Oracle Managed Access Overview

Oracle Managed Access (OMA) provides a secure way for Oracle operators to access your cloud data when needed. Access is temporary, controlled, and based on approvals defined by your organization.

When you enable Break Glass for an environment, Oracle operators cannot access customer data directly. Instead, they must submit an access request through a secure workflow. The access request contains the environment to be accessed, access duration, service request (SR) number, and rationale for accessing your data. This request is sent to designated customer approvers, who can approve or deny access based on internal governance policies.

Key Capabilities

• Time-bound access
• Defined access levels per request
• Full audit logging of all access activity
• Approval templates to standardize workflows
• Support for auto-approval or manual approval
• Manual workflows can include up to three levels of approvers

Default Configuration

When you provision Oracle Break Glass, the environment is configured with:

• Auto-approval enabled
• Access duration set to 96 hours

You can update these settings to meet your organization’s security and compliance requirements.

Prerequisites

Before you configure Oracle Managed Access, ensure that you meet the following requirements:

• Enable Oracle Break Glass for the environment
• Configure approvers in the identity domain.
• Ensure that you have the required administrative privileges.

  You must either:

  • Belong to the Administrators group, or
  • Have the required IAM policies assigned

  For example, to grant full Managed Access capabilities, assign the following policy to the SecurityAdmins group:

  Allow group SecurityAdmins to manage lockbox-family in tenancy

  You can also define more granular policies as needed. For details, see Managed Access Policies.