTION_INSPECT`
`DeleteDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_DELETE`
`UpdateDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_UPDATE`
`UpdateDbNode`	`DB_NODE_UPDATE`

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Pluggable Databases (PDBs)

The table below lists permissions and API operations for pluggable-databases.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`PLUGGABLE_DATABASE_INSPECT`	`ListPluggableDatabases` `GetPluggableDatabase`	`UpdatePluggableDatabase` `StartPluggableDatabase` `StopPluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase` `RefreshPluggableDatabase` `ConvertRefreshablePluggableDatabase`
inspect	`DATABASE_INSPECT`	no extra	`CreatePluggableDatabase` `DeletePluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
read	INSPECT + `PLUGGABLE_DATABASE_CONTENT_READ`	no extra	`CreatePluggableDatabase` (Additional permissions are required if auto-backups are enabled on the CDB and includes this PDB.) `UpdatePluggableDatabase` (Additional permissions are required if auto-backups are enabled on the CDB and includes this PDB.) `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
use	READ + `PLUGGABLE_DATABASE_CONTENT_WRITE`	no extra	`LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
	`PLUGGABLE_DATABASE_UPDATE`	no extra	`UpdatePluggableDatabase` `StartPluggableDatabase` `StopPluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase` `RefreshPluggableDatabase` `ConvertRefreshablePluggableDatabase`
	`DATABASE_UPDATE`	no extra	`CreatePluggableDatabase` `DeletePluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
manage	USE + `PLUGGABLE_DATABASE_CREATE`	no extra	`CreatePluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
manage	`PLUGGABLE_DATABASE_DELETE`	no extra	`DeletePluggableDatabase`

Parent topic: Details for Verb + Resource-Type Combinations

Oracle Cloud Infrastructure Documentation Try Free Tier

About Resource-Types 🔗

Resource-Types for Exadata Cloud Service Instances 🔗

Supported Variables 🔗

Details for Verb + Resource-Type Combinations 🔗

Database-Family Resource Types 🔗

Permissions and API operation details for DB Backups 🔗

Permissions and API operation details for Databases (CDBs) 🔗

Permissions and API operation details for Data Guard Association 🔗

Permissions and API operation details for DB Nodes 🔗

Permissions and API operation details for DB Homes 🔗

Permissions and API operation details for Database Software Image 🔗

exadb-vm-clusters 🔗

exascale-db-storage-vaults 🔗

Permissions and API operation details for Key Stores 🔗

Permissions Required for Each API Operation 🔗

Permissions and API operation details for Pluggable Databases (PDBs) 🔗

Oracle Cloud Infrastructure Documentation
Try Free Tier

About Resource-Types

Resource-Types for Exadata Cloud Service Instances

Supported Variables

Details for Verb + Resource-Type Combinations

Database-Family Resource Types

Permissions and API operation details for DB Backups

Permissions and API operation details for Databases (CDBs)

Permissions and API operation details for Data Guard Association

Permissions and API operation details for DB Nodes

Permissions and API operation details for DB Homes

Permissions and API operation details for Database Software Image

exadb-vm-clusters

exascale-db-storage-vaults

Permissions and API operation details for Key Stores

Permissions Required for Each API Operation

Permissions and API operation details for Pluggable Databases (PDBs)