Oracle Cloud Infrastructure Documentation

Manage Access Requests

Learn how to manage Delegated Resource Access Requests to your Oracle Exadata Database Service on Cloud@Customer and Oracle Exadata Database Service on Dedicated Infrastructure using Delegation Control.

  • State of an Access Request
    Review the list of states in which an Service Provider operator access request can be listed in a status check.
  • View the List of Access Requests
    When you receive a notice of an Delegated Resource Access Requests, you can view the list of all access requests by compartment, and accept or reject an access request.
  • Filter Access Requests by State
    To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the workflow state of the request.
  • Filter Access Requests by Resource Name or Resource Type
    To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the resource type of the request.
  • Approve Access Request
    When you approve an access request, you permit access, enable or disable keyboard logging, and provide comments for the action as needed.
  • Request Access for a Future Date and Time
    When the operator submits an Access Request, you can schedule a future date and time for accessing resources. The operator can request access for a future time instead of immediate access. Additionally, the customer can approve a later time than the one requested by the operator.
  • Gather More Information About an Access Request
    If you need clarification of the information in the Access Request for you to approve the Access Request, you can use Delegate Access Control to send questions to the Service Provider operators working on the Access Request.
  • Download Operator Activity Audit Log Report
    To download audit log reports in HTML format, which contains Operator Activity including the commands and keystrokes entered by the operators, use this procedure.
  • Reject Access Request
    To reject an Access Request that you have previously granted, use this procedure.
  • Revoke Access Request
    To revoke access to your tenancy after you have granted access, complete this procedure.
  • Approve Extension Request
    When you receive an extension request, you approve an extended duration for the system access.
  • Reject Extension Request
    If you receive an access extension request that you want to reject, then use this procedure.

State of an Access Request

Review the list of states in which an Service Provider operator access request can be listed in a status check.

State Description
RAISED Operator has submitted an access request, and the approver or the system has not taken any action on the request.
IN-PROCESS The system is processing the last action taken on the access request.
APPROVED Approver has approved the access request.
PRE-APPROVED The system has automatically approved the access request.
APPROVED FOR FUTURE Approver has approved the access request for a future time.
EXTENSION REQUESTED Operator requests an extension of the period of the access request to have sufficient additional time for one or more operators to complete the task.
EXTENSION REJECTED Approver has rejected the extension request for the access request.
EXTENSION APPROVED Approver has approved the extension request for the access request.
REJECTED Approver has rejected the access request.
REVOKED Approver has revoked the approval of a request. Any operator that may have been accessing the system has been disconnected from the system. No new actions can be taken on the request.
COMPLETED The maintenance work for which the system access was requested is completed.
EXPIRED Access request approval time period has expired. The operator cannot access the system without raising and obtaining approval for a new access request.
FAILED TO CLOSE The system could not close an open access request. The close could have been triggered by REVOKE / COMPLETE / EXPIRE. Contact Oracle support.
FAILED TO DEPLOY The system failed to create a temporary user on the resource. Contact Oracle support.

Parent topic: Manage Access Requests

View the List of Access Requests

When you receive a notice of an Delegated Resource Access Requests, you can view the list of all access requests by compartment, and accept or reject an access request.

You can Approve, Reject, Approve Extension, Reject Extension, and Revoke access requests.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.

Requests are listed by their Request IDs. The Resource Name column displays the name of the resource for which the request was raised, while the Resource Type column indicates the type of resource (for example, Autonomous Exadata VM Cluster or Exadata Infrastructure).

The Request Status column shows the current status of each request. The Duration column specifies the duration of access in hours. The Created column displays the date and time when the request was submitted.

The Severity column displays the severity level set by the operator.

  • Severity 1 — Critical

    Complete loss of service for mission-critical operations, where work cannot reasonably continue until the issue is resolved. Immediate attention is required.

  • Severity 2 — High

    Significant or degraded loss of service or resources that impacts business operations. The issue needs prompt attention to restore normal functionality.

  • Severity 3 — Medium

    Minor loss or degradation of services or resources with limited operational impact. Work can continue with minimal disruption.

  • Severity 4 — Low

    No work is being impeded at the time. The report is informational in nature, or assistance is requested for a non-urgent matter.

    The Access Request Reason column displays the reason provided by the operator for requesting system access. To view details of an individual request, click the corresponding Request ID.

Parent topic: Manage Access Requests

Filter Access Requests by State

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the workflow state of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, you can filter Action Requests by Request ID, Request Status, Resource Name, Resource Type, Requested, Created, Severity, Duration (hours), or Access Request Reason.

    You can perform actions based on the state of the Access Request.

    Access Request State Allowed Action
    Raised Approve or Reject.
    Approved for future Approve or Reject.
    Approved Revoke
    In-Process No actions.
    Pre-Approved Revoke
    Extension Requested Approve Extension, Reject Extension, or Revoke
    Extension Rejected No actions.
    Extension Approved No actions.
    Rejected No actions.
    Revoked No actions.
    Completed No actions.
    Expired No actions.
    Failed to Close No actions.
    Failed to Deploy No actions.
  5. From the list of Access Requests, click the request ID of the request that you want to view details.

