Policy Details for Oracle Exadata Database Service on Cloud@Customer

Learn to write policies to control access to Oracle Exadata Database Service on Cloud@Customer resources.

Note

For more information on Policies, see "How Policies Work".

For a sample policy, see "Let database admins manage Oracle Exadata Database Service on Cloud@Customer instances".

About Resource-Types
Learn about resource-types you can use in your policies.
Resource-Types for Oracle Exadata Database Service on Cloud@Customer
Review the list of resource-types specific to Oracle Exadata Database Service on Cloud@Customer.
Supported Variables
Use variables when adding conditions to a policy.
Details for Verb + Resource-Type Combinations
Review the list of permissions and API operations covered by each verb.
Permissions Required for Each API Operation
Review the list of API operations for Oracle Exadata Database Service on Cloud@Customer resources in a logical order, grouped by resource type.

About Resource-Types

Learn about resource-types you can use in your policies.

An aggregate resource-type covers the list of individual resource-types that directly follow.

For example, writing one policy to allow a group to have access to the database-family is equivalent to writing eight separate policies for the group that would grant access to the exadata-infrastructures, vmcluster-networks, vmclusters, backup-destinations, db-nodes, dbnode-console-connection, and the rest of the individual resource-types.

For example, writing one policy to allow a group to have access to the autonomous-database-family is equivalent to writing four separate policies for the group that would grant access to the autonomous-databases, autonomous-backups, autonomous-container-databases, and cloud-autonomous-vmclusters resource-types.

For more information, see Resource-Types.

Parent topic: Policy Details for Oracle Exadata Database Service on Cloud@Customer

Resource-Types for Oracle Exadata Database Service on Cloud@Customer

Review the list of resource-types specific to Oracle Exadata Database Service on Cloud@Customer.

Aggregate Resource-Type

database-family

Individual Resource-Types

exadata-infrastructures

vmclusters

backup-destinations

db-nodes

db-homes

databases

backups

database-software-images

autonomous-vmclusters

autonomous-container-databases

autonomous-databases

key-stores

autonomousContainerDatabaseDataguardAssociations

AutonomousDatabaseDataguardAssociation

dbnode-console-connection

dbnode-console-history

scheduling-policies

scheduling-windows

scheduling-plan

scheduling-action

execution-windows

execution-action

Parent topic: Policy Details for Oracle Exadata Database Service on Cloud@Customer

Supported Variables

Use variables when adding conditions to a policy.

Exadata Database Service on Cloud@Customer supports only the general variables. For more information, see "General Variables for All Requests".

Related Topics

General Variables for All Requests

Parent topic: Policy Details for Oracle Exadata Database Service on Cloud@Customer

Details for Verb + Resource-Type Combinations

Review the list of permissions and API operations covered by each verb.

For more information, see "Permissions", "Verbs", and "Resource-Types".

Database-Family Resource Types

The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

For example, the read verb for the vmclusters resource-type covers no extra permissions or API operations compared to the inspect verb. However, the use verb includes one more permission, fully covers one more operation, and partially covers another additional operation.

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Exadata Infrastructures

Granting permissions on exadata-infrastructure resources grants permissions on associated vmcluster-network resources.

The table below lists permissions and API operations for exadata-infrastructures.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`EXADATA_INFRASTRUCTURE_INSPECT`	`ListExadataInfrastructures` `GetExadataInfrastructure` `GenerateRecommendedNetworkDetails` `ListVmClusterNetworks` `GetVmClusterNetwork` `ValidateVmClusterNetwork` `DownloadExadataInfrastructureConfigFile` `DownloadVmClusterNetworkConfigFile`	`ChangeExadataInfrastructureCompartment`
READ	INSPECT + `EXADATA_INFRASTRUCTURE_CONTENT_READ`	none	none
USE	READ + `EXADATA_INFRASTRUCTURE_UPDATE`	`ActivateExadataInfrastructure` `UpdateExadataInfrastructure` `ChangeExadataInfrastructureCompartment` `AddStorageCapacityExadataInfrastructure` `CreateVmClusterNetwork` `UpdateVmClusterNetwork` `DeleteVmClusterNetwork`	`CreateVmCluster` (also needs `manage vmclusters`) `UpdateVmCluster` (also needs `use vmclusters`) `ChangeExadataInfrastructureCompartment`
MANAGE	USE + `EXADATA_INFRASTRUCTURE_CREATE` `EXADATA_INFRASTRUCTURE_DELETE`	`CreateExadataInfrastructure` `DeleteExadataInfrastructure` `downloadExadataInfrastructureConfigFile`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for VM Cluster Networks

vmcluster-network resources inherit permissions from the exadata-infrastructure resources with which they are associated. You cannot grant permissions to vmcluster-network resources explicitly.

The table below lists permissions and API operations for vmcluster-networks.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`EXADATA_INFRASTRUCTURE_INSPECT`	`ListVmClusterNetworks` `GetVmClusterNetwork` `ValidateVmClusterNetwork`	none
READ	INSPECT + `EXADATA_INFRASTRUCTURE_CONTENT_READ`	`DownloadVmClusterNetworkConfigFile`	none
USE	READ + `EXADATA_INFRASTRUCTURE_UPDATE`	`CreateVmClusterNetwork` `UpdateVmClusterNetwork` `DeleteVmClusterNetwork`	none
MANAGE	USE + `EXADATA_INFRASTRUCTURE_CREATE` `EXADATA_INFRASTRUCTURE_DELETE`	none	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for VM Clusters

The table below lists permissions and API operations for vmclusters.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`VM_CLUSTER_INSPECT`	`ListVmClusters` `GetVmCluster` `ListVmClusterPatches` `ListVmClusterPatchHistoryEntries` `GetVmClusterPatch` `GetVmClusterPatchHistoryEntry` `ListVmClusterUpdates` `ListVmClusterUpdateHistoryEntries` `GetVmClusterUpdate` `GetVmClusterUpdateHistoryEntry`	none
READ	No extra	No extra	No extra
USE	READ + `VM_CLUSTER_UPDATE` `VM_CLUSTER_UPDATE_TAGS` `VM_CLUSTER_UPDATE_COMPARTMENT` `VM_CLUSTER_UPDATE_SSH_KEY` `VM_CLUSTER_UPDATE_LICENSE` `VM_CLUSTER_UPDATE_CPU` `VM_CLUSTER_UPDATE_MEMORY` `VM_CLUSTER_UPDATE_LOCAL_STORAGE` `VM_CLUSTER_UPDATE_EXADATA_STORAGE` `VM_CLUSTER_UPDATE_GI_SOFTWARE` `VM_CLUSTER_UPDATE_FILE_SYSTEM`	`ChangeVmClusterCompartment`	`UpdateVmCluster` (also needs `use exadata-infrastructures`) `CreateDbHome`, (also needs `manage db-homes` and `manage databases`). If automatic backups are enabled on the default database, also needs `manage backups` `DeleteDbHome`, (also needs `manage db-homes` and `manage databases`. If automatic backups are enabled on the default database, also needs `manage backups`
MANAGE	USE + `VM_CLUSTER_CREATE` `VM_CLUSTER_DELETE`	No extra	`CreateVmCluster` (also needs `use exadata-infrastructures`) `DeleteVmCluster` (also needs `use exadata-infrastructures`)

Note

The VM_CLUSTER_UPDATE_SSH_KEY permission is a highly privileged permission that allows the user to be a root user on the guest VM and gives them the ability to run other cluster update operations on the guest VM using dbaascli.

