Policies

Define Policy for a Dynamic Group

For Database Tools connections to access vault secrets, you must define a policy which allows a dynamic group (that contains the Database Tools connections) to access the connection secrets in the vault.

For example, the following policy grants read-only access to all connections in the hr-connection-dynamic-group dynamic group to read secrets in the hr compartment.

allow dynamic-group hr-connection-dynamic-group to read secret-family in compartment hr

Define Policy for a Resource

Instead of using a dynamic group, you can also include a reference to the resource directly in the policy statement. For example, the following policy grants read-only access to the specified connection in the hr compartment to read secrets.

allow any-user to read secret-family in compartment hr where any { request.principal.id = 'ocid1.databasetoolsconnection.oc1...' }

For more information, see For Oracle Database Connections.