12 Security with Access Control Lists and Change License Type

This section describes setting an Access Control List (ACL) for Autonomous Data Warehouse and describes how you can change your license type.

Set Access Control List with Autonomous Data Warehouse

Describes how to specify a network access control list with Autonomous Data Warehouse.

Specifying an access control list blocks all IP addresses that are not in the list from accessing the database. Once an access control list is set that specific Autonomous Data Warehouse database only accepts connections from addresses on the access control list and rejects all other client connections. By default, when there is no network access control list specified the database is accessible from any IP address.

  • Sign in to your Oracle Cloud Account at cloud.oracle.com.

  • From the Oracle Cloud Infrastructure left navigation list click Autonomous Data Warehouse.

  • On the Autonomous Databases page select an Autonomous Data Warehouse instance from the links under the Name column.

  1. On the Details page, from the Actions drop-down list, select Access Control List.
  2. On the Access Control List page enter values for the access control list:
    • IP Notation Type: Select one of: IP Address or CIDR Block.
    • IP Addresses or CIDR Blocks: Enter the values for the IP Address or the CIDR Block.
  3. Click + Additional Entry to add a new value to the access control list.
  4. Click x to remove an entry.
    You can also clear the value in the IP Addresses or CIDR Blocks field to remove an entry.
  5. Click Update.

If the Lifecycle State is Available when you click Update the Lifecycle State changes to Updating until the ACL is set. The database is still up and accessible, there is no downtime. When the update is complete the Lifecycle State returns to Available and the network ACLs from the access control list are in effect.

An IP address specified in a network ACL entry should be the public IP address of the client that is visible on the public internet that you want to grant access. For example, for an Oracle Cloud Infrastructure VM, this is the IP address shown in the Public IP field on the Oracle Cloud Infrastructure console for that VM.

Access Control List Notes:

  • If you have an Oracle Cloud Infrastructure network that is configured to use a service gateway to access your database, you cannot use the public IP addresses of the client machines in that network in your ACL definition. If you want to only allow connections coming through a service gateway you need to use the IP address of the service gateway in your ACL definition. If you want to only allow connections coming through a service gateway you need to add an ACL definition with the CIDR source type with the value 240.0.0.0/4.

    See Access to Oracle Services: Service Gateway for more information.

  • Network Access Control Lists (ACL)s are stored in the database with other database metadata. If the database is restored to a point in time the network ACLs are reverted back to the list as of that point in time.

  • The network ACLs apply to the database connections and Oracle Machine Learning notebooks. If an ACL is defined, if you try to login to Oracle Machine Learning from a client whose IP not specified on the ACL you will get an "invalid login" error.

  • The Autonomous Data Warehouse Service console is not subject to ACLs.

  • If you have a private subnet in your VCN that is configured to access the public internet through a NAT Gateway, you need to enter the public IP address of the NAT Gateway in your ACL definition. Clients in the private subnet do not have public IP addresses. See NAT Gateway for more information.

Update License Type with Autonomous Data Warehouse

Describes how to update your licensing with Autonomous Data Warehouse.

  • Sign in to your Oracle Cloud Account at cloud.oracle.com.

  • From the Oracle Cloud Infrastructure left navigation list click Autonomous Data Warehouse.

  • On the Autonomous Databases page select an Autonomous Data Warehouse instance from the links under the Name column.

  1. On the Details page, from the Actions drop-down list, select Update License Type.
  2. On the Update License Type page select the license type:
    • My organization already owns Oracle database software licenses

      Bring my existing database software licenses to the database cloud service

    • Subscribe to new database software licenses and the database cloud service
  3. Click Update.