1. Using Oracle Cloud Infrastructure Globally Distributed Autonomous Database
  2. Globally Distributed Autonomous Database Policies
  3. Resource-Permissions Model for Globally Distributed Autonomous Database

Resource-Permissions Model for Globally Distributed Autonomous Database

Each resource defines its own permissions model. This permissions model forms the basis of how a policy is defined to allow for authorized access to resources.

These permissions are intended to be mapped to Operations (list, get, update delete, and so on) to allow for fine grained access control.

  • Read (read-only)– allows the user to view sharded-database details
  • Update – grants View permission, plus allows the user to edit an existing sharded-database resource, including move, add shard, remove shard
  • Create – grants Update permission, plus allows the user to create new sharded-database resources
  • Delete – grants Create permission, plus allows the user to delete a sharded-database

The following table details the permissions model for Globally Distributed Autonomous Database resources.

Resource Permissions
sharded-database
  • SDB_INSPECT
  • SDB_READ
  • SDB_CREATE
  • SDB_UPDATE (update, add, remove)
  • SDB_DELETE
  • SDB_MOVE
sharded-database-work-requests
  • SDB_WORK_REQUEST_READ
  • SDB_WORK_REQUEST_LIST