Parent topic: Manage Access Requests

Filter Access Requests by Resource Name or Resource Type

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the resource type of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Resource Name or Resource Type from the list.
    • Resource Name:

      Enter the name of the resource, and the click Apply Filter.

    • Resource Type:

      Select the one or more resource types, and then click Apply Filter.

Parent topic: Manage Access Requests

Approve Access Request

When you approve an access request, you permit access, enable or disable keyboard logging, and provide comments for the action as needed.

Note

The user who approves, reject, revoke, or request more information about access request needs to be in the Administrators group or a user group which has DELEGATED_RESOURCE_ACCESS_REQUEST_UPDATE permission in the compartment based on IAM policy.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Raised from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to approve.
    Note

    If you have not configured notifications, then a warning banner is displayed.

    1. Click Configure.

      Configure notifications dialog is displayed.

    2. In the Configure notifications dialog, enter valid email addresses, and then click Create.
  6. On the Request ID page, click Approve.
  7. On the Approve Access Request page, do the following:
    1. Enter an approval comment.
    2. Enter an additional message to the operator.
    3. Under Approval Time, select either Approve Now or Approve Later. If you choose to approve later, then select a timezone, UTC, or Browser Timezone, and then select date and time from the calendar control.
  8. Click Approve.

In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Parent topic: Manage Access Requests

Request Access for a Future Date and Time

When the operator submits an Access Request, you can schedule a future date and time for accessing resources. The operator can request access for a future time instead of immediate access. Additionally, the customer can approve a later time than the one requested by the operator.

The Access Request details page shows the scheduled date and time. Even if your request moves to the Approved state, you can access resources only at the scheduled date and time.

Parent topic: Manage Access Requests

Gather More Information About an Access Request

If you need clarification of the information in the Access Request for you to approve the Access Request, you can use Delegate Access Control to send questions to the Service Provider operators working on the Access Request.

Service Provider operators will answer your question through Delegate Access Control interfaces, and you can ask further clarifying questions to get the details you need. To ask for further clarification of details in the Access Request, use the following procedure:
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, for example, select Raised from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to get clarified.
  6. In the Request ID page, click the Service Provider Interaction tab.
  7. In the Search and Filter field, filter by User, Time, or Message.
  8. Click Ask service provider.
  9. Post your message and click Create.

Parent topic: Manage Access Requests

Download Operator Activity Audit Log Report

To download audit log reports in HTML format, which contains Operator Activity including the commands and keystrokes entered by the operators, use this procedure.

Note

Audit reports are generated automatically or updated periodically.

Audit log reports contain information about the commands and keystrokes entered by operators per session in human-decipherable HTML format. You can download the audit log report for any access that an operator has utilized to access your Exadata infrastructure. The audit log report will be available only if the operator has utilized it to log in to the infrastructure. After the audit log report is generated, it will be available for one year for the customers to download.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.
  4. From the list of access requests, identify the Access Request for which you want the audit log report, then click it.
  5. On the access request details page, click Actions, and then select Download Audit Report.

Parent topic: Manage Access Requests

Reject Access Request

To reject an Access Request that you have previously granted, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Raised from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to reject.
  6. On the Request ID page, click Actions, and the click Reject.
  7. On the Reject Access Request dialog, enter a reason for rejecting the request.
  8. Click Reject.

Parent topic: Manage Access Requests

Revoke Access Request

To revoke access to your tenancy after you have granted access, complete this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Pre-Approved from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to revoke.
  6. On the Request ID page, click Actions, and then click Revoke.
  7. On the Revoke Access Request dialog, enter the explanation for revoking access in the comment field.
  8. Click Revoke.

Parent topic: Manage Access Requests

Approve Extension Request

When you receive an extension request, you approve an extended duration for the system access.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Extension Requested from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to extend the duration.
  6. On the Request ID page, click Actions, and then click Approve Extension.
  7. On the Approve Extension Request page, do the following:
    1. Enter additional comments you want to provide to the operator.
    2. Enter an approval comment.
  8. Click Approve Extension.

In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Parent topic: Manage Access Requests

Reject Extension Request

If you receive an access extension request that you want to reject, then use this procedure.

Access Request expires when an already approved duration elapses. If the Service Provider operator requests an extension to the duration you approved for access to your infrastructure, and this request is not acceptable, based on your service commitments, or for any other reason, then you can reject that access request.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Extension Requested from the list.
  5. From the list of Access Requests, click the request ID of the request for which you want to reject the extension.
  6. In the Request ID page, click Actions, and then select Reject Extension.
  7. In the Reject Extension Request page, in the comment field, enter your reason for rejecting the extension request.
  8. Click Reject Extension.

Parent topic: Manage Access Requests