Learn about the security model for Oracle NoSQL Database Cloud Service.
Oracle NoSQL Database Cloud Service uses the Oracle Cloud Infrastructure Identity and Access Management security model that is built on the policies. A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources, including NoSQL tables that your company has, and how they can access these resources. A policy allows a group to work in certain ways with specific types of resources such as NoSQL Tables in a particular compartment.
To govern the control of your tables, your company will have at least one policy. Each policy consists of one or more policy statements that follow this basic syntax:
Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name>
To learn how policies work, see Overview of Policies in Oracle Cloud Infrastructure Documentation.
In Oracle Cloud Infrastructure Identity and Access Management, you organize Users within groups that usually share the same type of access to a particular set of NoSQL tables or compartments.
allow group Developers to manage nosql-family in compartment ProjectA
A verb specifies the type of access being granted by the policy. For example,
inspect nosql-tables lets you list the NoSQL tables. Inspect, read, use,
and manage are the verbs supported by Oracle NoSQL Database Cloud Service. See Verbs in Oracle Cloud Infrastructure Documentation.
Resources are the cloud objects that your company's employees create and use when
interacting with the Oracle Cloud Infrastructure (OCI). Oracle defines resource-types you
can use in policies.
nosql-indexes are three individual resource-types supported by NoSQL Database Cloud Service.
allow group viewers to read nosql-rows in tenancy
nosql-rowsthat are often managed together. For example, to grant full access to NoSQL Tables in the tenancy, to the viewers group, you can write a policy as:
allow group viewers to manage nosql-family in tenancy
Note:Tenancy is the root compartment that contains all of your organization's Oracle Cloud Infrastructure resources.
Note:The way you manage users and groups for Oracle NoSQL Database Cloud Service depends on whether or not your cloud account or tenancy is in the OCI region that has been updated to use identity domains. Some OCI regions have been updated to use identity domains. If you have a cloud account or tenancy in one of these OCI regions, you can use the identity domains to manage the users who perform tasks in Oracle Cloud Infrastructure. For more information on how to set up users and groups for Oracle NoSQL Database Cloud Service, see Setting Up Users, Groups, and Policies Using Identity and Access Management .
Tip:It's easy to determine whether or not your OCI region has been updated to use Identity and Access Management (IAM) Identity Domains. For more information, see Do You Have Access to Identity Domains?