Understanding Role Separation
You need to ensure that your cloud users have access to use and create only the appropriate kinds of cloud resources to perform their job duties. A best practice of Globally Distributed Autonomous Database is to define roles for the purposes of role separation.
The roles and responsibilities described in the following table should guide your understanding of how to define user groups, dynamic groups, and policies for your Globally Distributed Autonomous Database implementation. The example roles presented here are used throughout the environment setup, resource creation, and management instructions.
| Roles | Responsibilities |
|---|---|
| Tenant administrator |
Subscribe to regions Create compartments Create dynamic groups, user groups, and policies |
| Infrastructure administrator |
Create/Update/Delete virtual-network-family Create/Update/Delete Autonomous Exadata Infrastructure Create/Update/Delete Autonomous Exadata VM Clusters Tag Autonomous Exadata VM Clusters Create/Update/Delete Globally Distributed Autonomous Database Private Endpoints |
| Certificate administrator |
Create/Update/Delete Vault Create/Update/Delete Keys Create/Update/Delete Certificate Authority Create/Update/Delete Certificate Create/Update/Delete CA Bundle Upload Certificate and Certificate Bundles to Autonomous Exadata VM Clusters Download GSM Certificate Signing Request (CSR) Create a GSM Certificate based on GSM CSR Upload GSM Certificate |
| User | Create and manage Globally Distributed Autonomous Databases using UI and APIs |