Using fine-grained permissions, you can write policies as follows:

To allow any update operations:

allow group abc to use vmclusters in compartment comp1

To allow only scale CPU:

allow group abc to use vmclusters in compartment comp1 where request.permission = 'VM_CLUSTER_UPDATE_CPU'

To allow GI update and any scale operations:

allow group abc to use vmclusters in compartment comp1
where any
     { request.permission = 'VM_CLUSTER_UPDATE_CPU', request.permission = 'VM_CLUSTER_UPDATE_EXADATA_STORAGE',
         request.permission = 'VM_CLUSTER_UPDATE_MEMORY', request.permission = 'VM_CLUSTER_UPDATE_LOCAL_STORAGE', request.permission = 'VM_CLUSTER_UPDATE_GI_SOFTWARE'}

To allow any operations except add SSH key:

allow group abc to use vmclusters in compartment comp1 where request.permission != 'VM_CLUSTER_UPDATE_SSH_KEY'

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Backup Destinations

The table below lists permissions and API operations for backup-destinations.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`BACKUP_DESTINATION_INSPECT`	`ListBackupDestinations` `GetBackupDestination`	none
READ	no extra	none	none
USE	READ + `BACKUP_DESTINATION_UPDATE`	`UpdateBackupDestination` `ChangeBackupDestinationCompartment`	none
MANAGE	USE + `BACKUP_DESTINATION_CREATE` `BACKUP_DESTINATION_DELETE`	`CreateBackupDestination` `DeleteBackupDestination`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Nodes

The table below lists permissions and API operations for db-nodes.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`DB_NODE_INSPECT` `DB_NODE_QUERY`	`GetDbNode`	none
READ	No extra	No extra	none
USE	READ + `DB_NODE_UPDATE`	`UpdateDbNode`	none
MANAGE	USE + `DB_NODE_POWER_ACTIONS`	`DbNodeAction`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Homes

The table below lists permissions and API operations for db-homes.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`DB_HOME_INSPECT`	`ListDBHome` `GetDBHome` `ListDbHomePatches` `ListDbHomePatchHistoryEntries` `GetDbHomePatch` `GetDbHomePatchHistoryEntry`	none
READ	No extra	No extra	none
USE	`DB_HOME_UPDATE`	`UpdateDBHome`	none
MANAGE	USE + `DB_HOME_CREATE` `DB_HOME_DELETE`	No extra	`CreateDbHome`, (also needs `manage db-homes`, `manage backups`, `manage db-nodes`, `read vmclusters`, `read work-requests`, and inspect `exadata-infrastructures`). If automatic backups are enabled on the default database, also needs `manage backups`. `DeleteDbHome`, (also needs `manage db-homes`, `manage backups`, `manage db-nodes`, `read vmclusters`, `read work-requests`, and `inspect exadata-infrastructures`). If automatic backups are enabled on the default database, also needs `manage backups`.

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Databases

The table below lists permissions and API operations for databases.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`DATABASE_INSPECT`	`ListDatabases` `GetDatabase` `getDatabaseUpgradeHistoryEntry` `ListDataGuardAssociations` `GetDataGuardAssociation`	`ListDatabaseUpgradeHistoryEntries` `UpgradeDatabase`
READ	No extra	No extra	none
USE	READ + `DATABASE_UPDATE` `DB_HOME_UPDATE`	`UpdateDatabase` `SwitchoverDataGuardAssociation` `FailoverDataGuardAssociation` `ReinstateDataGuardAssociation`	If enabling automatic backups, also needs `manage backups`.
MANAGE	USE + `DATABASE_CREATE` `DATABASE_DELETE`	No extra	`CreateDbHome`, (also needs `use vmclusters` and `manage db-homes`). If automatic backups are enabled on the default database, also needs `manage backups` `DeleteDbHome`, (also needs `use vmclusters` and `manage db-homes`). If automatic backups are enabled on the default database, also needs `manage backups`

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Backups

The table below lists permissions and API operations for backups.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`DB_BACKUP_INSPECT`	`GetBackup` `ListBackups`	none
READ	INSPECT + `DB_BACKUP_CONTENT_READ`	none	`RestoreDatabase` (also needs `use databases`)
USE	no extra	no extra	none
MANAGE	USE + `DB_BACKUP_CREATE` `DB_BACKUP_DELETE`	no extra	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Database Software Image

The table below lists permissions and API operations for database-software-image.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`DB_SOFTWARE_IMG_INSPECT`	`ListDatabaseSoftwareImages` `GetDatabaseSoftwareImage`	none
READ	No extra	No extra	none
USE	READ + `DB_SOFTWARE_IMG_UPDATE`	`UpdateDatabaseSoftwareImage` `ChangeDatabaseSoftwareImageCompartment`	none
MANAGE	USE + `DB_SOFTWARE_IMG_CREATE` + `DB_SOFTWARE_IMG_DELETE`	`CreateDatabaseSoftwareImage` `DeleteDatabaseSoftwareImage`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Autonomous Databases

The table below lists permissions and API operations for autonomous-databases.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`AUTONOMOUS_DATABASE_INSPECT`	`GetAutonomousDatabase, ListAutonomousDatabases`	no extra
READ	INSPECT + `AUTONOMOUS_DATABASE_CONTENT_READ`	no extra	`CreateAutonomousDatabaseBackup` (also needs manage autonomous-backups)
USE	READ + `AUTONOMOUS_DATABASE_CONTENT_WRITE` + `AUTONOMOUS_DATABASE_UPDATE`	`UpdateAutonomousDatabase`	`RestoreAutonomousDatabase` (also needs read autonomous-backups) `ChangeAutonomousDatabaseCompartment` (also needs read autonomous-backups)
MANAGE	USE + `AUTONOMOUS_DATABASE_CREATE` `AUTONOMOUS_DATABASE_DELETE`	`CreateAutonomousDatabase`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Autonomous Backups

