Exadata Database Service on Cloud@Customer Service Permissions

• User policies:

  • allow group {name} to read database-family in compartment {compartment}

  • allow group {name} to read dbmgmt-family in compartment {compartment}

    Note
    
    This compartment should be the highest level compartment where Exadata-related resources are located; this policy can also be written at a tenancy-level.

  • allow group {group} to read secret-family in compartment {compartment} where any { target.vault.id = 'VaultOCID' }

• OPSI policies:

  • allow any-user to read secret-family in tenancy where ALL{request.principal.type='opsidatabaseinsight',target.vault.id = 'VaultOCID'}

  • Allow any-user to read database-family in compartment {compartment} where ALL{request.principal.type = 'opsiexadatainsight'}

For more information on specific Exadata Database Service on Cloud@Customer service resource-types and permissions, see Details for Exadata Cloud Service Instances.

Exadata Database Service on Cloud@Customer Service Prerequisites

• If a Management Agent is not installed, then you must first install one. For information on how to install a Management Agent on Exadata Cloud to enable Database Management, see Observability & Management Support For Exadata Cloud (Doc ID 3015115.1) in My Oracle Support. For additional information on installing Management Agents see Install Management Agents.
• Ensure Management Agent version is the latest, the required agent version must be 240904.0110 or higher.
• Review securing data recommendations: Secure on-premises observability data upload using Management Gateway.
• Ensure a database monitoring user is created, for a complete list of cloud database prerequisites see: Oracle Cloud Database-related Prerequisites