20.1 Groups and Permissions

HeatWave on AWS has three predefined groups. The groups are created in the OCI Default identity domain. The predefined groups and associated permissions are described in the following tables.

Note:

The OCI user account that registered for the HeatWave on AWS service is added to the OracleMySQLHeatwaveServiceAccountAdmin group when the service is provisioned. Any other users must be added to at least one of the groups for access to HeatWave on AWS.

Table 20-1 OracleMySQLHeatwaveDBUsers Group

Group Description Resources and Permissions
OracleMySQLHeatwaveDBUsers: Members of this group can use DB Systems, DB System Backup, HeatWave Clusters, MySQL Configurations, Inbound Replication Channel, Service Events, and PrivateLinks resources DB Systems
  • View supported shapes
  • View supported MySQL versions
  • View DB Systems
  • View DB System Details
  • Update DB Systems
  • Run queries
  • View query statuses
  • Stop queries
  • Import data
  • View data imports
  • View data import details
  • Cancel data imports
DB System Backups
  • View DB System backups
  • View DB System backup details
  • Update DB System backups
HeatWave Clusters
  • View HeatWave Clusters
  • View HeatWave Cluster details
  • Estimate HeatWave Cluster size
  • View supported shapes
MySQL Configurations
  • View configurations
  • View configuration details
  • Update configurations
  • View configuration variable metadata
Inbound Replication Channels
  • View channels
  • View channel details
  • Resume channels
Service Events
  • View events
  • View event details
PrivateLinks
  • View PrivateLinks
  • View PrivateLink Details
  • Update PrivateLinks

Table 20-2 OracleMySQLHeatwaveDBAdmin Group

Group Description Resources and Permissions
OracleMySQLHeatwaveDBAdmin: Members of this group can manage all aspects of DB Systems, DB System Backups, HeatWave Clusters, MySQL Configurations, Inbound Replication Channel, and PrivateLinks resources.

In addition to OracleMySQLHeatwaveDBUsers group permissions, this group has these permissions:

DB Systems
  • Create DB Systems
  • Delete DB Systems
  • Start DB Systems
  • Stop DB Systems
  • Restart DB Systems
DB System Backups
  • Create DB System backups
  • Delete DB System backups
HeatWave Clusters
  • Create HeatWave Clusters
  • Delete HeatWave Clusters
  • Start HeatWave Clusters
  • Stop HeatWave Clusters
  • Restart HeatWave Clusters
MySQL Configurations
  • Create configurations
  • Delete configurations
Inbound Replication Channels
  • Create channels
  • Delete channels
  • Update channels
  • Reset channels
PrivateLinks
  • Create PrivateLinks
  • Delete PrivateLinks
  • Update existing PrivateLinks

Table 20-3 OracleMySQLHeatwaveServiceAccountAdmin Group

Group Description Resources and Permissions
OracleMySQLHeatwaveServiceAccountAdmin: Members of this group can manage all aspects of DB Systems, DB System Backups, HeatWave Clusters, MySQL Configurations, Inbound Replication Channel, and PrivateLinks resources. This group has the same permissions as the OracleMySQLHeatwaveDBAdmin group.

Parent topic: User and Group Management