Oracle Cloud Infrastructure Documentation
Try Free Tier

Managing Access Requests with Operator Access Control

Learn how to manage Oracle operator access requests to your Oracle Cloud@Customer Infrastructure and Compute Cloud@Customer dedicated infrastructure using Operator Access Control.

  • State of an Access Request
    Review the list of states in which an Oracle operator access request can be listed in a status check.
  • View the List of Access Requests
    When you receive a notice of an operator access request, you can view the list of all access requests by compartment, and accept or reject an access request.
  • Filter Access Requests by State
    To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the workflow state of the request.
  • Filter Access Requests by Resource Type
    To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the resource type of the request.
  • Approve Access Request
    When you approve an access request, you permit access, enable or disable keyboard logging, and provide comments for the action as needed.
  • Review Access Request
    To review and acknowledge a Raised Oracle Operator Access Request, use this procedure.
  • Request Access for a Future Date and Time
    When you submit an Access Request, you can schedule a future date and time for accessing resources.
  • Gather More Information About an Access Request
    If you need clarification of the information in the Access Request for you to approve the Access Request, you can use Operator Access Control to send questions to the Oracle operators working on the Access Request. Oracle operators will answer your question through Operator Access Control interfaces, and you can ask further clarifying questions to get the details you need. To ask for further clarification of details in the Access Request, use the following procedure:
  • Download Operator Activity Audit Log Report
    To download audit log reports in HTML format, which contains Operator Activity including the commands and keystrokes entered by the operators, use this procedure.
  • Reject Access Request
    To reject an Oracle Operator Access Request that you have previously granted, use this procedure.
  • Revoke Access Request
    To revoke access to your tenancy after you have granted access, complete this procedure.
  • Approve Extension Request
    When you receive an extension request, you approve an extended duration for the system access.
  • Reject Extension Request
    If you receive an Oracle Operator access extension request that you want to reject, then use this procedure.

State of an Access Request

Review the list of states in which an Oracle operator access request can be listed in a status check.

Table 3-1 States of an Access Request

State Description

RAISED

Operator has submitted an access request, and the approver or the system has not taken any action on the request.

IN-PROCESS

The system is processing the last action taken on the access request.

APPROVED

Approver has approved the access request.

PRE-APPROVED

The system has automatically approved the access request.
EXTENSION REQUESTED

Operator requests an extension of the period of the access request to have sufficient additional time for one or more operators to complete the task.

REJECTED

Approver has rejected the access request.
REVOKED

Approver has revoked the approval on a request. Any operator that may have been accessing the system have been disconnected from the system. No new actions can be taken on the request.
COMPLETED

The maintenance work for which the system access was requested is completed.

EXPIRED

Access request approval time period has expired. The operator cannot access the system without raising and obtaining approval for a new access request.

FAILED TO CLOSE

The system could not close an open access request. The close could have been triggered by REVOKE / COMPLETE / EXPIRE. Contact Oracle support.

View the List of Access Requests

When you receive a notice of an operator access request, you can view the list of all access requests by compartment, and accept or reject an access request.

You can Approve, Reject, Approve Extension, Reject Extension, and Revoke access requests.

  1. Log in to your Oracle Cloud Infrastructure tenancy.

  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.
  3. Click Access Requests.

Requests are listed by request ID. The Resource Name column displays the resource for which the request was raised. The Resource Type column displays the type of the resource (Autonomous Exadata VM Cluster, Exadata Infrastructure). The State column lists the status of a request (Raised, In Review, Approved for future, Approved, In-Process, Pre-Approved, Extension Requested, Rejected, Revoked, Completed, Expired, Failed to Close). The Requested column displays the date and time of the request.

The Severity column displays the severity level (Severity 1 - Complete loss of service for mission-critical operations where work cannot reasonably continue, Severity 2 - Significant or degraded loss of service or resources, Severity 3 - Minor loss of services or resources, Severity 4 - No work being impeded at the time - information is requested or reported) set by the operator. The Access Request Reason column displays the reason for the operator request for system access. To view individual requests, you can click a request ID.

Filter Access Requests by State

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the workflow state of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.
  3. Click Access Requests.
  4. Under Filters, select an Action Request state from the list.

    You can perform actions based on the state of the Access Request.

    Table 3-2 Actions on Access Requests

    Access Request State Allowed Action

    Raised

    Approve, In-Review, or Reject.

    In Review

    Approve or Reject.

    Approved for future

    Approve or Reject.

    Approved

    Revoke

    In-Process

    No actions.

    Pre-Approved

    Revoke

    Extension Requested

    Approve Extension, Reject Extension, or Revoke.

    Rejected

    No actions.

    Revoked

    No actions.

    Completed

    No actions.

    Expired

    No actions.

    Failed to Close

    No actions.

Filter Access Requests by Resource Type

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the resource type of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.
  3. Click Access Requests.
  4. Under Filters, select a Resource Type from the list.

Approve Access Request

When you approve an access request, you permit access, enable or disable keyboard logging, and provide comments for the action as needed.

