Resource-Permissions Model

Each resource defines its own permissions model. This permissions model forms the basis of how a policy is defined to allow for authorized access to distributed database resources.

These permissions are intended to be mapped to Operations (list, get, update delete, and so on) to allow for fine grained access control.

• Read (read-only) allows the user to view resource details

• Update grants View permission, plus allows the user to edit an existing resource, including move, add shard, remove shard

• Create grants Update permission, plus allows the user to create new resources

• Delete grants Create permission, plus allows the user to delete a resource

The following table details the permissions model for Oracle’s Globally Distributed Database resources.

Resource	Permissions
distributed-database	DISTRIBUTED_DB_INSPECT DISTRIBUTED_DB_READ DISTRIBUTED_DB_MANAGE DISTRIBUTED_DB_MOVE DISTRIBUTED_DB_CREATE DISTRIBUTED_DB_DELETE
distributed-database-privateendpoint	DISTRIBUTED_DB_PRIVATE_ENDPOINT_INSPECT DISTRIBUTED_DB_PRIVATE_ENDPOINT_READ DISTRIBUTED_DB_PRIVATE_ENDPOINT_MANAGE DISTRIBUTED_DB_PRIVATE_ENDPOINT_MOVE DISTRIBUTED_DB_PRIVATE_ENDPOINT_CREATE DISTRIBUTED_DB_PRIVATE_ENDPOINT_DELETE
distributed-database-work-requests	DISTRIBUTED_DB_WORK_REQUEST_LIST DISTRIBUTED_DB_WORK_REQUEST_READ