The table below lists permissions and API operations for autonomous-backups.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`AUTONOMOUS_DB_BACKUP_INSPECT`	`ListAutonomousDatabaseBackups`, `GetAutonomousDatabaseBackup`	none
READ	INSPECT + `AUTONOMOUS_DB_BACKUP_CONTENT_READ`	no extra	`CreateAutonomousDatabaseBackup` (also needs manage autonomous-backups)
USE	READ + no extra	no extra	none
MANAGE	USE + `AUTONOMOUS_DB_BACKUP_CREATE` `AUTONOMOUS_DB_BACKUP_DELETE`	`DeleteAutonomousDatabaseBackup`	`CreateAutonomousDatabaseBackup` (also needs read autonomous-databases)

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Autonomous Container Databases

The table below lists permissions and API operations for autonomous-container-databases.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT`	`ListAutonomousContainerDatabases, GetAutonomousContainerDatabase`	none
READ	No extra	No extra	none
USE	READ + `AUTONOMOUS_CONTAINER_DATABASE_UPDATE`	`UpdateAutonomousContainerDatabase` `ChangeAutonomousContainerDatabaseCompartment`	`CreateAutonomousDatabase` (also needs manage autonomous-databases)
MANAGE	USE + `AUTONOMOUS_CONTAINER_DATABASE_CREATE` `AUTONOMOUS_CONTAINER_DATABASE_DELETE`	No extra	`CreateAutonomousContainerDatabase`, `TerminateAutonomousContainerDatabase` (both also need use autonomous-VmCluster)

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Autonomous VM Clusters

The table below lists permissions and API operations for autonomous-vmclusters.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`AUTONOMOUS_VM_CLUSTER_INSPECT`	`ListAutonomousVmClusters` `GetAutonomousVmCluster`	`ChangeAutonomousVmClusterCompartment`
READ	No extra	No extra	none
USE	READ + `AUTONOMOUS_VM_CLUSTER_UPDATE`	`ChangeAutonomousVmClusterCompartment`	`UpdateAutonomousVmCluster` `CreateAutonomousContainerDatabase` `TerminateAutonomousContainerDatabase`
MANAGE	USE + `AUTONOMOUS_VM_CLUSTER_CREATE` + `AUTONOMOUS_VM_CLUSTER_DELETE`	`DeleteAutonomousVmCluster`	`CreateAutonomousVmCluster`

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Autonomous Container Database Data Guard Associations

The table below lists permissions and API operations for autonomousContainerDatabaseDataguardAssociations.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`AUTONOMOUS_VM_CLUSTER_INSPECT` `AUTONOMOUS_CONTAINER_DATABASE_INSPECT`	`GetAutonomousContainerDatabase` `ListAutonomousContainerDatabaseDataguardAssociations` `GetAutonomousContainerDatabaseDataguardAssociation`	`CreateAutonomousContainerDatabase` `FailoverAutonomousContainerDatabaseDataguardAssociation` `SwitchoverAutonomousContainerDatabaseDataguardAssociation` `ReinstateAutonomousContainerDatabaseDataguardAssociation`
READ	no extra	no extra	none
USE	READ + `AUTONOMOUS_VM_CLUSTER_UPDATE` + `AUTONOMOUS_CONTAINER_DATABASE_UPDATE`	none	`CreateAutonomousContainerDatabase` `deleteAutonomouContainerDatabase` `FailoverAutonomousContainerDatabaseDataguardAssociation` `SwitchoverAutonomousContainerDatabaseDataguardAssociation` `ReinstateAutonomousContainerDatabaseDataguardAssociation`
MANAGE	USE + `AUTONOMOUS_CONTAINER_DATABASE_CREATE` + `AUTONOMOUS_CONTAINER_DATABASE_DELETE`	none	`CreateAutonomousContainerDatabase` `deleteAutonomouContainerDatabase`

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Autonomous Database Data Guard Association

The table below lists permissions and API operations for AutonomousDatabaseDataguardAssociation.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`AUTONOMOUS_DATABASE_INSPECT`	`GetAutonomousDatabase`	none
READ	no extra	no extra	none
USE	no extra	no extra	none
MANAGE	no extra	no extra	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Autonomous Virtual Machine

The table below lists permissions and API operations for autonomous-virtual-machine.

Verbs Permissions APIs Fully Covered APIs Partially Covered

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`AUTONOMOUS_VIRTUAL_MACHINE_INSPECT`	`GetAutonomousVirtualMachine` `ListAutonomousVirtualMachines`	none

INSPECT

AUTONOMOUS_VIRTUAL_MACHINE_INSPECT

GetAutonomousVirtualMachine

ListAutonomousVirtualMachines

none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Key Stores

The table below lists permissions and API operations for key-stores.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`KEY_STORE_INPSECT` `AUTONOMOUS_CONTAINER_DATABASE_INSPECT` `AUTONOMOUS_DATABASE_INSPECT` `AUTONOMOUS_DB_BACKUP_INSPECT`	`GetKeyStore` `GetAutonomousContainerDatabase` `GetAutonomousDatabase` `GetAutonomousDatabaseBackup`	`ChangeKeyStoreCompartment` `RotateAutonomousContainerDatabaseKey`
READ	no extra	no extra	none
USE	READ + `KEY_STORE_UPDATE` + `AUTONOMOUS_VM_CLUSTER_UPDATE` + `AUTONOMOUS_CONTAINER_DATABASE_UPDATE` `AUTONOMOUS_DATABASE_UPDATE`	`UpdateKeyStore` none none none `RotateAutonomousDatabaseKey`	`ChangeKeyStoreCompartment` `CreateAutonomousContainerDatabase` `RotateAutonomousContainerDatabaseKey` none
MANAGE	USE + `KEY_STORE_CREATE` + `KEY_STORE_DELETE` + `AUTONOMOUS_CONTAINER_DATABASE_CREATE`	`CreateKeyStore` `DeleteKeyStore` `CreateAutonomousContainerDatabase`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Pluggable Databases (PDBs)

The table below lists permissions and API operations for pluggable-databases.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`PLUGGABLE_DATABASE_INSPECT`	`ListPluggableDatabases` `GetPluggableDatabase`	`UpdatePluggableDatabase` `StartPluggableDatabase` `StopPluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase` `RefreshPluggableDatabase` `ConvertRefreshablePluggableDatabase`
inspect	`DATABASE_INSPECT`	no extra	`CreatePluggableDatabase` `DeletePluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
read	INSPECT + `PLUGGABLE_DATABASE_CONTENT_READ`	no extra	`CreatePluggableDatabase` (Additional permissions are required if auto-backups are enabled on the CDB and includes this PDB.) `UpdatePluggableDatabase` (Additional permissions are required if auto-backups are enabled on the CDB and includes this PDB.) `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
use	READ + `PLUGGABLE_DATABASE_CONTENT_WRITE`	no extra	`LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
	`PLUGGABLE_DATABASE_UPDATE`	no extra	`UpdatePluggableDatabase` `StartPluggableDatabase` `StopPluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase` `RefreshPluggableDatabase` `ConvertRefreshablePluggableDatabase`
	`DATABASE_UPDATE`	no extra	`CreatePluggableDatabase` `DeletePluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
manage	USE + `PLUGGABLE_DATABASE_CREATE`	no extra	`CreatePluggableDatabase` `LocalClonePluggableDatabase` `RemoteClonePluggableDatabase`
manage	`PLUGGABLE_DATABASE_DELETE`	no extra	`DeletePluggableDatabase`

