Resource-Permissions Model for Globally Distributed Autonomous Database
Each resource defines its own permissions model. This permissions model forms the basis of how a policy is defined to allow for authorized access to resources.
These permissions are intended to be mapped to Operations (list, get, update delete, and so on) to allow for fine grained access control.
- Read (read-only)– allows the user to view
sharded-database
details - Update – grants View permission, plus allows the user to edit an existing
sharded-database
resource, including move, add shard, remove shard - Create – grants Update permission, plus allows the user to create new
sharded-database
resources - Delete – grants Create permission, plus allows the user to delete a
sharded-database
The following table details the permissions model for Globally Distributed Autonomous Database resources.
Resource | Permissions |
---|---|
sharded-database |
|
sharded-database-work-requests |
|