Note

If the user reviewing access requests is not a member of the Administrator User Group for a compartment, or a member of an identity and access management (IAM) user group specifically granted permissions to approve or revoke access on that compartment, then that user must be granted the privileges inspect identity-providers, inspect groups, and inspect users on the compartment before that user can approve or reject access requests.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.
  3. Click Access Requests.
  4. Under Filters, select Raised from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to approve.

    You can also select the request and click Actions to Approve the access request.

    Note

    If you have not configured notifications, then a warning banner is displayed.
    1. Click Configure.

      Configure notifications dialog is displayed.

    2. In the Configure notifications dialog, enter valid email addresses, and then click Create.
  6. In the Request ID page, click Approve.
  7. In the Approve Access Request page, do the following:
    1. To enable keyboard logging, click the box next to that option.
    2. In the comments field, enter additional comments or instructions you want to provide to the operator.
    3. Enter an approval comment.
    4. Under Approval Time, select either Approve Now or Approve Later. If you choose to approve later, then select a timezone, UTC, or Browser Timezone, and then select date and time from the calendar control.
  8. Click Approve.

    In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Review Access Request

To review and acknowledge a Raised Oracle Operator Access Request, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.

  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.

  3. Click Access Requests.

  4. Under Filters, select Raised from the drop-down list.

  5. From the list of Access Requests, click the name of the request that you want to reject.

    You can also click Action next to the request, and reject the access request.

  6. In the Request ID page, click In Review.

  7. In the Review Access Request dialog, enter a comment.
  8. Click In Review.

Request Access for a Future Date and Time

When you submit an Access Request, you can schedule a future date and time for accessing resources.

The Access Request details page shows the scheduled date and time. Even if your request moves to the Approved state, you can access resources only at the scheduled date and time.

Gather More Information About an Access Request

If you need clarification of the information in the Access Request for you to approve the Access Request, you can use Operator Access Control to send questions to the Oracle operators working on the Access Request. Oracle operators will answer your question through Operator Access Control interfaces, and you can ask further clarifying questions to get the details you need. To ask for further clarification of details in the Access Request, use the following procedure:

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.
  3. Click Access Requests.
  4. Under Filters, for example, select Raised from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to get clarified.
  6. In the Request ID page, click the Operator Interaction tab.
  7. Post your message and click Send.

Download Operator Activity Audit Log Report

To download audit log reports in HTML format, which contains Operator Activity including the commands and keystrokes entered by the operators, use this procedure.

Note

Audit reports are generated automatically or updated periodically.

Audit log reports contain information about the commands and keystrokes entered by operators per session in human-decipherable HTML format. You can download the audit log report for any access that an operator has utilized to access your Exadata infrastructure. The audit log report will be available only if the operator has utilized it to log in to the infrastructure. After the audit log report is generated, it will be available for one year for the customers to download.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.
  3. Click Access Requests.
  4. From the list of access requests, identify the Access Request for which you want the audit log report, then click it.
  5. On the access request details page, click Download Audit Report.

Reject Access Request

To reject an Oracle Operator Access Request that you have previously granted, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.

  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.

  3. Click Access Requests.

  4. Under Filters, select Raised from the drop-down list.

  5. From the list of Access Requests, click the name of the request that you want to reject.

    You can also click Action next to the request, and reject the access request.

  6. In the Request ID page, click Reject.

  7. In the Reject Access Request dialog, enter a reason for rejecting the request.

  8. Click Reject.

Revoke Access Request

To revoke access to your tenancy after you have granted access, complete this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.

  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.

  3. Click Access Requests.

  4. Under Filters, select Pre-Approved from the drop-down list.

  5. From the list of Access Requests, click the name of the request that you want to revoke.

    You can also click Action to revoke the access request.

  6. In the Request ID page, click Revoke.

  7. In the Revoke Access Request dialog, enter the explanation for revoking access in the comment field.

  8. Click Revoke.

Approve Extension Request

When you receive an extension request, you approve an extended duration for the system access.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.
  3. Click Access Requests.
  4. Under Filters, select Extension Requested from the drop-down list.
  5. From the list of Access Requests, click the name of the request that you want to extend duration.

    You can also click the action button to Approve Extension.

  6. In the Request ID page, click Approve Extension.
  7. In the Approve Extension Request page, do the following:
    1. Enter additional comments you want to provide to the operator.
    2. Enter an approval comment.
  8. Click Approve Extension.

    In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Reject Extension Request

If you receive an Oracle Operator access extension request that you want to reject, then use this procedure.

Operator Control access expires when an already approved duration elapses. If the Oracle Operator requests an extension to the duration you approved for access to your infrastructure, and this request is not acceptable, based on your service commitments, or for any other reason, then you can reject that access request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.

  2. Open the navigation menu. Under Oracle Database, click Operator Access Control.

  3. Click Access Requests.

  4. Under Filters, select Extension Requested from the list.

  5. From the list of Access Requests, click the name of the request for which you want to reject the extension.

    You can also click Action and select Reject Extension.

  6. In the Request ID page, click Reject Extension.

  7. In the Reject Extension Request page, in the comment field, enter your reason for rejecting the extension request.

  8. Click Reject Extension.

Was this article helpful?