20.1 Groups and Permissions

MySQL HeatWave on AWS has three predefined groups. The groups are created in the OCI Default identity domain. The predefined groups and associated permissions are described in the following tables.

Note:

The OCI user account that registered for the MySQL HeatWave on AWS service is added to the OracleMySQLHeatwaveServiceAccountAdmin group when the service is provisioned. Any other users must be added to at least one of the groups for access to MySQL HeatWave on AWS.

Table 20-1 OracleMySQLHeatwaveDBUsers Group

Group Description Resources and Permissions
OracleMySQLHeatwaveDBUsers: Members of this group can use DB Systems, DB System Backup, MySQL HeatWave Clusters, MySQL Configurations, Inbound Replication Channel, Service Events, and PrivateLinks resources DB Systems
  • View supported shapes
  • View supported MySQL versions
  • View DB Systems
  • View DB System Details
  • Update DB Systems
  • Run queries
  • View query statuses
  • Stop queries
  • Import data
  • View data imports
  • View data import details
  • Cancel data imports
DB System Backups
  • View DB System backups
  • View DB System backup details
  • Update DB System backups
MySQL HeatWave Clusters
  • View MySQL HeatWave Clusters
  • View MySQL HeatWave Clusters details
  • Estimate MySQL HeatWave Cluster size
  • View supported shapes
MySQL Configurations
  • View configurations
  • View configuration details
  • Update configurations
  • View configuration variable metadata
Inbound Replication Channels
  • View channels
  • View channel details
  • Resume channels
Service Events
  • View events
  • View event details
PrivateLinks
  • View PrivateLinks
  • View PrivateLink Details
  • Update PrivateLinks

Table 20-2 OracleMySQLHeatwaveDBAdmin Group

Group Description Resources and Permissions
OracleMySQLHeatwaveDBAdmin: Members of this group can manage all aspects of DB Systems, DB System Backups,MySQL HeatWave Clusters, MySQL Configurations, Inbound Replication Channel, and PrivateLinks resources.

In addition to OracleMySQLHeatwaveDBUsers group permissions, this group has these permissions:

DB Systems
  • Create DB Systems
  • Delete DB Systems
  • Start DB Systems
  • Stop DB Systems
  • Restart DB Systems
DB System Backups
  • Create DB System backups
  • Delete DB System backups
MySQL HeatWave Clusters
  • Create MySQL HeatWave Clusters
  • Delete MySQL HeatWave Clusters
  • Start MySQL HeatWave Clusters
  • Stop MySQL HeatWave Clusters
  • Restart MySQL HeatWave Clusters
MySQL Configurations
  • Create configurations
  • Delete configurations
Inbound Replication Channels
  • Create channels
  • Delete channels
  • Update channels
  • Reset channels
PrivateLinks
  • Create PrivateLinks
  • Delete PrivateLinks
  • Update existing PrivateLinks

Table 20-3 OracleMySQLHeatwaveServiceAccountAdmin Group

Group Description Resources and Permissions
OracleMySQLHeatwaveServiceAccountAdmin: Members of this group can manage all aspects of DB Systems, DB System Backups, MySQL HeatWave Clusters, MySQL Configurations, Inbound Replication Channel, and PrivateLinks resources. This group has the same permissions as the OracleMySQLHeatwaveDBAdmin group.