Additional Permissions Required to Use Database Management for Autonomous Databases
To use Database Management for Autonomous Databases, the following Oracle Cloud Infrastructure service permissions are required in addition to Database Management permissions.
- Autonomous Database permission: An
Autonomous Database permission is required to view the total number of Autonomous
Databases in the selected compartment on the Oracle databases
tile on the Database Management Overview page and to retrieve
data from the Autonomous Databases and display it on the Oracle Database
fleet summary and Managed database details
pages:
To grant this permission, a policy with the
manage
verb and the Autonomous Database resource-types must be created. Here's an example in which theautonomous-database-family
aggregate resource-type is used:Allow group DB-MGMT-USER to manage autonomous-database-family in compartment ABC
Note
Alternatively, you can create the following policy to grant a user group the permission to view the total number of Oracle Databases, which include Autonomous Databases, External Databases, and Oracle Cloud Databases in the compartment, on the Oracle databases tile.Allow group DB-MGMT-USER to {DATABASE_SERVICE_USAGE_INSPECT} in compartment ABC
For more information on the Autonomous Database resource-types and permissions, see Details for Autonomous Database Serverless and Details for Autonomous Database on Dedicated Exadata Infrastructure.
- Monitoring service permissions: Monitoring
service permissions are required to:
- View database metrics on the Oracle Database fleet summary and Managed database details pages.
- View database performance data in Oracle-defined dashboards and use Monitoring service metrics to create widgets.
- View open database alarms in Database Management.
- Perform alarm-related tasks in the Alarm definitions section on the Managed database details page.
Here's information on the policies that provide the permissions required to perform the tasks given in the preceding list:
- To view database performance data in Database Management and use Monitoring service metrics to create
widgets, a policy with the
read
verb for themetrics
resource-type must be created. Here's an example:Allow group DB-MGMT-USER to read metrics in compartment ABC
- To view the open database alarms in Database Management and the Alarm Status
and Alarm Definitions pages of the Monitoring
service, a policy with the
read
verb for thealarms
resource-type must be created (in addition to a policy with theread
verb for themetrics
resource-type). Here's an example:Allow group DB-MGMT-USER to read alarms in compartment ABC
- To perform alarm-related tasks in the Alarm
definitions section on the Managed database
details page, a policy with the
manage
verb for thealarms
resource-type must be created (in addition to a policy with theread
verb for themetrics
resource-type). Here's an example:Allow group DB-MGMT-USER to manage alarms in compartment ABC
To build queries and create alarms for database metrics using the Monitoring service, other permissions are required. For information on:
-
Monitoring service resource-types and permissions, see Details for Monitoring.
-
Common Monitoring service policies, see Common Policies.
- Notifications service permission: A Notifications service
permission is required to use or create topics and subscriptions when creating
alarms in the Alarm definitions section on the
Managed database details page.
To grant this permission, a policy with the
use
ormanage
verb for theons-topics
resource-type must be created (in addition to Monitoring service permissions). Here's an example of a policy with themanage
verb that allows you to create a new topic when creating an alarm:Allow group DB-MGMT-USER to manage ons-topics in compartment ABC
For more information on the Notifications service resource-types and permissions, see Details for Notifications.
- Management Dashboard permissions: Management Dashboard
permissions are required to use dashboards for the Autonomous Databases being
monitored by Database Management.
To perform tasks such as creating a dashboard or a widget, you must have the required permissions on the Management Dashboard resource-types:
management-dashboard
: This resource-type allows a user group to use dashboards.management-saved-search
: This resource-type allows a user group to use the saved searches in a dashboard.
For more information on the Management Dashboard resource-types, permissions, API operations, and examples of policies, see Details for Management Dashboard.
- Tagging service permissions: For information on the permissions required to use tags in Database Management, see Tagging Authentication and Authorization.