Configuring IAM for Oracle DBaaS

To configure IAM to work with the Oracle DBaaS instance, an IAM administrator may need to create an IAM policy and have users create an IAM database password.

Creating an IAM Policy to Authorize Users Authenticating with Tokens

To configure IAM to work with the Oracle DBaaS instance, an IAM administrator must create an IAM policy (if using IAM tokens), create IAM groups and manage group membership.

The IAM administrator should work with the database administrator to create the appropriate IAM groups for databases. Individual IAM users will need to create an IAM database password in their profile if they are using password verifiers.

You do not need to create a policy for users who are authenticating with password verifiers.

Note the following:

See Oracle Cloud Infrastructure Documentation for more information about the syntax of policy statements.

Creating an IAM Database Password

The IAM database password, different from the Oracle Cloud Infrastructure (OCI) console password, and set by the IAM user, is required for the Oracle DBaaS password verification process.

The set of allowed characters for the OCI IAM database password is similar to the set of allowed characters for the OCI console password except that the double quotation mark character is not allowed for the OCI IAM database password. See Managing User Credentials for information about creating an IAM database password.

  1. Log in to the OCI console to your user page.

  2. Access My profile or User settings (top right in the navigation toolbar) depending on the IAM version that you are using.

  3. In your profile or settings, in the left, under Resources, click on the Database Passwords link.

  4. Click the Create Database Password button.

  5. Add a description and the password, ensuring that you apply the listed complexity rules.

  6. Click Create Database Password to save the password.

    After the password is created, its description and creation date are listed under Database Passwords.