Policies for Oracle Autonomous Database

Shows how to allow Disaster Recovery (DR) to manage Oracle Autonomous Database Service databases such as Oracle Autonomous Database Serverless and Autonomous Database on Dedicated Exadata Infrastructure (Autonomous Container Database) that are part of the application stack.

Policies to configure using resource principal


For Member Type: AUTONOMOUS_DATABASE
Allow dynamic-group <Dynamic_group_Name> to manage autonomous-database-family in compartment <compartment_name>
Allow dynamic-group <Dynamic_group_Name> read vaults in compartment <compartment_name>
Allow dynamic-group <Dynamic_group_Name> read secret-family in compartment <compartment_name>

For Member Type: AUTONOMOUS_CONTAINER_DATABASE
Allow dynamic-group <Dynamic_group_Name> to manage autonomous-database-family in compartment <compartment_name>
Allow dynamic-group <Dynamic_group_Name> to update cloud-autonomous-vmclusters in compartment <compartment_name>
Allow dynamic-group <Dynamic_group_Name> to update autonomous-vmclusters in compartment <compartment_name> 
Allow dynamic-group <Dynamic_group_Name> to update autonomousContainerDatabaseDataguardAssociations in compartment <compartment_name>

Policies to configure using user authentication

Allow group group_name to manage autonomous-database-family in compartment compartment_name

A more restrictive policy that allows DR to only perform switchover and failover operations on autonomous databases is similar to the following:

Allow group group_name to update autonomous-databases in compartment compartment_name

For additional about the Identity and Access Management (IAM) policies for Oracle Autonomous Database, refer Details for the Database Service.

For Autonomous Database Serverless:

Allow group group_name to update AutonomousDatabaseDataguardAssociation in compartment
      compartment_name

For Autonomous Database on Dedicated Exadata Infrastructure (Autonomous Container Database):

Allow group group_name to manage autonomous-database-family in compartment compartment_name
Allow group group_name to update cloud-autonomous-vmclusters in compartment compartment_name
Allow group group_name to update autonomous-vmclusters in compartment compartment_name 
Allow group group_name to update autonomousContainerDatabaseDataguardAssociations in compartment compartment_name

Parent topic: Policies for Other Services Managed by Full Stack Disaster Recovery

Oracle Cloud Infrastructure Documentation

Policies for Oracle Autonomous Database