Creating Mandatory Policies

A policy is a document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself.

You need to create the mandatory policies at the tenancy level to get access to various DB system resources.

Using the Console

Use the Console to create a policy to access and manage the resources in HeatWave Service.

  1. Open the navigation menu, and click Identity & Security. Under Identity, click Policies.
  2. Click Create Policy.
  3. In the Create Policy panel, enter the following information:
    • Name: Enter a name, such as MySQLPolicy.
    • Description: Enter a description.
    • Compartment: Select the compartment assigned to you by your administrator.
  4. Under Policy Builder, in Common policy templates, select Let database admins manage HeatWave resources.
  5. Select Group or Dynamic Groups for which you want to create the policy.
  6. Select the compartment in Location.
  7. You can see the following three policy statements added to the MySQL policy:
    Allow group {group name} to {COMPARTMENT_INSPECT, VCN_READ, SUBNET_READ, SUBNET_ATTACH, SUBNET_DETACH, NETWORK_SECURITY_GROUP_UPDATE_MEMBERS, VNIC_CREATE, VNIC_UPDATE,VNIC_DELETE, VNIC_ASSOCIATE_NETWORK_SECURITY_GROUP} in {location}
    Allow group {group name} to manage mysql-family in {location}
    Allow group {group name} to manage dbmgmt-mysql-family in {location}
    Allow group {group name} to use tag-namespaces in tenancy
  8. Click Create.

You have created a policy, which enables you to create and manage a DB system.