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Servers

The table below lists permissions and API operations for dbServers.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	`EXADATA_INFRASTRUCTURE_INSPECT`	none	`GetDbServer` `ListDbServers`
READ	no extra	no extra	none
USE	READ + `VM_CLUSTER_UPDATE` `EXADATA_INFRASTRUCTURE_UPDATE`	none	`AddVirtualMachineToVmCluster`, `RemoveVirtualMachineFromVmCluster`
MANAGE	No extra	No extra	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Node Console Connection

The table below lists permissions and API operations for dbnode-console-connection.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`DBNODE_CONSOLE_CONNECTION_INSPECT`	`GetDbNodeConsoleConnection` `ListDbNodeConsoleConnections`	none
read	no extra	no extra	none
use	READ + `DBNODE_CONSOLE_CONNECTION_UPDATE` `PLUGGABLE_DATABASE_UPDATE`	`UpdateDbNodeConsoleConnection`	none
manage	USE + `DBNODE_CONSOLE_CONNECTION_CREATE` `DBNODE_CONSOLE_CONNECTION_DELETE`	`CreateDbNodeConsoleConnection` `DeleteDbNodeConsoleConnection`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for DB Node Console History

The table below lists permissions and API operations for dbnode-console-history.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`DBNODE_CONSOLE_HISTORY_INSPECT`	`GetDbNodeConsoleHistory` `ListDbNodeConsoleHistories`	none
read	INSPECT +	`DBNODE_CONSOLE_HISTORY_CONTENT_READ`	none
use	READ + `DBNODE_CONSOLE_HISTORY_UPDATE` `PLUGGABLE_DATABASE_UPDATE`	`UpdateDbNodeConsoleHistory`	none
manage	USE + `DBNODE_CONSOLE_HISTORY_CREATE` `DBNODE_CONSOLE_HISTORY_DELETE`	`CreateDbNodeConsoleHistory` `DeleteDbNodeConsoleHistory`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Interim Software Updates

The table below lists permissions and API operations for oneoffPatch.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`ONEOFF_PATCH_INSPECT`	`DownloadOneoffPatch` `GetOneoffPatch` `ListOneoffPatches`	`CreateOneoffPatch` `DeleteOneoffPatch` `UpdateOneoffPatch` `ChangeOneoffPatchCompartment`
read	INSPECT + no extra	`DownloadOneoffPatch`	none
use	READ + `ONEOFF_PATCH_UPDATE`	none	`UpdateOneoffPatch` `ChangeOneoffPatchCompartment`
manage	USE + `ONEOFF_PATCH_CREATE` `ONEOFF_PATCH_DELETE`	none	`CreateOneoffPatch` `DeleteOneoffPatch`

Related Topics

OneoffPatch Reference

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Scheduling Policies

The table below lists permissions and API operations for scheduling-policies.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`SCHEDULING_POLICY_INSPECT`	`ListSchedulingPolicies` `GetSchedulingPolicy` `ListRecommendedScheduledActions`	`CreateSchedulingPolicy` `UpdateSchedulingPolicy` `DeleteSchedulingPolicy` `ChangeSchedulingPolicyCompartment`
read	INSPECT + No extra	No extra	none
use	READ + `SCHEDULING_POLICY_UPDATE`	No extra	`UpdateSchedulingPolicy` `ChangeSchedulingPolicyCompartment`
manage	USE + `SCHEDULING_POLICY_CREATE` `SCHEDULING_POLICY_DELETE`	No extra	`CreateSchedulingPolicy` `DeleteSchedulingPolicy`

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Scheduling Windows

The table below lists permissions and API operations for scheduling-windows.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`SCHEDULING_WINDOW_INSPECT`	`ListSchedulingWindows` `GetSchedulingWindow`	`CreateSchedulingWindow` `UpdateSchedulingWindow` `DeleteSchedulingWindow`
read	INSPECT + No extra	No extra	none
use	READ + `SCHEDULING_WINDOW_UPDATE`	No extra	`UpdateSchedulingWindow`
manage	USE + `SCHEDULING_WINDOW_CREATE` `SCHEDULING_WINDOW_DELETE`	No extra	`CreateSchedulingWindow` `DeleteSchedulingWindow`

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Scheduling Plan

The table below lists permissions and API operations for scheduling-plan.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`EXADATA_INFRASTRUCTURE_INSPECT`	`ListExadataInfrastructures` `GetExadataInfrastructure` `GenerateRecommendedNetworkDetails` `ListVmClusterNetworks` `GetVmClusterNetwork` `ValidateVmClusterNetwork` `DownloadExadataInfrastructureConfigFile` `DownloadVmClusterNetworkConfigFile` `ListSchedulingPlans` `GetSchedulingPlan`	`ChangeExadataInfrastructureCompartment`
read	INSPECT + No extra	No extra	none
use	READ + `EXADATA_INFRASTRUCTURE_UPDATE`	`ActivateExadataInfrastructure` `UpdateExadataInfrastructure` `ChangeExadataInfrastructureCompartment` `AddStorageCapacityExadataInfrastructure` `CreateVmClusterNetwork` `UpdateVmClusterNetwork` `DeleteVmClusterNetwork` `ChangeSchedulingPlanCompartment` `CascadingDeleteSchedulingPlan`	`CreateVmCluster` (also needs manage vmclusters) `UpdateVmCluster` (also needs use vmclusters) `ChangeExadataInfrastructureCompartment`
manage	USE + `EXADATA_INFRASTRUCTURE_CREATE` `EXADATA_INFRASTRUCTURE_DELETE`	`CreateExadataInfrastructure` `DeleteExadataInfrastructure` `downloadExadataInfrastructureConfigFile` `CreateSchedulingPlan` `DeleteSchedulingPlan`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Scheduled Action

