Essbase Policy Manager

If you have Oracle Cloud Infrastructure (OCI) tenancy administrator privileges, you can use the Essbase Policy Manager to automatically configure the dynamic group policy required for Essbase deployment.

The Essbase Policy Manager performs the following actions:

  • Creates the dynamic group required for Essbase deployment. For more details, see Create Dynamic Groups.
  • Creates the policy statements required for this dynamic group. For more details, see Set Up Policies.

Limitations and Requirements

  • Only users with tenancy level administrator privileges can run Essbase Policy Manager. The job will fail if it is run by a non-admin user.
  • Essbase Policy Manager creates only the dynamic group and its related policies. It does not create user group or user group related policies.
  • You must run Essbase Policy Manager as a separate job. After it completes, launch a new Create stack job from the Marketplace to deploy Essbase. Do not edit the same stack to choose other workflows, as this will destroy the policies created.
  • This is a one-time and optional activity to set up the prerequisites for deploying Essbase in your tenancy.

Steps to Run Essbase Policy Manager

  1. On the Create stack page within the Oracle Cloud Infrastructure Marketplace Essbase listing, under General Settings, select the Run Essbase Policy Manager checkbox.

  2. [Optional] Enter a Dynamic Group Name to associate with the policies. The name must be unique. If left empty, a name will be generated automatically.

  3. In the Target Compartment field, select the compartment where all provisioned resources will be created and where the stack instance will be deployed.

  4. In the Target Compartment of Database field, select the compartment where your database is located if you are using an existing database for Essbase deployment.

  5. In the Target Compartment of Secret field, select the compartment where your Essbase deployment secret is stored.

  6. When done, click Next to proceed to the Review page.

  7. Select Run apply, then click Save changes to complete the process.

This process creates the required dynamic group and the base set of policy statements for the dynamic group needed for deployment.

Example Policy Statements Created

Below is an example of the policy statements created for the dynamic group. OCIDs are shown generically for clarity.

Note:

Review the created policies and customize them as necessary. If additional resources require access, you can add more policies as needed. To ensure consistency and ease of management, follow the existing policy pattern and syntax. 
Allow dynamic-group id <ocid> to use autonomous-database in compartment id <ocid>
Allow dynamic-group id <ocid> to manage instance-family in compartment id <ocid>
Allow dynamic-group id <ocid> to use secret-family in compartment id <ocid>
Allow dynamic-group id <ocid> to use keys in compartment id <ocid>
Allow dynamic-group id <ocid> to read buckets in compartment id <ocid>
Allow dynamic-group id <ocid> to manage objects in compartment id <ocid>
Allow dynamic-group id <ocid> to inspect volume-groups in compartment id <ocid>
Allow dynamic-group id <ocid> to manage volumes in compartment id <ocid>
Allow dynamic-group id <ocid> to manage volume-group-backups in compartment id <ocid>
Allow dynamic-group id <ocid> to manage volume-backups in compartment id <ocid>
Allow dynamic-group id <ocid> to manage autonomous-backups in compartment id <ocid>
Allow dynamic-group id <ocid> to manage database-family in compartment id <ocid>
Allow dynamic-group id <ocid> to use ons-topic in compartment id <ocid>
Allow dynamic-group id <ocid> to use metrics in compartment id <ocid>