Sentencias de política de IAM de Oracle Cloud Infrastructure para Oracle Database Service for Azure
En este tema se proporcionan sentencias de política de OCI IAM de ejemplo para que los usuarios de Azure realicen operaciones en la consola de OCI normal en los recursos de base de datos de OCI aprovisionados mediante OracleDB para Azure.
Tenga en cuenta que las operaciones "Crear" se excluyen de estas políticas porque los usuarios tendrán que crear OracleDB para los recursos de base de datos de Azure mediante OracleDB para la consola de Azure. Los recursos creados en OracleDB para Azure se enlazan automáticamente a la cuenta y las suscripciones asociadas de Azure.
Para obtener más información sobre OracleDB para grupos de usuarios de Azure, consulte los siguientes temas:
- Grupos de usuarios de Azure para recursos de base de datos de OracleDB for Azure
- Grupos de usuarios de Azure para aplicaciones de red, gestión de costos y soporte de Azure para OracleDB
odsa-db-family-administrators
Sentencia de política:
Allow group odsa-db-family-administrators to manage database-family in compartment <odsa_compartment_name>
where all {request.operation != CreateAutonomousContainerDatabase,
request.operation != CreateAutonomousDatabase,
request.operation != CreateAutonomousDatabaseBackup,
request.operation != CreateAutonomousVmCluster,
request.operation != CreateBackup,
request.operation != CreateBackupDestination,
request.operation != CreateCloudAutonomousVmCluster,
request.operation != CreateCloudExadataInfrastructure,
request.operation != CreateCloudVmCluster,
request.operation != CreateDatabase,
request.operation != CreateDatabaseSoftwareImage,
request.operation != CreateDbHome,
request.operation != CreateExadataInfrastructure,
request.operation != CreateExternalBackupJob,
request.operation != CreateExternalContainerDatabase,
request.operation != CreateExternalDatabaseConnector,
request.operation != CreateExternalPluggableDatabase,
request.operation != CreatePluggableDatabase,
request.operation != CreateVmCluster,
request.operation != CreateVmClusterNetwork}odsa-exa-infra-administrators
Sentencia de política:
Allow group odsa-exa-infra-administrators to manage cloud-exadata-infrastructures in compartment <odsa_compartment_name>
where request.operation != CreateCloudExadataInfrastructure
Allow group odsa-exa-infra-administrators to manage cloud-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudVmCluster
Allow group odsa-exa-infra-administrators to manage cloud-autonomous-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudAutonomousVmCluster
Allow group odsa-exa-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>odsa-exa-cdb-administrators
Sentencia de política:
Allow group odsa-exa-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-exa-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-exa-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>odsa-exa-pdb-administrators
Sentencia de política:
Allow group odsa-exa-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabaseodsa-basedb-infra-administrators
Sentencia de política:
Allow group odsa-basedb-infra-administrators to manage db-systems in compartment <odsa_compartment_name>
where request.operation != LaunchDbSystem
Allow group odsa-basedb-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>odsa-basedb-cdb-administrators
Sentencia de política:
Allow group odsa-basedb-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-basedb-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-basedb-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>odsa-basedb-pdb-administrators
Sentencia de política:
Allow group odsa-basedb-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabaseodsa-adbs-db-administrators
Sentencia de política:
Allow group odsa-adbs-db-administrators to manage autonomous-databases in compartment <odsa_compartment_name>
where request.operation != CreateAutonomousDatabase
Allow group odsa-adbs-db-administrators to manage autonomous-database-backups in compartment <odsa_compartment_name>odsa-mysql-infra-administrator
Sentencia de política:
Allow group odsa-mysql-infra-administrators to manage mysql-instances in compartment <Cloudlink-Compartment>
where request.operation != CreateDbSystem
Allow group odsa-mysql-infra-administrators to manage mysql-configurations in compartment <Cloudlink-Compartment>
where request.operation != CreateConfiguration
Allow group odsa-mysql-infra-administrators to manage mysql-backups in compartment <Cloudlink-Compartment>
where request.operation != DbSystemBackup
Allow group odsa-mysql-infra-administrators to manage mysql-channels in compartment <Cloudlink-Compartment>
where request.operation != CreateChannel
Allow group odsa-mysql-infra-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveClusterodsa-mysql-heatwave-administrator
Sentencia de política:
Allow group odsa-mysql-heatwave-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveClusterodsa-network-administrators
Sentencia de política:
Allow odsa-network-administrators to manage virtual-network-family in compartment <odsa_compartment_name>odsa-costmgmt-administrators
Sentencia de política:
Allow group odsa-costmgmt-administrators to manage usage-report in tenancyodsa-costmgmt-readers
Sentencia de política:
Allow group odsa-costmgmt-readers to read usage-report in tenancy