The table below lists permissions and API operations for scheduled-action.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`EXADATA_INFRASTRUCTURE_INSPECT`	`ListExadataInfrastructures` `GetExadataInfrastructure` `GenerateRecommendedNetworkDetails` `ListVmClusterNetworks` `GetVmClusterNetwork` `ValidateVmClusterNetwork` `DownloadExadataInfrastructureConfigFile` `DownloadVmClusterNetworkConfigFile` `ListScheduledActions` `GetScheduledAction` `ListParamsForActionType`	`ChangeExadataInfrastructureCompartment`
read	INSPECT + No extra	No extra	none
use	READ + `EXADATA_INFRASTRUCTURE_UPDATE`	`ActivateExadataInfrastructure` `UpdateExadataInfrastructure` `ChangeExadataInfrastructureCompartment` `AddStorageCapacityExadataInfrastructure` `CreateVmClusterNetwork` `UpdateVmClusterNetwork` `DeleteVmClusterNetwork` `UpdateScheduledAction` `ReorderScheduledActions`	`CreateVmCluster` (also needs manage vmclusters) `UpdateVmCluster` (also needs use vmclusters) `ChangeExadataInfrastructureCompartment`
manage	USE + `EXADATA_INFRASTRUCTURE_CREATE` `EXADATA_INFRASTRUCTURE_DELETE`	`CreateExadataInfrastructure` `DeleteExadataInfrastructure` `downloadExadataInfrastructureConfigFile` `CreateScheduledAction` `DeleteScheduledAction`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Execution Windows

The table below lists permissions and API operations for execution-windows.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`EXADATA_INFRASTRUCTURE_INSPECT`	`ListExadataInfrastructures` `GetExadataInfrastructure` `GenerateRecommendedNetworkDetails` `ListVmClusterNetworks` `GetVmClusterNetwork` `ValidateVmClusterNetwork` `DownloadExadataInfrastructureConfigFile` `DownloadVmClusterNetworkConfigFile` `ListExecutionWindows` `GetExecutionWindow`	`ChangeExadataInfrastructureCompartment`
read	INSPECT + No extra	No extra	none
use	READ + `EXADATA_INFRASTRUCTURE_UPDATE`	`ActivateExadataInfrastructure` `UpdateExadataInfrastructure` `ChangeExadataInfrastructureCompartment` `AddStorageCapacityExadataInfrastructure` `CreateVmClusterNetwork` `UpdateVmClusterNetwork` `DeleteVmClusterNetwork` `UpdateExecutionWindow` `CancelExecutionWindow`	`CreateVmCluster` (also needs manage vmclusters) `UpdateVmCluster` (also needs use vmclusters) `ChangeExadataInfrastructureCompartment`
manage	USE + `EXADATA_INFRASTRUCTURE_CREATE` `EXADATA_INFRASTRUCTURE_DELETE`	`CreateExadataInfrastructure` `DeleteExadataInfrastructure` `downloadExadataInfrastructureConfigFile` `CreateExecutionWindow` `DeleteExecutionWindow`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions and API operation details for Execution Action

The table below lists permissions and API operations for execution-action.

Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`EXADATA_INFRASTRUCTURE_INSPECT`	`ListExadataInfrastructures` `GetExadataInfrastructure` `GenerateRecommendedNetworkDetails` `ListVmClusterNetworks` `GetVmClusterNetwork` `ValidateVmClusterNetwork` `DownloadExadataInfrastructureConfigFile` `DownloadVmClusterNetworkConfigFile` `ListExecutionActions` `GetExecutionAction`	`ChangeExadataInfrastructureCompartment`
read	INSPECT + No extra	No extra	none
use	READ + `EXADATA_INFRASTRUCTURE_UPDATE`	`ActivateExadataInfrastructure` `UpdateExadataInfrastructure` `ChangeExadataInfrastructureCompartment` `AddStorageCapacityExadataInfrastructure` `CreateVmClusterNetwork` `UpdateVmClusterNetwork` `DeleteVmClusterNetwork` `UpdateExecutionAction` `MoveExecutionActionMember`	`CreateVmCluster` (also needs manage vmclusters) `UpdateVmCluster` (also needs use vmclusters) `ChangeExadataInfrastructureCompartment`
manage	USE + `EXADATA_INFRASTRUCTURE_CREATE` `EXADATA_INFRASTRUCTURE_DELETE`	`CreateExadataInfrastructure` `DeleteExadataInfrastructure` `downloadExadataInfrastructureConfigFile` `CreateExecutionAction` `DeleteExecutionAction`	none

Parent topic: Details for Verb + Resource-Type Combinations

Permissions Required for Each API Operation

Review the list of API operations for Oracle Exadata Database Service on Cloud@Customer resources in a logical order, grouped by resource type.

For information about permissions, see Permissions.

