Oracle NoSQL Database Cloud Service Policies Reference
Learn about supported variables, permissions, and Verb + Reource-Type combinations available for Oracle NoSQL Database Cloud Service Policies.
This article has the following topics:
Supported Variables
Learn about the variables supported by Oracle NoSQL Database Cloud Service.
Oracle NoSQL Database Cloud Service supports all the general variables. See General Variables for All Requests. All three NoSQL resource types can use the following variables, except for ListTables and CreateTable.
Table - Supported Variables
| Variable | Variable Type | Comments |
|---|---|---|
target.nosql-table.id |
OCID | Use this variable to control access to specific NoSQL table by OCID. |
target.nosql-table.name |
String | Use this variable to control access to specific NoSQL table by name. |
Details for Verb + Resource-Type Combinations
Learn about the permissions and API operations covered by each verb.
The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas no extra indicates no incremental access.
For example, the read verb for the nosql-tables resource-type includes the same permissions and API operations as the inspect verb, plus the NOSQL_TABLE_READ permission and the GetTable API operation. In the case of the nosql-tables resource-type, the use verb covers UpdateTable API operations compared to read. Lastly, manage covers more permissions and operations compared to use.
nosql-tables
Table - nosql-tables
| Verb | Permissions | REST APIs Fully Covered | NoSQL Cloud Driver Request Covered |
|---|---|---|---|
| INSPECT | NOSQL_TABLE_INSPECT | ListTables | ListTableRequest |
| READ | INSPECT + NOSQL_TABLE_READ | GetTable | GetTableRequest |
| READ | INSPECT + NOSQL_TABLE_READ | ListWorkRequests GetWorkRequest ListWorkRequestErrors ListWorkRequestLogs |
None |
| READ | INSPECT + NOSQL_TABLE_READ | ListTableUsage | TableUsageRequest |
| USE | READ + NOSQL_TABLE_ALTER | UpdateTable DeleteWorkRequest |
TableRequest
|
| MANAGE | USE + NOSQL_TABLE_CREATE | CreateTable | TableRequest (CREATE TABLE) |
| MANAGE | NOSQL_TABLE_DROP | CreateTable | TableRequest (DROP TABLE) |
| MANAGE | NOSQL_TABLE_MOVE | ChangeTableCompartment | Not supported |
nosql-rows
Table - nosql-rows
| Verb | Permissions | REST APIs Fully Covered | NoSQL Cloud Driver Request Covered |
|---|---|---|---|
| INSPECT | None | None | None |
| READ | NOSQL_ROWS_READ | GetRow Query (SELECT) PrepareStatement SummarizeStatement |
|
| USE | READ + NOSQL_ROWS_INSERT | UpdateRow Query (INSERT/UPSERT, UPDATE) |
|
| MANAGE | USE + NOSQL_ROWS_DELETE | DeleteRow Query (DELETE) |
|
nosql-indexes
Table - nosql-indexes
| Verb | Permissions | REST APIs Fully Covered | NoSQL Cloud Driver Request Covered |
|---|---|---|---|
| INSPECT | None | None | None |
| READ | NOSQL_INDEX_READ |
|
|
| USE | READ + NONE |
|
|
| MANAGE | READ + NOSQL_INDEX_CREATE | CreateIndex | TableRequest(CREATE INDEX) |
| MANAGE | NOSQL_INDEX_DROP | DeleteIndex | TableRequest(DROP INDEX) |
Permission Required for Each NoSQL Cloud Driver Request
Learn about the required permissions for each NoSQL Cloud Driver Request.
The table below lists the API operations in a logical order, grouped by resource type. For information about permissions, see Permissions in Oracle Cloud Infrastructure Documentation.
Table-Permissions
| Request | Permissions | Operation Id (request.operation) |
|---|---|---|
| DeleteRequest | NOSQL_ROWS_DELETE | DeleteRow |
| GetIndexesRequest | NOSQL_INDEX_READ | GetIndex |
| GetRequest | NOSQL_ROWS_READ | GetRow |
| GetTableRequest | NOSQL_TABLE_READ | GetTable |
| ListTablesRequest | NOSQL_TABLE_INSPECT | ListTables |
| MultiDeleteRequest | NOSQL_ROWS_DELETE | DeleteRow |
| PrepareRequest | NOSQL_ROWS_READ | GetRow |
| PutRequest | NOSQL_ROWS_INSERT | UpdateRow |
| QueryRequest (SELECT) | NOSQL_ROWS_READ | GetRow |
| QueryRequest (INSERT, UPSERT, UPDATE) | NOSQL_ROWS_INSERT | UpdateRow |
| QueryRequest (DELETE) | NOSQL_ROWS_DELETE | DeleteRow |
| TableRequest (CREATE TABLE) | NOSQL_TABLE_CREATE | CreateTable |
| TableRequest (ALTER TABLE) | NOSQL_TABLE_ALTER | UpdateTable |
| TableRequest (DROP TABLE) | NOSQL_TABLE_DROP | DeleteTable |
| TableUsageRequest | NOSQL_TABLE_READ | GetTable |
| WriteMultipleRequest | has PutRequest: NOSQL_ROWS_INSERT has DeleteRequest: NOSQL_ROWS_DELETE |
UpdateRow DeleteTable |
Permission Required for Each REST API Operation
Learn about the required permissions for each REST API operation request.
The table below lists the REST API operations in a logical order, grouped by resource type. For information about permissions, see Permissions in Oracle Cloud Infrastructure Documentation.
Table-Permissions
| Request | Permissions |
|---|---|
| ListTables | NOSQL_TABLE_INSPECT |
| CreateTable | NOSQL_TABLE_CREATE |
| GetTable | NOSQL_TABLE_READ |
| UpdateTable | NOSQL_TABLE_ALTER |
| DeleteTable | NOSQL_TABLE_DROP |
| ListIndexes | NOSQL_INDEX_READ |
| CreateIndex | NOSQL_INDEX_CREATE |
| GetIndex | NOSQL_INDEX_READ |
| DeleteIndex | NOSQL_INDEX_DROP |
| GetRow | NOSQL_ROWS_READ |
| UpdateRow | NOSQL_ROWS_INSERT |
| DeleteRow | NOSQL_ROWS_DELETE |
| ListTableUsage | NOSQL_TABLE_READ |
| ChangeTableCompartment | NOSQL_TABLE_ALTER |
| Query (SELECT) | NOSQL_ROWS_READ |
| Query (INSERT, UPSERT, UPDATE) | NOSQL_ROWS_INSERT |
| Query (DELETE) | NOSQL_ROWS_DELETE |
| PrepareStatement | NOSQL_TABLE_READ |
| SummarizeStatement | NOSQL_TABLE_READ |
| ListWorkRequests | NOSQL_TABLE_READ |
| GetWorkRequest | NOSQL_TABLE_READ |
| DeleteWorkRequest | NOSQL_TABLE_ALTER |
| ListWorkRequestErrors | NOSQL_TABLE_READ |
| ListWorkRequestLogs | NOSQL_TABLE_READ |
When you write a policy with request.operation, use the name of API operations. For Query operations, use the mapping operation of statement in the query. For example:
SELECT => GetRow INSERT, UPSERT or UPDATE => UpdateRow DELETE=> DeleteRow