| 1 |
Create a compartment named
dbtools-mcp.
|
Create a
Compartment |
| 2 |
Create an IAM domain named
dbtools-mcp.
|
Create an Identity
Domain |
| 3 |
Create an Autonomous AI Database named
dbtoolsmcp in the dbtools-mcp
compartment.
|
Provision an
Autonomous AI Database Instance |
| 4 |
Create a vault and key in the
dbtools-mcp compartment.
|
Creating a
Vault
Create a Master
Encryption Key
|
| 5 |
Create a Database Connection. |
Create a Database Connection |
| 6 |
Create an MCP Server. |
Create a Database Tools MCP Server |
| 7 |
Configure IAM Domain Roles. |
Setup IAM Domain Roles |
| 8 |
Create a policy named dbtools-mcp in
the root compartment.
|
Creating a
Policy For the MCP Server with Runtime
Identity set to Resource Principal, use the
following policy
statements:
allow group 'dbtools-mcp'/'MCP_All_Users' to use database-tools-mcp-servers-invocation in compartment dbtools-mcp
allow any-user to use database-tools-connections in compartment dbtools-mcp where request.principal.id = 'ocid1.databasetoolsmcpserver.oc1.phx.xxxx'
allow any-user to use database-tools-runtime-work-requests in compartment dbtools-mcp where request.principal.id = 'ocid1.databasetoolsmcpserver.oc1.phx.xxxx'
allow any-user to read secret-bundles in compartment dbtools-mcp where request.principal.id = 'ocid1.databasetoolsmcpserver.oc1.phx.xxxx'
allow any-user to use buckets in compartment dbtools-mcp where request.principal.id = 'ocid1.databasetoolsmcpserver.oc1.phx.xxxx'
allow any-user to manage objects in compartment dbtools-mcp where request.principal.id = 'ocid1.databasetoolsmcpserver.oc1.phx.xxxx'
allow any-user to manage generative-ai-nl2sql in compartment dbtools-mcp where request.principal.id = 'ocid1.databasetoolsmcpserver.oc1.phx.xxxx'
For the MCP Server with Runtime Identity set
to Authenticated Principal, use the following policy
statements:
allow group 'dbtools-mcp'/'MCP_All_Users' to use database-tools-mcp-servers-invocation in compartment dbtools-mcp
allow group 'dbtools-mcp'/'MCP_All_Users' to use database-connections in compartment dbtools-mcp
allow group 'dbtools-mcp'/'MCP_All_Users' to use database-tools-connections in compartment dbtools-mcp
allow group 'dbtools-mcp'/'MCP_All_Users' to use database-tools-runtime-work-requests in compartment dbtools-mcp
allow group 'dbtools-mcp'/'MCP_All_Users' to read secret-bundles in compartment dbtools-mcp
allow group 'dbtools-mcp'/'MCP_All_Users' to use buckets in compartment dbtools-mcp
allow group 'dbtools-mcp'/'MCP_All_Users' to manage objects in compartment dbtools-mcp
allow group 'dbtools-mcp'/'MCP_All_Users' to manage generative-ai-nl2sql in compartment dbtools-mcp
See
Policies for MCP Server for more information.
|
| |
For Token-based authentication, create a policy to enable IAM
authentication and create database users. |
-
Create a policy to enable MCP users to use
IAM Authentication.
allow group 'dbtools-mcp'/'MCP_All_Users' to use database-connections in compartment dbtools-mcp
-
Create Database Users (global schemas) using
the SQL Worksheet.
-- Global schema with exclusive mapping
CREATE USER scott IDENTIFIED GLOBALLY AS 'IAM_PRINCIPAL_NAME=dbtools-mcp/scott@example.com';
-- Global schema with shared mapping
CREATE USER mcp_users IDENTIFIED GLOBALLY AS 'IAM_GROUP_NAME=dbtools-mcp/MCP_Users';
|
| 9 |
Create an MCP Toolset. |
Create an MCP Toolset |
| 10 |
Register an MCP Client. |
Registering an MCP Client |
| 11 |
Connect to the MCP Server using a Personal Access
Token or Token-Based Authentication. |
Connect to the MCP Server Using a Personal Access Token
Connect to the MCP Server Using Token-Based Authentication
|