Table 7-28 Database API Operations

API Operation	Permissions Required to Use the Operation
`ListExadataInfrastructures`	`EXADATA_INFRASTRUCTURE_INSPECT`
`GetExadataInfrastructure`	`EXADATA_INFRASTRUCTURE_INSPECT`
`CreateExadataInfrastructure`	`EXADATA_INFRASTRUCTURE_CREATE`
`UpdateExadataInfrastructure`	`EXADATA_INFRASTRUCTURE_UPDATE`
`ChangeExadataInfrastructureCompartment`	`EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_UPDATE`
`DeleteExadataInfrastructure`	`EXADATA_INFRASTRUCTURE_DELETE`
`DownloadExadataInfrastructureConfigFile`	`EXADATA_INFRASTRUCTURE_CONTENT_READ`
`AddStorageCapacityExadataInfrastructure`	`EXADATA_INFRASTRUCTURE_UPDATE`
`ActivateExadataInfrastructure`	`EXADATA_INFRASTRUCTURE_UPDATE`
`GenerateRecommendedNetworkDetails`	`EXADATA_INFRASTRUCTURE_INSPECT`
`ListVmClusterNetworks`	`EXADATA_INFRASTRUCTURE_INSPECT`
`GetVmClusterNetwork`	`EXADATA_INFRASTRUCTURE_INSPECT`
`CreateVmClusterNetwork`	`EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_UPDATE`
`UpdateVmClusterNetwork`	`EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_UPDATE`
`DeleteVmClusterNetwork`	`EXADATA_INFRASTRUCTURE_UPDATE`
`DownloadVmClusterNetworkConfigFile`	`EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_CONTENT_READ`
`ValidateVmClusterNetwork`	`EXADATA_INFRASTRUCTURE_INSPECT`
`ListVmClusters`	`VM_CLUSTER_INSPECT`
`GetVmCluster`	`VM_CLUSTER_INSPECT`
`CreateVmCluster`	`EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_UPDATE` and `VM_CLUSTER_CREATE`
`UpdateVmCluster`	`EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_UPDATE` and `VM_CLUSTER_UPDATE`
`ChangeVmClusterCompartment`	`VM_CLUSTER_INSPECT` and `VM_CLUSTER_UPDATE`
`DeleteVmCluster`	`VM_CLUSTER_DELETE`
`ListVmClusterPatches`	`VM_CLUSTER_INSPECT`
`ListVmClusterPatchHistoryEntries`	`VM_CLUSTER_INSPECT`
`GetVmClusterPatch`	`VM_CLUSTER_INSPECT`
`GetVmClusterPatchHistoryEntry`	`VM_CLUSTER_INSPECT`
`ListVmClusterUpdates`	`VM_CLUSTER_INSPECT`
`ListVmClusterUpdateHistoryEntries`	`VM_CLUSTER_INSPECT`
`GetVmClusterUpdate`	`VM_CLUSTER_INSPECT`
`GetVmClusterUpdateHistoryEntry`	`VM_CLUSTER_INSPECT`
`ListBackupDestination`	`BACKUP_DESTINATION_INSPECT`
`GetBackupDestination`	`BACKUP_DESTINATION_INSPECT`
`CreateBackupDestination`	`BACKUP_DESTINATION_CREATE`
`UpdateBackupDestination`	`BACKUP_DESTINATION_UPDATE`
`DeleteBackupDestination`	`BACKUP_DESTINATION_DELETE`
`ChangeBackupDestinationCompartment`	`BACKUP_DESTINATION_INSPECT` and `BACKUP_DESTINATION_UPDATE`
`GetDbNode`	`DB_NODE_INSPECT`
`DbNodeAction`	`DB_NODE_POWER_ACTIONS`
`ListDbHomes`	`DB_HOME_INSPECT`
`GetDbHome`	`DB_HOME_INSPECT`
`CreateDbHome`	`VM_CLUSTER_INSPECT` and `VM_CLUSTER_UPDATE` and `DB_HOME_CREATE` and `DATABASE_CREATE` To enable automatic backups for the database, also need `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`.
`UpdateDbHome`	`DB_HOME_UPDATE`
`DeleteDbHome`	`VM_CLUSTER_UPDATE` and `DB_HOME_UPDATE` and `DATABASE_DELETE`
`ListDbHomePatches`	`DB_HOME_INSPECT`
`ListDbHomePatchHistoryEntries`	`DB_HOME_INSPECT`
`GetDbHomePatch`	`DB_HOME_INSPECT`
`GetDbHomePatchHistoryEntry`	`DB_HOME_INSPECT`
`CreateDatabase`	`VM_CLUSTER_INSPECT`, `VM_CLUSTER_UPDATE`, `DB_HOME_INSPECT`, `DB_HOME_UPDATE`, `DATABASE_CREATE` `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ` `DB_BACKUP_INSPECT`, `DB_BACKUP_CONTENT_READ`
`ListDatabases`	`DATABASE_INSPECT`
`GetDatabase`	`DATABASE_INSPECT`
`UpdateDatabase`	`DATABASE_UPDATE` To enable automatic backups, also need `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`
`DeleteDatabase`	`VM_CLUSTER_UPDATE`, `DB_HOME_UPDATE`, `DATABASE_DELETE` `DB_BACKUP_INSPECT`, `DB_BACKUP_DELETE` `DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`
`UpgradeDatabase`	`DATABASE_INSPECT` `DATABASE_UPDATE` `DB_HOME_INSPECT` `DB_HOME_UPDATE`
`getDatabaseUpgradeHistoryEntry`	`DATABASE_INSPECT`
`getDatabaseUpgradeHistoryEntry`	`DATABASE_INSPECT`
`ListDbVersions`	(no permissions required; available to anyone)
`GetBackup`	`DB_BACKUP_INSPECT`
`ListBackups`	`DB_BACKUP_INSPECT`
`CreateBackup`	`DB_BACKUP_CREATE` and `DATABASE_CONTENT_READ`
`DeleteBackup`	`DB_BACKUP_DELETE` and `DB_BACKUP_INSPECT`
`RestoreDatabase`	`DB_BACKUP_INSPECT` and `DB_BACKUP_CONTENT_READ` and `DATABASE_CONTENT_WRITE`
`ListAutonomousVmClusters`	`AUTONOMOUS_VM_CLUSTER_INSPECT`
`GetAutonomousVmCluster`	`AUTONOMOUS_VM_CLUSTER_INSPECT`
`CreateAutonomousVmCluster`	`AUTONOMOUS_VM_CLUSTER_CREATE` and `EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_UPDATE`
`UpdateAutonomousVmCluster`	`AUTONOMOUS_VM_CLUSTER_UPDATE` and `EXADATA_INFRASTRUCTURE_INSPECT` and `EXADATA_INFRASTRUCTURE_UPDATE`
`ChangeAutonomousVmClusterCompartment`	`AUTONOMOUS_VM_CLUSTER_INSPECT` and `AUTONOMOUS_VM_CLUSTER_UPDATE`
`DeleteAutonomousVmCluster`	`AUTONOMOUS_VM_CLUSTER_DELETE`
`ListAutonomousContainerDatabases`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT`
`GetAutonomousContainerDatabase`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT`
`CreateAutonomousContainerDatabase`	`EXADATA_INFRASTRUCTURE_UPDATE` and `AUTONOMOUS_VM_CLUSTER_UPDATE` and `AUTONOMOUS_CONTAINER_DATABASE_CREATE`
`TerminateAutonomousContainerDatabase`	`EXADATA_INFRASTRUCTURE_UPDATE` and `AUTONOMOUS_VM_CLUSTER_UPDATE` and `AUTONOMOUS_CONTAINER_DATABASE_DELETE`
`UpdateAutonomousContainerDatabase`	`AUTONOMOUS_CONTAINER_DATABASE_UPDATE`
`ChangeAutonomousContainerDatabaseCompartment`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT` and `AUTONOMOUS_CONTAINER_DATABASE_UPDATE`
`RotateAutonomousContainerDatabaseEncryptionKey`	`AUTONOMOUS_CONTAINER_DATABASE_UPDATE` and `AUTONOMOUS_CONTAINER_DATABASE_INSPECT`
`GetAutonomousDatabase`	`AUTONOMOUS_DATABASE_INSPECT`
`ListAutonomousDatabases`	`AUTONOMOUS_DATABASE_INSPECT`
`CreateAutonomousDatabase`	`AUTONOMOUS_DATABASE_CREATE`
`UpdateAutonomousDatabase`	`AUTONOMOUS_DATABASE_UPDATE`
`ChangeAutonomousDatabaseCompartment`	`AUTONOMOUS_DATABASE_UPDATE` and `AUTONOMOUS_DB_BACKUP_INSPECT` and `AUTONOMOUS_DB_BACKUP_CONTENT_READ` and `AUTONOMOUS_DATABASE_CONTENT_WRITE`
`DeleteAutonomousDatabase`	`AUTONOMOUS_DATABASE_DELETE`
`StartAutonomousDatabase`	`AUTONOMOUS_DATABASE_UPDATE`
`StopAutonomousDatabase`	`AUTONOMOUS_DATABASE_UPDATE`
`RestartAutonomousDatabase`	`AUTONOMOUS_DATABASE_UPDATE`
`RestoreAutonomousDatabase`	`AUTONOMOUS_DB_BACKUP_CONTENT_READ` and `AUTONOMOUS_DATABASE_CONTENT_WRITE`
`RotateAutonomousDatabaseEncryptionKey`	`AUTONOMOUS_DATABASE_UPDATE`
`CreateAutonomousDatabaseBackup`	`AUTONOMOUS_DB_BACKUP_CREATE` and `AUTONOMOUS_DATABASE_CONTENT_READ`
`ListAutonomousDatabaseBackups`	`AUTONOMOUS_DB_BACKUP_DELETE`
`GetAutonomousDatabaseBackup`	`AUTONOMOUS_DB_BACKUP_DELETE`
`ListAutonomousContainerDatabaseDataguardAssociations`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT`
`GetAutonomousContainerDatabaseDataguardAssociation`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT`
`FailoverAutonomousContainerDatabaseDataguardAssociation`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT and AUTONOMOUS_CONTAINER_DATABASE_UPDATE`
