Database Tools is a managed service in Oracle Cloud Infrastructure (OCI) that enables you to create connections to any Oracle or MySQL Database service in OCI that can be reused by multiple users, resources and services. The database connections can then be used with the SQL Worksheet to provide direct SQL access to those databases. Sensitive information such as passwords and Autonomous Database client credentials (wallet files) are stored securely and encrypted in your OCI vault.
Creating database connections is simple using the guided database connection builder user interface. Select the OCI database type (Oracle Autonomous Database, Oracle Database (Bare Metal, VM, Exadata), MySQL Database, and Oracle Exadata on Oracle Public Cloud) and the innovative connection build automatically discovers databases you have access to and assists in creating the connection. Database credentials are stored in the OCI vault and retrieved only when accessing the database. If the credentials change, you can quickly and easily update them in the vault, minimizing any interruptions.
The SQL Worksheet allows you to interact with any Database Tools database connection you have access to in one location. You do not need to search for connection details or use multiple web apps to access different databases. You use a single select list on the SQL Worksheet.
Database Tools Resources
Use Database Tools to create, manage, and use the following resources:
Connections are resources that contain the necessary information for accessing an Oracle Database or MySQL Database in OCI. Connections are created by simply providing information about where the database is and what type it is (Autonomous Database, DB system database, MySQL database, or Exadata VM cluster database). The connection also contains the user used to access the database and the location of the password that is stored in the OCI vault. Other connection details include database role (for example, SYSDBA) and if the connection uses a private endpoint.
The SQL Worksheet utilizes the connection you create with the service to provide you the ability to run SQL commands and scripts from the OCI Console. Scripts used in the SQL Worksheet can reside in either OCI Object Storage or on your local drive. Using the Connection selection menu, you can change the connection that the SQL Worksheet is using instantly.
Private endpoints provide network access from the Database Tools service to a database through your virtual cloud network (VCN).
Required IAM Policies
Each service in OCI integrates with Oracle Cloud Infrastructure Identity and Access Management (IAM) for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up groups, compartments, and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.
If you are a regular user (not an OCI tenancy administrator) who needs to use the OCI resources that your company owns, contact your tenancy administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.
To use all the Database Tools features, you must have the following permissions:
- Manage Database Tools Service
- Manage Vaults
- Manage Virtual Cloud Networks
- Manage Oracle Databases, Autonomous Database Services, or MySQL Databases
- Manage Secrets
- Manage Keys
Example administrative policy for:
allow group toolsConnectionAdmin to manage virtual-network-family in compartment in tenancy allow group toolsConnectionAdmin to manage database-family in compartment in tenancy allow group toolsConnectionAdmin to manage autonomous-database-family in compartment in tenancy allow group toolsConnectionAdmin to manage vaults in compartment in tenancy allow group toolsConnectionAdmin to manage secret-family in compartment in tenancy allow group toolsConnectionAdmin to manage database-tools-family in compartment in tenancy
allow group toolsConnectionAdmin to manage virtual-network-family in compartment in tenancy allow group toolsConnectionAdmin to manage mysql-family in compartment in tenancy allow group toolsConnectionAdmin to manage vaults in compartment in tenancy allow group toolsConnectionAdmin to manage secret-family in compartment in tenancy allow group toolsConnectionAdmin to manage database-tools-family in compartment in tenancy
See Database Tools Policies for detailed policy information and more examples.