Manage Delegation Controls

To create a Delegation Control using the Oracle Cloud Console, use this procedure.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. Click Create delegation control.
5. In the Compartment field, select a compartment where you want to create the Delegation Control.
   To find the compartment in the tenancy, you can search for a string in the compartment name. For example, if there are three compartments in the tenancy with "Exadata" in the compartment name, then entering the search phrase "Exadata" returns all three of those compartments.
6. In the Delegation control name field, enter an Delegation Control name to which you want to grant access to your compartment.

   For the Description field that is associated with that Delegation Control name, provide information that explains the purpose of this control, and other access information that you require for regulatory compliance.

7. In the Subscriptions field, select one or more subscriptions.
8. In the Resource Type section, choose resource type: Exadata VM Cluster.
9. In the Deployment Platform section, you can select either Cloud@Customer or Oracle Cloud if you have chosen the resource type Exadata VM Cluster.
10. In the Delegated resources section, select the resources (Exadata VM cluster or cloud VM cluster) and then select the resources from the Resources drop-down list.
    The selected resource will be listed below. You can remove them as and when needed by clicking Remove.
11. In the Select actions to pre-approve field, choose particular actions that you want to grant automatically.
12. Requires Second approval: Enable this option to add a second level of approval to access requests. An access request is considered fully approved only after it receives two approvals.
    Note
    
    

    • A banner is displayed on the Access Request details page indicating that this Access Request requires 2 approvals to move to the Approved state.
    • A banner is displayed if there are any pending approvals.
    • If any of the two users reject the Access Request, then the Access Request is moved to the Rejected state.
    • If one user approves the Access Request now (Approve Now) and the other user approves it for later (Approve Later), then Approve Later takes precedence.
13. Auto-approve access requests during the maintenance window: Enable this option to auto-approve access requests to Oracle operators to perform system maintenance operations.
14. In the Notification requirements section, select a notification topic.

    Only JSON notification message format is supported.

    Notifications related to support access requests will be published on the selected topic. You must select a valid topic or create one. For more information, see Creating a Topic.

15. (Optional) To specify additional features, select Advanced options. In the Tag Namespace field, consider adding a tag namespace (an identifying text string applied to a set of compartments), or tagging the control with an existing tag namespace.

    For more information, see Overview of Tagging.

16. Click Create.

To view the details of Delegation Controls, use this procedure.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. From the list of Delegation Controls, click the name of the Delegation Control that you want to view details.
5. In the Delegation Control Information tab, you can verify the Resource Type for which the Delegation Control was created, along with other details such as Subscriptions information, Resource Information, and Notifications validation.

   The Delegated Resources tab lists the resources governed by this Delegation Control. You can filter the list by Resource Name or Resource OCID.

   You can view and manage Tags in the Tags tab.

To view the details of Delegated Resources, use this procedure.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. From the list of Delegation Controls, click the name of the Delegation Control that you want to view details.
5. Click the Delegated Resources tab.
   The Delegated Resources tab lists the resources governed by this Delegation Control. You can filter the list by Resource Name or Resource OCID.

To change the name and description of the Delegation Control, add more resources, and other control settings for a Delegation Control, you can use the Edit Delegation Control option.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. From the list of Delegation Controls, click the name of the Delegation Control that you want to edit.
5. On the Delegation Control details page, click Edit.
6. On the resulting Edit Delegation Control page, you can edit:
   • Name and description
   • Add or remove subscription
   • Add or remove second approval
   • Add or remove delegated resources
   • Select more actions to pre-approve
   • Modify notification requirements
7. Click Save.

Add tags to a Delegation Control to make it easier to find, or to track resources used for specific purposes.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. From the list of Delegation Controls, select the Delegation Control for which you want to add tags.
5. On the Delegation Control details page, click the Tags tab to add tags.

To find Delegation Controls specific to an individual compartment, you can use List Scope to filter Delegation Controls by compartment.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. Select a compartment from the Compartment list.

To review the assignment states, you can filter the Assignments based on the workflow state of the request.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. In the Search and Filter field, select a state from the list, and then click Apply filter.
   You can perform actions based on the state of the Delegation Control.

   Delegation Controls	Allowed Action
   Create in progress	No actions.
   Active	Update, Move, or Remove.
   Update in progress	No actions.
   Delete in progress	No actions.
   Deleted	No actions.
   Failed	Update, Move, or Remove.
   Needs Attention	Update, Move, or Remove.

To filter Operator Controls by resource types, complete this procedure.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. In the Search and Filter field, select Resource Type, select one more resource types, and then click Apply filter.

To relocate a Delegation Control to another compartment, use this procedure.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle AI Database, click Delegate Access Control.
3. Click Delegation Controls.
4. From the list of Delegation Controls, click the name of the Delegation Control that you want to move.
5. On the Delegation Control details page, click Actions, and then select Move resource.
6. On the resulting Move resource dialog, choose a new compartment, and then click Move resource.

1. Log in to your Oracle Cloud Infrastructure tenancy.
2. Open the navigation menu. Under Oracle Database, click Delegate Access Control.
3. Click Delegation Controls.
4. From the list of Delegation Controls, click the name of the Delegation Control that you want to remove.
5. On the Delegation Control details page, click Actions, and the click Remove.
6. On the resulting Remove delegation control dialog, click Remove to confirm your choice.