Using Distributed Database Management Policy Builder Templates

Several templates specific to Globally Distributed Database are included in the OCI Identity and Security Policy Builder.

The templates associated with the Distributed Database Management policy use case fall into three categories: Tenant-level templates for all platforms, templates that apply to only Globally Distributed Autonomous AI Database deployments, and templates that apply to only Globally Distributed Exadata Database on Exascale Infrastructure deployments. These categories address policies required for different platforms.

Tenant-level templates for all platforms:

• "Let Certificate Admins access required resources in Tenancy" provides tenant-level privileges to certificate administrators that create and manage keys and vaults.
• "Let Infrastructure Admins access required resources in Tenancy" provides tenant-level privileges to infrastructure administrators that create and manage cloud network and infrastructure resources.
• "Let Users access required resources in Tenancy" provides tenant-level privileges to users that create and manage Globally Distributed Database resources using the APIs and UI. Note that users need to be allowed to READ either distributed-autonomous-database or distributed-database in this policy. You can remove the statement that does not apply to your deployment.
• "Let Certificate Authority Resources to manage Objects and use Keys for both Distributed Autonomous Database and Distributed Database" is meant to provide compartment-level privileges to a dynamic group to control certificate authority resources in a designated compartment.
• "Let VM Clusters Resources to manage Keys and read Vaults for both Distributed Autonomous Database and Distributed Database" is meant to provide compartment-level privileges to a dynamic group to control VM cluster resources, and compartment-level privileges to the Key Management Service or Oracle Key Vault in a specific compartment.

Templates for Globally Distributed Autonomous AI Database:

• "Let Certificate Admins create and manage Keys and Vaults for Distributed Autonomous Database" provides compartment-level privileges to certificate administrators that create and manage keys and vaults.
• "Let Infrastructure Admins create and manage Distributed Autonomous Database" provides compartment-level privileges to infrastructure administrators that create and manage cloud network and infrastructure resources.
• "Let Users create and manage Distributed Autonomous Database" provides compartment-level privileges to users that create and manage Globally Distributed Autonomous AI Database resources using the APIs and UI.

Templates for Globally Distributed Exascale Database on Exascale Infrastructure:

• "Let Certificate Admins create and manage Keys and Vaults for Distributed Database" provides compartment-level privileges to certificate administrators that create and manage keys and vaults.
• "Let Infrastructure Admins create and manage Distributed Database" provides compartment-level privileges to infrastructure administrators that create and manage cloud network and infrastructure resources.
• "Let Users create and manage Distributed Database" provides compartment-level privileges to users that create and manage Globally Distributed Autonomous AI Database resources using the APIs and UI.

See Task 3. Create User Access Constraints for more information about creating the recommended compartments, dynamic groups, user groups, and policies for the distributed database.

See Creating a Policy for more details about using the Policy Builder.