Oracle Cloud Infrastructure Documentation

Required IAM Policies

Each service in OCI integrates with Oracle Cloud Infrastructure Identity and Access Management (IAM) for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

An administrator in your organization needs to set up groups, compartments, and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.

If you are a regular user (not an OCI tenancy administrator) who needs to use the OCI resources that your company owns, contact your tenancy administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.

To use all the Database Tools features, you must have the following permissions:

  • Manage Database Tools Service
  • Manage Vaults
  • Manage Virtual Cloud Networks
  • Manage Oracle Databases, Autonomous Database Services, or MySQL Databases
  • Manage Secrets
  • Manage Keys

Here are some example policies to grant these administrative permissions to a group called DatabaseToolsConnectionAdministrators for a compartment called MyCompartment:

  • For Oracle Databases

    allow group DatabaseToolsConnectionAdministrators to manage virtual-network-family in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage database-family in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage autonomous-database-family in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage vaults in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage secret-family in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage database-tools-family in compartment MyCompartment

  • For MySQL Databases

    allow group DatabaseToolsConnectionAdministrators to manage virtual-network-family in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage mysql-family in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage vaults in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage secret-family in compartment MyCompartment
allow group DatabaseToolsConnectionAdministrators to manage database-tools-family in compartment MyCompartment

See Database Tools Policies for detailed policy information and more examples.