Learn about the security model for Oracle NoSQL Database Cloud Service.
Oracle NoSQL Database Cloud Service uses the Oracle Cloud Infrastructure Identity and Access Management security model that is built on the policies. A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources, including NoSQL tables that your company has, and how they can access these resources. A policy allows a group to work in certain ways with specific types of resources such as NoSQL Tables in a particular compartment.
To govern the control of your tables, your company will have at least one policy. Each policy consists of one or more policy statements that follow this basic syntax:
Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name>
To learn how policies work, see Overview of Policies in Oracle Cloud Infrastructure Documentation.
In Oracle Cloud Infrastructure Identity and Access Management, you organize Users within groups that usually share the same type of access to a particular set of NoSQL tables or compartments.
allow group Developers to manage nosql-family in compartment ProjectA
A verb specifies the type of access being granted by the policy. For example,
inspect nosql-tables lets you list the NoSQL tables. Inspect, read, use,
and manage are the verbs supported by Oracle NoSQL Database Cloud Service. See Verbs in Oracle Cloud Infrastructure Documentation.
Resources are the cloud objects that your company's employees create and use when
interacting with the Oracle Cloud Infrastructure (OCI). Oracle defines resource-types you
can use in policies.
nosql-indexes are three individual resource-types supported by NoSQL Database Cloud Service.
allow group viewers to read nosql-rows in tenancy
nosql-rowsthat are often managed together. For example, to grant full access to NoSQL Tables in the tenancy, to the viewers group, you can write a policy as:
allow group viewers to manage nosql-family in tenancy
Note:Tenancy is the root compartment that contains all of your organization's Oracle Cloud Infrastructure resources.
All the Oracle Cloud Infrastructure Identity and Access Management resources, users, groups, compartments and policies are global and available across all regions, but the master set of definitions reside in a single region, the home region. All the changes to your IAM resources must be made in your home region. To learn more about the IAM components, see Overview of Oracle Cloud Infrastructure Identity and Access Management in Oracle Cloud Infrastructure Documentation.