`SwitchoverAutonomousContainerDatabaseDataguardAssociation`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT` and `AUTONOMOUS_CONTAINER_DATABASE_UPDATE`
`ReinstateAutonomousContainerDatabaseDataguardAssociation`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT` and `AUTONOMOUS_CONTAINER_DATABASE_UPDATE`
`UpdateAutonomousContainerDatabaseDataguardAssociation`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT` and `AUTONOMOUS_CONTAINER_DATABASE_UPDATE`
`ListAutonomousDatabaseDataguardAssociations`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT`
`GetAutonomousDatabaseDataguardAssociation`	`AUTONOMOUS_CONTAINER_DATABASE_INSPECT`
`CreateDataGuardAssociation`	`VM_CLUSTER_INSPECT` and `DATABASE_INSPECT` and `DATABASE_UPDATE`
`GetDataGuardAssociation`	`DATABASE_INSPECT`
`ListDataGuardAssociations`	`DATABASE_INSPECT`
`SwitchoverDataGuardAssociation`	`DATABASE_UPDATE`
`FailoverDataGuardAssociation`	`DATABASE_UPDATE`
`ReinstateDataGuardAssociation`	`DATABASE_UPDATE`
`DeleteDatabase`	`VM_CLUSTER_UPDATE` and `DB_HOME_UPDATE` and `DATABASE_DELETE`
`CreateKeyStore`	`KEY_STORE_CREATE`
`GetKeyStore`	`KEY_STORE_INSPECT`
`UpdateKeyStore`	`KEY_STORE_UPDATE`
`DeleteKeyStore`	`KEY_STORE_DELETE`
`ChangeKeyStoreCompartment`	`KEY_STORE_INPSECT` and `KEY_STORE_UPDATE`
`ListDatabaseSoftwareImages`	`DB_SOFTWARE_IMG_INSPECT`
`GetDatabaseSoftwareImage`	`DB_SOFTWARE_IMG_INSPECT`
`UpdateDatabaseSoftwareImage`	`DB_SOFTWARE_IMG_INSPECT` and `DB_SOFTWARE_IMG_UPDATE`
`ChangeDatabaseSoftwareImageCompartment`	`DB_SOFTWARE_IMG_INSPECT` and `DB_SOFTWARE_IMG_UPDATE`
`CreateDatabaseSoftwareImage`	`DB_SOFTWARE_IMG_INSPECT` and `DB_SOFTWARE_IMG_CREATE`
`DeleteDatabaseSoftwareImage`	`DB_SOFTWARE_IMG_INSPECT` and `DB_SOFTWARE_IMG_DELETE`
`ListPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT`
`GetPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT`
`CreatePluggableDatabase`	`PLUGGABLE_DATABASE_CREATE`, `DATABASE_INSPECT` and `DATABASE_UPDATE`.
`UpdatePluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`StartPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`StopPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`DeletePluggableDatabase`	`PLUGGABLE_DATABASE_DELETE`, `DATABASE_INSPECT`, and `DATABASE_UPDATE`
`LocalClonePluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT`, `PLUGGABLE_DATABASE_UPDATE`, `PLUGGABLE_DATABASE_CONTENT_READ`, `PLUGGABLE_DATABASE_CONTENT_WRITE`, `PLUGGABLE_DATABASE_CREATE`, `DATABASE_INSPECT`, and `DATABASE_UPDATE`
`RemoteClonePluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT`, `PLUGGABLE_DATABASE_UPDATE`, `PLUGGABLE_DATABASE_CONTENT_READ`, `PLUGGABLE_DATABASE_CONTENT_WRITE`, `PLUGGABLE_DATABASE_CREATE`, `DATABASE_INSPECT`, and `DATABASE_UPDATE`
`RefreshPluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`ConvertRefreshablePluggableDatabase`	`PLUGGABLE_DATABASE_INSPECT` and `PLUGGABLE_DATABASE_UPDATE`
`GetDbServer`	`DB_SERVER_INSPECT`
`ListDbServers`	`DB_SERVER_INSPECT`
`AddVirtualMachineToVmCluster`	`VM_CLUSTER_UPDATE` `EXADATA_INFRASTRUCTURE_UPDATE`
`RemoveVirtualMachineFromVmCluster`	`VM_CLUSTER_UPDATE` `EXADATA_INFRASTRUCTURE_UPDATE`
`CreateOneoffPatch`	`ONEOFF_PATCH_INSPECT` `ONEOFF_PATCH_CREATE`
`DeleteOneoffPatch`	`ONEOFF_PATCH_INSPECT` `ONEOFF_PATCH_DELETE`
`DownloadOneoffPatch`	`ONEOFF_PATCH_INSPECT`
`UpdateOneoffPatch`	`ONEOFF_PATCH_INSPECT` `ONEOFF_PATCH_UPDATE`
`ListOneoffPatches`	`ONEOFF_PATCH_INSPECT`
`GetOneoffPatch`	`ONEOFF_PATCH_INSPECT`
`ChangeOneoffPatchCompartment`	`ONEOFF_PATCH_INSPECT` `ONEOFF_PATCH_UPDATE`
`CreateDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_CREATE` `DBNODE_CONSOLE_CONNECTION_INSPECT`
`GetDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_INSPECT`
`ListDbNodeConsoleConnections`	`DBNODE_CONSOLE_CONNECTION_INSPECT`
`DeleteDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_DELETE`
`UpdateDbNodeConsoleConnection`	`DBNODE_CONSOLE_CONNECTION_UPDATE`
`UpdateDbNode`	`DB_NODE_UPDATE`
`createDbNodeConsoleHistory`	`DBNODE_CONSOLE_HISTORY_CREATE` & `DBNODE_CONSOLE_HISTORY_INSPECT`
`getDbNodeConsoleHistory`	`DBNODE_CONSOLE_HISTORY_INSPECT`
`getDbNodeConsoleHistoryContent`	`DBNODE_CONSOLE_HISTORY_CONTENT_READ`
`listDbNodeConsoleHistories`	`DBNODE_CONSOLE_HISTORY_INSPECT`
`updateDbNodeConsoleHistory`	`DBNODE_CONSOLE_HISTORY_UPDATE`
`deleteDbNodeConsoleHistory`	`DBNODE_CONSOLE_HISTORY_DELETE`
`ListSchedulingPolicies`	`SCHEDULING_POLICY_INSPECT`
`GetSchedulingPolicy`	`SCHEDULING_POLICY_INSPECT`
`UpdateSchedulingPolicy`	`SCHEDULING_POLICY_INSPECT` & `SCHEDULING_POLICY_UPDATE`
`ChangeSchedulingPolicyCompartment`	`SCHEDULING_POLICY_INSPECT` & `SCHEDULING_POLICY_UPDATE`
`ListRecommendedScheduledActions`	`SCHEDULING_POLICY_INSPECT` & `SCHEDULING_POLICY_UPDATE`
`CreateSchedulingPolicy`	`SCHEDULING_POLICY_INSPECT` & `SCHEDULING_POLICY_CREATE`
`DeleteSchedulingPolicy`	`SCHEDULING_POLICY_INSPECT` & `SCHEDULING_POLICY_DELETE`
`ListSchedulingWindows`	`SCHEDULING_WINDOW_INSPECT`
`GetSchedulingWindow`	`SCHEDULING_WINDOW_INSPECT`
`UpdateSchedulingWindow`	`SCHEDULING_WINDOW_INSPECT` & `SCHEDULING_WINDOW_UPDATE`
`CreateSchedulingWindow`	`SCHEDULING_WINDOW_INSPECT` & `SCHEDULING_WINDOW_CREATE`
`DeleteSchedulingWindow`	`SCHEDULING_WINDOW_INSPECT` & `SCHEDULING_WINDOW_DELETE`
`CreateSchedulingWindow`	`SCHEDULING_WINDOW_INSPECT` & `SCHEDULING_WINDOW_CREATE`
`DeleteSchedulingWindow`	`SCHEDULING_WINDOW_INSPECT` & `SCHEDULING_WINDOW_DELETE`
`ListSchedulingPlans`	`EXADATA_INFRASTRUCTURE_INSPECT`
`GetSchedulingPlan`	`EXADATA_INFRASTRUCTURE_INSPECT`
`CreateSchedulingPlan`	`EXADATA_INFRASTRUCTURE_CREATE`
`ChangeSchedulingPlanCompartment`	`EXADATA_INFRASTRUCTURE_UPDATE`
`ReorderScheduledActions`	`EXADATA_INFRASTRUCTURE_UPDATE`
`CascadingDeleteSchedulingPlan`	`EXADATA_INFRASTRUCTURE_UPDATE`
`DeleteSchedulingPlan`	`EXADATA_INFRASTRUCTURE_DELETE`
`ListScheduledActions`	`EXADATA_INFRASTRUCTURE_INSPECT`
`GetScheduledAction`	`EXADATA_INFRASTRUCTURE_INSPECT`
`ListParamsForActionType`	`EXADATA_INFRASTRUCTURE_INSPECT`
`UpdateScheduledAction`	`EXADATA_INFRASTRUCTURE_UPDATE`
`ReorderScheduledActions`	`EXADATA_INFRASTRUCTURE_UPDATE`
`CreateScheduledAction`	`EXADATA_INFRASTRUCTURE_CREATE`
`DeleteScheduledAction`	`EXADATA_INFRASTRUCTURE_DELETE`
`ListExecutionWindows`	`EXADATA_INFRASTRUCTURE_INSPECT`
`GetExecutionWindow`	`EXADATA_INFRASTRUCTURE_INSPECT`
`UpdateExecutionWindow`	`EXADATA_INFRASTRUCTURE_UPDATE`
`ReorderExecutionActions`	`EXADATA_INFRASTRUCTURE_UPDATE`
`CancelExecutionWindow`	`EXADATA_INFRASTRUCTURE_UPDATE`
`CreateExecutionWindow`	`EXADATA_INFRASTRUCTURE_CREATE`
`DeleteExecutionWindow`	`EXADATA_INFRASTRUCTURE_DELETE`
`ListExecutionActions`	`EXADATA_INFRASTRUCTURE_INSPECT`
`GetExecutionAction`	`EXADATA_INFRASTRUCTURE_INSPECT`
`UpdateExecutionAction`	`EXADATA_INFRASTRUCTURE_UPDATE`
`MoveExecutionActionMember`	`EXADATA_INFRASTRUCTURE_UPDATE`
`CreateExecutionAction`	`EXADATA_INFRASTRUCTURE_CREATE`
`DeleteExecutionAction`	`EXADATA_INFRASTRUCTURE_DELETE`

