Oracle Database Service for Azureに対するOracle Cloud Infrastructure IAMポリシー・ステートメント
このトピックでは、OracleDB for Azureを介してプロビジョニングされたOCIデータベース・リソース上の通常のOCIコンソールで、Azureユーザーが操作を実行するOracleDBのOCI IAMポリシー・ステートメントの例を示します。
「作成」操作は、AzureコンソールのOracleDBを使用してAzureデータベース・リソースに対してOracleDBを作成する必要があるため、これらのポリシーから除外されることに注意してください。OracleDB for Azureで作成されたリソースは、関連付けられたAzureアカウントおよびサブスクリプションに自動的にリンクされます。
Azureユーザー・グループのOracleDBの詳細は、次のトピックを参照してください:
- OracleDB for Azureデータベース・リソースのAzureユーザー・グループ
- Azure User Groups for OracleDB for Azure Networking、Cost ManagementおよびSupport Requests
odsa-db-family-administrators
ポリシー・ステートメント:
Allow group odsa-db-family-administrators to manage database-family in compartment <odsa_compartment_name>
where all {request.operation != CreateAutonomousContainerDatabase,
request.operation != CreateAutonomousDatabase,
request.operation != CreateAutonomousDatabaseBackup,
request.operation != CreateAutonomousVmCluster,
request.operation != CreateBackup,
request.operation != CreateBackupDestination,
request.operation != CreateCloudAutonomousVmCluster,
request.operation != CreateCloudExadataInfrastructure,
request.operation != CreateCloudVmCluster,
request.operation != CreateDatabase,
request.operation != CreateDatabaseSoftwareImage,
request.operation != CreateDbHome,
request.operation != CreateExadataInfrastructure,
request.operation != CreateExternalBackupJob,
request.operation != CreateExternalContainerDatabase,
request.operation != CreateExternalDatabaseConnector,
request.operation != CreateExternalPluggableDatabase,
request.operation != CreatePluggableDatabase,
request.operation != CreateVmCluster,
request.operation != CreateVmClusterNetwork}
odsa-exa-infra-administrators
ポリシー・ステートメント:
Allow group odsa-exa-infra-administrators to manage cloud-exadata-infrastructures in compartment <odsa_compartment_name>
where request.operation != CreateCloudExadataInfrastructure
Allow group odsa-exa-infra-administrators to manage cloud-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudVmCluster
Allow group odsa-exa-infra-administrators to manage cloud-autonomous-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudAutonomousVmCluster
Allow group odsa-exa-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>
odsa-exa-cdb-administrators
ポリシー・ステートメント:
Allow group odsa-exa-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-exa-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-exa-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>
odsa-exa-pdb-administrators
ポリシー・ステートメント:
Allow group odsa-exa-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabase
odsa-basedb-infra-administrators
ポリシー・ステートメント:
Allow group odsa-basedb-infra-administrators to manage db-systems in compartment <odsa_compartment_name>
where request.operation != LaunchDbSystem
Allow group odsa-basedb-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>
odsa-basedb-cdb-administrators
ポリシー・ステートメント:
Allow group odsa-basedb-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-basedb-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-basedb-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>
odsa-basedb-pdb-administrators
ポリシー・ステートメント:
Allow group odsa-basedb-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabase
odsa-adbs-db-administrators
ポリシー・ステートメント:
Allow group odsa-adbs-db-administrators to manage autonomous-databases in compartment <odsa_compartment_name>
where request.operation != CreateAutonomousDatabase
Allow group odsa-adbs-db-administrators to manage autonomous-database-backups in compartment <odsa_compartment_name>
odsa-mysql-infra-administrator
ポリシー・ステートメント:
Allow group odsa-mysql-infra-administrators to manage mysql-instances in compartment <Cloudlink-Compartment>
where request.operation != CreateDbSystem
Allow group odsa-mysql-infra-administrators to manage mysql-configurations in compartment <Cloudlink-Compartment>
where request.operation != CreateConfiguration
Allow group odsa-mysql-infra-administrators to manage mysql-backups in compartment <Cloudlink-Compartment>
where request.operation != DbSystemBackup
Allow group odsa-mysql-infra-administrators to manage mysql-channels in compartment <Cloudlink-Compartment>
where request.operation != CreateChannel
Allow group odsa-mysql-infra-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveCluster
odsa-mysql-heatwave管理者
ポリシー・ステートメント:
Allow group odsa-mysql-heatwave-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveCluster
odsa-network-administrators
ポリシー・ステートメント:
Allow odsa-network-administrators to manage virtual-network-family in compartment <odsa_compartment_name>
odsa-costmgmt-administrators
ポリシー・ステートメント:
Allow group odsa-costmgmt-administrators to manage usage-report in tenancy
odsa-costmgmt-readers
ポリシー・ステートメント:
Allow group odsa-costmgmt-readers to read usage-report in tenancy