Oracle NoSQL Database Cloud Service Policies Reference

Learn about supported variables, permissions, and Verb + Reource-Type combinations available for Oracle NoSQL Database Cloud Service Policies.

This article has the following topics:

Related Topics

Supported Variables

Learn about the variables supported by Oracle NoSQL Database Cloud Service.

Oracle NoSQL Database Cloud Service supports all the general variables. See General Variables for All Requests. All three NoSQL resource types can use the following variables, except for ListTables and CreateTable.

Table - Supported Variables

Variable	Variable Type	Comments
`target.nosql-table.id`	OCID	Use this variable to control access to specific NoSQL table by OCID.
`target.nosql-table.name`	String	Use this variable to control access to specific NoSQL table by name.

Details for Verb + Resource-Type Combinations

Learn about the permissions and API operations covered by each verb.

The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas no extra indicates no incremental access.

For example, the read verb for the nosql-tables resource-type includes the same permissions and API operations as the inspect verb, plus the NOSQL_TABLE_READ permission and the GetTable API operation. In the case of the nosql-tables resource-type, the use verb covers UpdateTable API operations compared to read. Lastly, manage covers more permissions and operations compared to use.

nosql-tables

Table - nosql-tables

Verb	Permissions	REST APIs Fully Covered	NoSQL Cloud Driver Request Covered
INSPECT	NOSQL_TABLE_INSPECT	ListTables	ListTableRequest
READ	INSPECT + NOSQL_TABLE_READ	GetTable	GetTableRequest
READ	INSPECT + NOSQL_TABLE_READ	ListWorkRequests GetWorkRequest ListWorkRequestErrors ListWorkRequestLogs	None
READ	INSPECT + NOSQL_TABLE_READ	ListTableUsage	TableUsageRequest
USE	READ + NOSQL_TABLE_ALTER	UpdateTable DeleteWorkRequest	TableRequest change TableLimits ALTER TABLE
MANAGE	USE + NOSQL_TABLE_CREATE	CreateTable	TableRequest (CREATE TABLE)
MANAGE	NOSQL_TABLE_DROP	CreateTable	TableRequest (DROP TABLE)
MANAGE	NOSQL_TABLE_MOVE	ChangeTableCompartment	Not supported

nosql-rows

Table - nosql-rows

Verb	Permissions	REST APIs Fully Covered	NoSQL Cloud Driver Request Covered
INSPECT	None	None	None
READ	NOSQL_ROWS_READ	GetRow Query (SELECT) PrepareStatement SummarizeStatement	GetRequest PrepareRequest QueryRequest (SELECT)
USE	READ + NOSQL_ROWS_INSERT	UpdateRow Query (INSERT/UPSERT, UPDATE)	PutRequest WriteMultipleRequest(Put) QueryRequest(INSERT/UPSERT, UPDATE)
MANAGE	USE + NOSQL_ROWS_DELETE	DeleteRow Query (DELETE)	DeleteRequest MultiDeleteRequest WriteMultipleRequest(Delete) QueryRequest(DELETE)

nosql-indexes

Table - nosql-indexes

Verb	Permissions	REST APIs Fully Covered	NoSQL Cloud Driver Request Covered
INSPECT	None	None	None
READ	NOSQL_INDEX_READ	ListIndexes GetIndex	GetIndexesRequest + indexName GetIndexesRequest
USE	READ + NONE	ListIndexes GetIndex	GetIndexesRequest + indexName GetIndexesRequest
MANAGE	READ + NOSQL_INDEX_CREATE	CreateIndex	TableRequest(CREATE INDEX)
MANAGE	NOSQL_INDEX_DROP	DeleteIndex	TableRequest(DROP INDEX)

Permission Required for Each NoSQL Cloud Driver Request

Learn about the required permissions for each NoSQL Cloud Driver Request.

The table below lists the API operations in a logical order, grouped by resource type. For information about permissions, see Permissions in Oracle Cloud Infrastructure Documentation.

Table - Permissions

Request	Permissions	Operation Id (request.operation)
DeleteRequest	NOSQL_ROWS_DELETE	DeleteRow
GetIndexesRequest	NOSQL_INDEX_READ	GetIndex
GetRequest	NOSQL_ROWS_READ	GetRow
GetTableRequest	NOSQL_TABLE_READ	GetTable
ListTablesRequest	NOSQL_TABLE_INSPECT	ListTables
MultiDeleteRequest	NOSQL_ROWS_DELETE	DeleteRow
PrepareRequest	NOSQL_ROWS_READ	GetRow
PutRequest	NOSQL_ROWS_INSERT	UpdateRow
QueryRequest (SELECT)	NOSQL_ROWS_READ	GetRow
QueryRequest (INSERT, UPSERT, UPDATE)	NOSQL_ROWS_INSERT	UpdateRow
QueryRequest (DELETE)	NOSQL_ROWS_DELETE	DeleteRow
TableRequest (CREATE TABLE)	NOSQL_TABLE_CREATE	CreateTable
TableRequest (ALTER TABLE)	NOSQL_TABLE_ALTER	UpdateTable
TableRequest (DROP TABLE)	NOSQL_TABLE_DROP	DeleteTable
TableUsageRequest	NOSQL_TABLE_READ	GetTable
WriteMultipleRequest	has PutRequest: NOSQL_ROWS_INSERT has DeleteRequest: NOSQL_ROWS_DELETE	UpdateRow DeleteTable

Permission Required for Each REST API Operation

Learn about the required permissions for each REST API operation request.

The table below lists the REST API operations in a logical order, grouped by resource type. For information about permissions, see Permissions in Oracle Cloud Infrastructure Documentation.

Table - Permissions

Request	Permissions
ListTables	NOSQL_TABLE_INSPECT
CreateTable	NOSQL_TABLE_CREATE
GetTable	NOSQL_TABLE_READ
UpdateTable	NOSQL_TABLE_ALTER
DeleteTable	NOSQL_TABLE_DROP
ListIndexes	NOSQL_INDEX_READ
CreateIndex	NOSQL_INDEX_CREATE
GetIndex	NOSQL_INDEX_READ
DeleteIndex	NOSQL_INDEX_DROP
GetRow	NOSQL_ROWS_READ
UpdateRow	NOSQL_ROWS_INSERT
DeleteRow	NOSQL_ROWS_DELETE
ListTableUsage	NOSQL_TABLE_READ
ChangeTableCompartment	NOSQL_TABLE_ALTER
Query (SELECT)	NOSQL_ROWS_READ
Query (INSERT, UPSERT, UPDATE)	NOSQL_ROWS_INSERT
Query (DELETE)	NOSQL_ROWS_DELETE
PrepareStatement	NOSQL_TABLE_READ
SummarizeStatement	NOSQL_TABLE_READ
ListWorkRequests	NOSQL_TABLE_READ
GetWorkRequest	NOSQL_TABLE_READ
DeleteWorkRequest	NOSQL_TABLE_ALTER
ListWorkRequestErrors	NOSQL_TABLE_READ
ListWorkRequestLogs	NOSQL_TABLE_READ

When you write a policy with request.operation, use the name of API operations. For Query operations, use the mapping operation of statement in the query. For example:

SELECT => GetRow INSERT, UPSERT or UPDATE => UpdateRow DELETE=> DeleteRow

Title and Copyright Information

Oracle NoSQL Database Cloud Service Policies Reference

Oracle and/or its affiliates.