Prerequisite: IAM Policies Required to Manage Private Endpoints

Autonomous Database relies on the IAM (Identity and Access Management) service to authenticate and authorize cloud users to perform operations that use any of the Oracle Cloud Infrastructure interfaces (the Console, REST API, CLI, SDK, or others).

The IAM service uses groups, compartments and policies to control which cloud users can access which resources. In particular, a policy defines what kind of access a group of users has to a particular kind of resource in a particular compartment. For more information, see Getting Started with Policies.

In addition to the policies required to provision and manage an Autonomous Database, some network policies are needed to use private endpoints. The following table lists the IAM policies required for a cloud user to add a private endpoint.

Note:

The listed policies are the minimum requirements to add a private endpoint. You can also use a policy rule that is broader. For example, if you set the policy rule:
Allow group MyGroupName to manage virtual-network-family in tenancy

This rule also works because it is a superset that contains all the required policies.

Operation Required IAM Policies

Configure a private endpoint

use vcns for the compartment which the VCN is in

use subnets for the compartment which the VCN is in

use network-security-groups for the compartment which the network security group is in

manage private-ips for the compartment which the VCN is in

manage vnics for the compartment which the VCN is in

manage vnics for the compartment which the database is provisioned or is to be provisioned in

See Common Policies for more information.