Oracle Cloud Infrastructure Documentation

Overview of authentication_oci Plugin

MySQL authentication_oci plugin enables you to use to use local, federated, or provisioned user accounts for logging into the MySQL Server of the DB system.

  • Local user: A local user is a user created and managed in Oracle Cloud Infrastructure IAM service.
  • Federated user: A federated user is created and managed in an identity provider. They are granted access to Oracle Cloud Infrastructure based on their membership in groups that are mapped to Oracle Cloud Infrastructure groups.
  • Provisioned user: A provisioned user is provisioned by Oracle Identity Cloud Service in Oracle Cloud Infrastructure and is synced to a federated user that is managed in Oracle Identity Cloud Service. The provisioned user can have the special Oracle Cloud Infrastructure credentials like API keys and auth tokens to enable programmatic access. Provisioned users cannot have Console passwords.

To use local, federated, or provisioned user accounts to login to the MySQL Server, map MySQL user account to local, federated, or provisioned user accounts in either of the following ways:

  • Mapping a MySQL user to an individual local, federated, or provisioned user: This mapping provides the local, federated, or provisioned user the identity and privileges of a MySQL user. A MySQL user that is mapped to a local, federated, or provisioned is called a mapped MySQL user. See Connecting With a Mapped MySQL User.
  • Mapping a MySQL proxied user to an IAM group: If you want to provide access to an entire group of users, you can do this by mapping a MySQL proxied user to the IAM group. This mapping provides all users of the group the identity and privileges of the MySQL proxied user.
    • MySQL proxied user: A MySQL proxied user is a MySQL user whose identity and privileges can be assumed by a proxy user.
    • Proxy user: A local, federated, or provisioned user is called a proxy user since it assumes the identity and privileges of a MySQL proxied user.
    • Mapped proxy user: A proxy user that is mapped to a MySQL proxied user is called a mapped proxy user.

    See Connecting With a Mapped Proxy User.