1. Using Oracle Autonomous Database on Shared Exadata Infrastructure
  2. Managing and Monitoring Autonomous Database
  3. Configuring Network Access with Access Control Rules (ACLs) and Private Endpoints
  4. Configuring Network Access with Access Control Rules (ACLs)
  5. Configure Access Control Lists for an Existing Autonomous Database Instance

Configure Access Control Lists for an Existing Autonomous Database Instance

You can control and restrict access to your Autonomous Database by specifying network access control lists (ACLs). On an existing Autonomous Database instance with a public endpoint you can add, change, or remove ACLs.

Configure ACLs, or add, remove, or update existing ACLs for an Autonomous Database instance as follows:

  1. On the Details page, from the More Actions drop-down list, select Update Network Access.

    This shows the Update Network Access dialog.

    Description of adb_network_access_update.png follows
    Description of the illustration adb_network_access_update.png
  2. In the dialog, under Access Type, select Secure access from allowed IPs and VCNs only and specify the access control rules by selecting an IP notation type and values:
    • IP Address:

      In Values field enter values for the IP Address. An IP address specified in a network ACL entry is the public IP address of the client that is visible on the public internet that you want to grant access. For example, for an Oracle Cloud Infrastructure VM, this is the IP address shown in the Public IP field on the Oracle Cloud Infrastructure console for that VM.

      Note:

      Optionally click Add My IP Address to add your current IP address to the ACL entry.
    • CIDR Block:

      In Values field enter values for the CIDR Block. The CIDR block specified is the public CIDR block of the clients that are visible on the public internet that you want to grant access.

    • Virtual Cloud Network:

      Use this option to specify the VCN for use with an Oracle Cloud Infrastructure Service Gateway. See Access to Oracle Services: Service Gateway for more information.

      • In Virtual Cloud Network field select the VCN that you want to grant access from. If you do not have the privileges to see the VCNs in your tenancy this list is empty. In this case use the selection Virtual Cloud Network (OCID) to specify the OCID of the VCN.
      • Optionally, in the IP Addresses or CIDRs field enter private IP addresses or private CIDR blocks as a comma separated list to allow specific clients in the VCN.
    • Virtual Cloud Network (OCID):

      Use this option to specify the VCN for use with an Oracle Cloud Infrastructure Service Gateway. See Access to Oracle Services: Service Gateway for more information.

      • In the Values field enter the OCID of the VCN you want to grant access from.
      • Optionally, in the IP Addresses or CIDRs field enter private IP addresses or private CIDR blocks as a comma separated list to allow specific clients in the VCN.

    If you want to specify multiple IP addresses or CIDR ranges within the same VCN, do not create multiple ACL entries. Use one ACL entry with the values for the multiple IP addresses or CIDR ranges separated by commas.

  3. Click + Access Control Rule to add a new value to the access control list.
  4. Click x to remove an entry.
    You can also clear the value in the IP Addresses or CIDR Blocks field to remove an entry.
  5. Click Update.

If the Lifecycle State is Available when you click Update the Lifecycle State changes to Updating until the ACL is set. The database is still up and accessible, there is no downtime. When the update is complete the Lifecycle State returns to Available and the network ACLs from the access control list are in effect.