1. Using Oracle Database Management for Autonomous Databases
  2. Set Up Oracle Database Management for Autonomous Databases
  3. Configure Oracle Database Management
  4. Access Policies to Assign Autonomous Database Related Privileges

Access Policies to Assign Autonomous Database Related Privileges

After the Autonomous Database entities are discovered, you must go to the Access Policies page in Oracle Management Cloud and assign privileges to enforce user access.

Note:

The tasks performed on the Access Policies page are only applicable when working with Autonomous Database entities in Oracle Management Cloud. Similarly, the following information on Role-Based Access Control standards is only applicable when working with Autonomous Database entities.

The Autonomous Databases reside either within a tenancy, which is the root compartment, or in other compartments within the tenancy in Oracle Cloud Infrastructure. After you discover an Autonomous Database entity, Oracle Management Cloud has the information regarding the compartment in which the entity resides and you must apply the Role-Based Access Control (RBAC) standard to enforce user access based on the user's role. RBAC secures access using the following approach:

"Who can perform what functions on which resources."

  • Who denotes the IDCS user group you want to grant access privileges to.
  • What denotes the actions the user group can perform.
  • Which denotes the compartments in which the Autonomous Databases reside.

Prerequisites: You can access policies and assign them to users in Oracle Management Cloud. However, before you do so, ensure that:

  • You've performed the prerequisite tasks listed in Perform Prerequisite Tasks.
  • You've been assigned the OMC Administrator role and you're a part of the IDCS user group to which you want to assign a policy.
  • You've discovered the Autonomous Databases in Oracle Management Cloud.
To assign policies to user groups:
  1. In the Management Cloud navigation menu, click Administration > Security > Access Policies.
    The Access Policies page is displayed.
    Description of acess-policies.png follows
    Description of the illustration acess-policies.png

  2. On the Access Policies page, click Create Policy.
  3. Select an IDCS user group from the User Group drop-down list, the Use or Manage privilege from the Privilege drop-down list, and the compartment which has the Autonomous Databases from the Location drop-down list.

    The user groups populated in the User Group drop-down list are the IDCS groups you created when performing the prerequisite tasks.

    Use and Manage are the two verbs in the policy statement that grant the privileges required to work with Autonomous Database entities in Oracle Database Management. Note that for users with the OMC User role to perform monitoring and other tasks on an Autonomous Database entity, they must be in a user group that is assigned the Manage privilege. If a user group is assigned the Use privilege, then only the OMC Administrator in that group has access to Oracle Database Management and can perform monitoring and other tasks on an Autonomous Database entity.

  4. Click Create Policy Create Policy iconagainst the policy.
The policy is assigned to the user group.
Here's an example scenario to illustrate this concept better. Assuming, you're the OMC Administrator (A1) and you and two other OMC Users (U1 and U2) are a part of a user group (G1). You've discovered a compartment (C1) with two Autonomous Databases.

If you assign the Manage privilege to G1 for the resources in C1, then all the users in this user group will be able to access Oracle Database Management and work with the two Autonomous Databases in C1. However, if G1 is assigned the Use privilege, then only you (OMC Administrator) will be able to access Oracle Database Management and work with the Autonomous Databases in C1.