Typical Policy Statements to Manage Tables

Here are typical policy statements that you might use to authorize access to Oracle NoSQL Database Cloud Service tables.

When you create a policy for your tenancy, you grant users access to all compartments by way of policy inheritance. Alternatively, you can restrict access to individual Oracle NoSQL Database Cloud Service tables or compartments.

Example 8-1 To allow group Admins to fully manage any Oracle NoSQL Database Cloud Service table

allow group Administrators to manage nosql-tables in tenancy
allow group Administrators to manage nosql-rows in tenancy
allow group Administrators to manage nosql-indexes in tenancy

Example 8-2 To allow group Admins to do any operations against NoSQL Tables in compartment Dev, use the family resource type.

allow group Admins to manage nosql-family in compartment Dev

Example 8-3 To allow group Analytics to do read-only operations against NoSQL Tables in compartment Dev

allow group Analytics to read nosql-rows in compartment Dev

Example 8-4 To only allow Joe in Developer to create, get and drop indexes of NoSQL tables in compartment Dev

allow group Developer to manage nosql-indexes in compartment Dev 
where request.user.id = '<OCID of Joe>'

Example 8-5 To allow group Admins to create, drop and move NoSQL Tables only but not alter in compartment Dev.

allow group Admins to manage nosql-tables in compartment Dev 
where any {request.permission = 'NOSQL_TABLE_CREATE', 
           request.permission = 'NOSQL_TABLE_DROP', 
           request.permission = 'NOSQL_TABLE_MOVE'}

Example 8-6 To allow group Developer to read, update and delete rows of table "customer" in compartment Dev but not others.

allow group Developer to manage nosql-rows in compartment Dev 
where target.nosql-table.name = 'customer'