Related Topics

Permissions

Parent topic: Policy Details for Oracle Exadata Database Service on Cloud@Customer

Oracle Cloud Infrastructure Documentation

About Resource-Types

Resource-Types for Oracle Exadata Database Service on Cloud@Customer

Supported Variables

Details for Verb + Resource-Type Combinations

Database-Family Resource Types

Permissions and API operation details for Exadata Infrastructures

Permissions and API operation details for VM Cluster Networks

Permissions and API operation details for VM Clusters

Permissions and API operation details for Backup Destinations

Permissions and API operation details for DB Nodes

Permissions and API operation details for DB Homes

Permissions and API operation details for Databases

Permissions and API operation details for Backups

Permissions and API operation details for Database Software Image

Permissions and API operation details for Autonomous Databases

Permissions and API operation details for Autonomous Backups

Permissions and API operation details for Autonomous Container Databases

Permissions and API operation details for Autonomous VM Clusters

Permissions and API operation details for Autonomous Container Database Data Guard Associations

Permissions and API operation details for Autonomous Database Data Guard Association

Permissions and API operation details for Autonomous Virtual Machine

Permissions and API operation details for Key Stores

Permissions and API operation details for Pluggable Databases (PDBs)

Permissions and API operation details for DB Servers

Permissions and API operation details for DB Node Console Connection

Permissions and API operation details for DB Node Console History

Permissions and API operation details for Interim Software Updates

Permissions and API operation details for Scheduling Policies

Permissions and API operation details for Scheduling Windows

Permissions and API operation details for Scheduling Plan

Permissions and API operation details for Scheduled Action

Permissions and API operation details for Execution Windows

Permissions and API operation details for Execution Action

Permissions Required for Each API Operation