Manage Privileged API Access Requests
Learn how to manage Privileged Access Requests to your Oracle Exadata Database Service on Cloud@Customer and Oracle Exadata Database Service on Dedicated Infrastructure.
- Create Privileged API Access Request
To create a Privileged Access Request using the Oracle Cloud Console, use this procedure. - State of a Privileged API Access Request
Review the list of Privileged API Access Request states. - View the List of Privileged API Access Requests
When you receive a notice of a Privileged API Access Request, you can view the list of all access requests by compartment, and accept or reject an access request. - Filter Privileged API Access Requests by State
To review, approve, update, or revoke access requests, you can filter the Privileged API Access Requests based on the workflow state of the request. - Filter Privileged API Access Requests by Resource Type
To review, approve, update, or revoke Privileged API Access Requests, you can filter the access requests based on the resource type of the request. - Approve a Privileged API Access Request
When you approve a Privileged Access Request, you permit access. - Privileged API Access Request for a Future Date and Time
You can control when Oracle operators perform privileged API tasks on you tenancy. - Reject a Privileged API Access Request
To reject a Privileged API Access Request, use this procedure. - Revoke a Privileged API Access Request
To revoke Privileged API Access to your tenancy after you have granted access, complete this procedure.
Create Privileged API Access Request
To create a Privileged Access Request using the Oracle Cloud Console, use this procedure.
Parent topic: Manage Privileged API Access Requests
State of a Privileged API Access Request
Review the list of Privileged API Access Request states.
Table 3-1 State of a Privileged API Access Request
State | Description |
---|---|
CREATED | Operator has submitted an access request. |
APPROVAL_WAITING | The approver or the system has not taken any action on the request. |
PREAPPROVED | The system has automatically approved the access request. |
APPROVED | Approver has approved the access request. |
APPROVED_FOR_FUTURE | An access request is scheduled for a future date and time to access resources. The requester can access the resources only at the specified date and time. |
REJECTED | Approver has rejected the access request. |
APPROVE_FAILED | The system could not approve an open access request. |
CLOSE_FAILED | The system could not close an open access request. The close could have been triggered by REVOKE / COMPLETE / EXPIRE. Contact Oracle support. |
REVOKE_FAILED | The system could not revoke an open access request. |
EXPIRY_FAILED | The system could not expire an open access request. |
REVOKING | Revoking the access request is in progress. |
REVOKED | Approver has revoked the approval of a request. Any operator that may have been accessing the system has been disconnected from the system. No new actions can be taken on the request. |
CLOSING | Closing the access request is in progress. |
CLOSED | Access request is no longer open and the service will now reject unapproved privileged APIs. |
EXPIRED | Access request approval time period has expired. The operator cannot access the system without raising and obtaining approval for a new access request. |
Parent topic: Manage Privileged API Access Requests
View the List of Privileged API Access Requests
When you receive a notice of a Privileged API Access Request, you can view the list of all access requests by compartment, and accept or reject an access request.
- Log in to your Oracle Cloud Infrastructure tenancy.
- Open the navigation menu. Under Oracle Database, click API Access Control.
- Click Create Privileged Access Request.
Requests are listed by request ID. The Resource Name column displays the resource for which the request was raised. The Resource Type column displays the type of the resource ("Exadata VM cluster" and "Cloud VM cluster"). The State column lists the status of a request. The Requested column displays the date and time of the request.
The Severity column displays the severity level (Severity 1 - Complete loss of service for mission-critical operations where work cannot reasonably continue, Severity 2 - Significant or degraded loss of service or resources, Severity 3 - Minor loss of services or resources, Severity 4 - No work being impeded at the time - information is requested or reported) set by the operator. The Access Request Reason column displays the reason for the operator's request for system access. To view individual requests, you can click a request ID.
Parent topic: Manage Privileged API Access Requests
Filter Privileged API Access Requests by State
To review, approve, update, or revoke access requests, you can filter the Privileged API Access Requests based on the workflow state of the request.
Parent topic: Manage Privileged API Access Requests
Filter Privileged API Access Requests by Resource Type
To review, approve, update, or revoke Privileged API Access Requests, you can filter the access requests based on the resource type of the request.
- Log in to your Oracle Cloud Infrastructure tenancy.
- Open the navigation menu. Under Oracle Database, click API Access Control.
- Click Privileged API Access Requests.
- Under Filters, select a Resource Type from the list.
Parent topic: Manage Privileged API Access Requests
Approve a Privileged API Access Request
When you approve a Privileged Access Request, you permit access.
- Log in to your Oracle Cloud Infrastructure tenancy.
- Open the navigation menu. Under Oracle Database, click API Access Control.
- Click Privileged API Access Requests..
- Under Filters, select Raised from the drop-down list.
- From the list of Privileged API Access Requests, click the name of the request that you want to approve.
- On the Request ID page, click Approve.
- On the Approve API Access Request page, do the following:
- In the Approval comments field, enter additional comments or instructions you want to provide to the operator.
- Under Approval Time, select either Approve Now or Approve Later. If you choose to approve later, then select date and time from the calendar control.
- Click Approve.
Parent topic: Manage Privileged API Access Requests
Privileged API Access Request for a Future Date and Time
You can control when Oracle operators perform privileged API tasks on you tenancy.
When the operator submits an Privileged API Access Request, you can schedule a future date and time for accessing resources. The operator can request access for a future time instead of immediate access. Additionally, the customer can approve a later time than the one requested by the operator.
The Privileged API Access Request details page shows the scheduled date and time. Even if your request moves to the Approved state, you can access resources only at the scheduled date and time.
Parent topic: Manage Privileged API Access Requests
Reject a Privileged API Access Request
To reject a Privileged API Access Request, use this procedure.
- Log in to your Oracle Cloud Infrastructure tenancy.
- Open the navigation menu. Under Oracle Database, click API Access Control.
- Click Privileged API Access Requests..
- Under Filters, select Raised from the drop-down list.
- From the list of Privileged API Access Requests, click the name of the request that you want to reject.
- On the Request ID page, click Reject.
- On the Reject API Access Request dialog, enter a reason for rejecting the request.
- Click Reject.
Parent topic: Manage Privileged API Access Requests
Revoke a Privileged API Access Request
To revoke Privileged API Access to your tenancy after you have granted access, complete this procedure.
- Log in to your Oracle Cloud Infrastructure tenancy.
- Open the navigation menu. Under Oracle Database, click API Access Control.
- Click Privileged API Access Requests..
- Under Filters, select Raised from the drop-down list.
- From the list of Privileged API Access Requests, click the name of the request that you want to revoke.
- On the Request ID page, click Revoke.
- On the Revoke API Access Request dialog, enter a reason for revoking the request.
- Click Revoke.
Parent topic: Manage Privileged API Access Requests