Policies for MySQL HeatWave DB System
Shows how to allow Disaster Recovery (DR) to manage MySQL DB System that is part of the application stack.
Policies for MySQL DB System
Allow group <group name> to manage mysql-family in compartment
    <compartment_name>Configure IAM policies to grant read access to the vault secret used in MySQL DB System disaster recovery (DR) operations, enabling authorized resource principals to retrieve the secret as needed.
Create a Dynamic Group
Before creating the policy, ensure that you have defined a dynamic group for the resources that require access to the Vault secret. For example, to grant all instances within a specific compartment access to the secret, you can use the following policy syntax:
ALL {resource.type='computecontainerinstance', resource.compartment.id =
      'ocid1.compartment.oc1..<compartment_ocid>'}Replace <compartment_ocid> with the actual OCID of your compartment.
                  
Policies for Object Storage
Define the Policy
Create a policy that grants the dynamic group permission to read secrets from the Vault and upload logs to Object Storage Bucket during execution. Use the read verb with the secret-family resource type. The policy syntax is:
                  
Allow dynamic-group <dynamic-group-name> to read object-family in compartment
      <compartment-name>
Allow dynamic-group <dynamic-group-name> to read secret-family in compartment <compartment-name>In the above example:
<dynamic-group-name>: The name of your dynamic group.
<compartment-name>: The name of the compartment where the secret resides.Example Policy
If your dynamic group is named InstanceSecretReaders and your secrets are stored in the compartment MySecretsCompartment then the policy statement would be:
                  
Allow dynamic-group InstanceSecretReaders to read secret-family in compartment MySecretsCompartmentThis policy allows any resource that is a member of the InstanceSecretReaders dynamic group to read the secrets stored in the MySecretsCompartment compartment through OCI Vault.