1. Using Oracle Database Cloud Schema Service
  2. Manage Identity Domains and Service Instances
  3. Understand Security Architecture
  4. Security Domains

Security Domains

There are several different security domains used with the overall implementation of Oracle Database Cloud Schema Service.

  • Accounts

  • Identity Domain

  • Schema Service

Accounts

Each and every Schema Service is owned by an account. An account is the top level in the security hierarchy. The individual who initially sets up an Account is known as the Buyer. A Buyer is automatically an Account Administrator as an Account Administrator can assign themselves privileges at the Identity Domain and Service level.

When you initially sign up for Schema Service, you must have an Oracle.com user account. After you initially sign up for a service, you can grant the Account Administrator privilege to any other Oracle.com users. Any Account Administrator can remove the Account Administrator privilege from any other Account Administrator.

Account Administrators can see all services, PaaS or SaaS services, associated with an account.

Identity Domain

An Identity Domain is a pool of users. An account can have one or more Identity Domains, but each domain is separate and distinct. You must define an Identity Domain when you initially request an account, and the requester is given a username within the Identity Domain.

Identity Domain membership and privileges are defined from the Cloud Infrastrucure Console.

Members of an Identity Domain can have security roles for one or more of the Cloud Services associated with the Identity Domain. These roles described in more detail below.

Identity Domain Administrators can see all Schema Service associated with the Identity Domain, and can assign and remove all security roles associated with these services, including the Administrator role for any of the services.

An Entitlement Administrator can create or delete cloud databases, based on your specific business requirements, but is restricted to a parent Oracle Cloud identity domain.

Schema Service

Schema Service is an individual service within the Oracle Cloud. Data within an individual Schema Service is completely separated from data in all other services in the Oracle Cloud, as described in more detail below.

Schema Service administrators can define users for the services that they administer. Schema Service users can be defined from the Cloud Infrastrucure Console or within the Administration area of the development platform for the service itself. If a user is defined from the Cloud Infrastrucure Console, they must use this page to manage their profile; if a user is defined through the Administration area of the development platform, they must manage their profile through that platform. Administrators and developers for Schema Service must be defined from the Cloud Infrastrucure Console and given the appropriate security role.