IAM Policies for Autonomous Database on Dedicated Exadata Infrastructure

This article lists the IAM policies required for managing various infrastructure resources of Autonomous Database on dedicated exadata infrastructure.

Oracle Autonomous Database relies on the IAM (Identity and Access Management) service to authenticate and authorize cloud users to perform operations that use any of the Oracle Cloud Infrastructure interfaces (the console, REST API, CLI or SDK). The IAM service uses groups, compartments and policies to control which cloud users can access which resources. In particular, a policy defines what kind of access a group of users has to a particular kind of resource in a particular compartment. For more information, see Getting Started with Policies.

IAM Policies Required to Manage Exadata Infrastructure Resources

The following table lists the IAM policies required for a cloud user to perform management operations on Exadata Infrastructure resources.

Operation Required IAM Policies

Create an Exadata Infrastructure resource

manage cloud-exadata-infrastructures

use vnic

use subnet

View a list of Exadata Infrastructure resources

inspect cloud-exadata-infrastructures

View details of an Exadata Infrastructure resource

inspect cloud-exadata-infrastructures

Change the maintenance schedule of an Exadata Infrastructure resource

use cloud-exadata-infrastructures

Move an Exadata Infrastructure resource to another compartment

use cloud-exadata-infrastructures

inspect cloud-exadata-infrastructures

Manage the security certificates for an Exadata Infrastructure resource

manage cloud-exadata-infrastructures

Terminate an Exadata Infrastructure resource

manage cloud-exadata-infrastructures

use vnic

use subnet

IAM Policies Required to Manage Autonomous Exadata VM Clusters

The following table lists the IAM policies required for a cloud user to perform management operations on Autonomous Exadata VM Clusters.

The following table lists the REST API endpoints to manage Autonomous Exadata VM Clusters.

Operation Required IAM Policies for Dedicated Autonomous Database on Exadata Cloud@Customer Required IAM Policies for Dedicated Autonomous Database on Oracle Cloud

Create an Autonomous Exadata VM Cluster

manage autonomous-vmclusters

use exadata-infrastructures

manage cloud-autonomous-vmclusters

use cloud-exadata-infrastructures

View a list of Autonomous Exadata VM Clusters

inspect autonomous-vmclusters

inspect cloud-autonomous-vmclusters

View details of an Autonomous Exadata VM Cluster

inspect autonomous-vmclusters

inspect cloud-autonomous-vmclusters

Change the license type of an Autonomous VM Cluster

use autonomous-vmclusters

inspect exadata-infrastructures

Not Applicable

Move an Autonomous Exadata VM Cluster to another compartment

use autonomous-vmclusters

use cloud-autonomous-vmclusters

Terminate an Autonomous Exadata VM Cluster

manage autonomous-vmclusters

manage cloud-autonomous-vmclusters

IAM Policies Required to Manage Autonomous Container Databases

The following table lists the IAM policies required for a cloud user to perform management operations on Autonomous Container Databases.

Operation Required IAM Policies

Create an Autonomous Container Database

manage autonomous-container-databases

use autonomous-exadata-infrastructures if creating the Autonomous Container Database on Oracle Cloud

use autonomous-vmclusters if creating the Autonomous Container Database on Exadata Cloud@Customer

use backup-destinations if creating the Autonomous Container Database on Exadata Cloud@Customer

View a list of Autonomous Container Databases

inspect autonomous-container-databases

View details of an Autonomous Container Database

inspect autonomous-container-databases

Change the backup retention policy of an Autonomous Container Database

use autonomous-container-databases

Change the maintenance schedule of an Autonomous Container Database

use autonomous-container-databases

Restart an Autonomous Container Database

use autonomous-container-databases

Move an Autonomous Container Database to another compartment

use autonomous-container-databases

Terminate an Autonomous Container Database

manage autonomous-container-databases

use autonomous-exadata-infrastructures if creating the Autonomous Container Database on Oracle Cloud

use autonomous-vmclusters if creating the Autonomous Container Database on Exadata Cloud@Customer

IAM Policies Required to Manage Dedicated Autonomous Databases

The following table lists the IAM policies required for a cloud user to perform management operations on dedicated Autonomous Databases.

Operation Required IAM Policies

Create a dedicated Autonomous Database

manage autonomous-databases

read autonomous-container-databases

View a list of dedicated Autonomous Databases

inspect autonomous-databases

View details of a dedicated Autonomous Database

inspect autonomous-databases

Set the password of a dedicated Autonomous Database's ADMIN user

use autonomous-databases

Scale the CPU core count or storage of a dedicated Autonomous Database

use autonomous-databases

Enable or disable auto scaling for a dedicated Autonomous Database

use autonomous-databases

Move a dedicated Autonomous Database to another compartment

use autonomous-databases in the dedicated Autonomous Database's current compartment and in the compartment you are moving it to

read autonomous-backups

Stop or start a dedicated Autonomous Database

use autonomous-databases

Restart a dedicated Autonomous Database

use autonomous-databases

Back up a dedicated Autonomous Database manually

read autonomous-databases

manage autonomous-backups

Restore a dedicated Autonomous Database

use autonomous-databases

read autonomous-backups

Clone a dedicated Autonomous Database

manage autonomous-databases

read autonomous-container-databases

Terminate a dedicated Autonomous Database

manage autonomous-databases