About Exadata Cloud at Customer Roles and Users

In addition to the roles and privileges described in Learn About Cloud Account Roles in Getting Started with Oracle Cloud, there are additional roles containing privileges that specifically apply to Oracle Database Exadata Cloud at Customer.

Cloud user accounts with these roles must exist before users can access and use Exadata Cloud at Customer. The cloud administrator can create Exadata Cloud at Customer administrators by creating cloud user accounts and assigning them the desired roles.

For Exadata Cloud at Customer implementations where the Cloud Control Plane is provided by an Oracle Cloud Machine X6 system, the privileges for Exadata Cloud at Customer are managed using Oracle Identity Cloud Service (IDCS). Under IDCS, most privileges are managed through a series of application roles that are associated with the ExadataCM application.

The following list summarizes the application roles and privileges that are associated with the ExadataCM application:

• The ExadataCM Service Based Entitlement Administrator role enables a user to manage the Exadata Cloud at Customer instance. The following table summarizes key privileges that are associated with the ExadataCM Service Based Entitlement Administrator role:

  Description of Privileges	More Information
  Create, modify, or delete an Exadata Cloud at Customer instance.	Creating an Exadata Cloud at Customer Instance Scaling an Exadata Cloud at Customer Instance Suspending and Resuming an Exadata Cloud at Customer Instance Deleting an Exadata Cloud at Customer Instance
  Create, modify, or delete an Exadata Cloud at Customer virtual machine (VM) cluster.	Administering VM Clusters
  Monitor and manage service instance usage.	Viewing Service Details and Monitoring Service Usage in Managing and Monitoring Oracle Cloud

• The EXADATACM_ADMINISTRATOR role enables a user to manage database deployments that are associated with the Exadata Cloud at Customer instance. The following table summarizes key privileges that are associated with the EXADATACM_ADMINISTRATOR role:

  Description of Privilege	More Information
  Create or delete database deployments.	Creating a Database Deployment Deleting a Database Deployment
  Patch, back up or restore database deployments.	Patching Exadata Cloud at Customer Backing Up and Restoring Databases on Exadata Cloud at Customer
  Create and manage snapshots of a database deployment.	Creating and Managing Snapshots of a Database Deployment

In addition to the application roles that are associated with the ExadataCM application, each Exadata Cloud at Customer instance is associated with the ExadataCM_Instance application in IDCS, where Instance is the Exadata Cloud at Customer instance name. The ExadataCM_Instance application contains the ExadataCM Instance Administrator role, which enables a user to manage the Exadata Cloud at Customer instance by using REST APIs as described in Using the Oracle Cloud My Services REST APIs.

For information about managing users and role assignments under IDCS, see Add Users to a Cloud Account with Identity Cloud Service in Getting Started with Oracle Cloud.

For older Exadata Cloud at Customer implementations where the Cloud Control Plane is provided by an Oracle Cloud Machine X5 system, the privileges for Exadata Cloud at Customer are delegated using a similar set of roles that are managed by using the My Services application. For information about managing users and role assignments in this environment, see Add Users to a Traditional Cloud Account in Getting Started with Oracle Cloud.