Oracle Database Service for Azureに対するOracle Cloud Infrastructure IAMポリシー・ステートメント

このトピックでは、OracleDB for AzureでプロビジョニングされたOCIデータベース・リソース上の通常のOCIコンソールで、OracleDB for Azureユーザーが操作を実行するためのOCI IAMポリシー・ステートメントの例を示します。

「作成」操作は、ユーザーがOracleDB for Azureコンソールを使用してOracleDB for Azureデータベース・リソースを作成する必要があるため、これらのポリシーから除外されます。OracleDB for Azureで作成されたリソースは、関連付けられたAzureアカウントおよびサブスクリプションに自動的にリンクされます。

OracleDB for Azureユーザー・グループの詳細は、次のトピックを参照してください:

odsa-db-family-administrators

ポリシー・ステートメント:

Allow group odsa-db-family-administrators to manage database-family in compartment <odsa_compartment_name>
where all {request.operation != CreateAutonomousContainerDatabase,
request.operation != CreateAutonomousDatabase,
request.operation != CreateAutonomousDatabaseBackup,
request.operation != CreateAutonomousVmCluster,
request.operation != CreateBackup,
request.operation != CreateBackupDestination,
request.operation != CreateCloudAutonomousVmCluster,
request.operation != CreateCloudExadataInfrastructure,
request.operation != CreateCloudVmCluster,
request.operation != CreateDatabase,
request.operation != CreateDatabaseSoftwareImage,
request.operation != CreateDbHome,
request.operation != CreateExadataInfrastructure,
request.operation != CreateExternalBackupJob,
request.operation != CreateExternalContainerDatabase,
request.operation != CreateExternalDatabaseConnector,
request.operation != CreateExternalPluggableDatabase,
request.operation != CreatePluggableDatabase,
request.operation != CreateVmCluster,
request.operation != CreateVmClusterNetwork}

odsa-exa-infra-administrators

ポリシー・ステートメント:

Allow group odsa-exa-infra-administrators to manage cloud-exadata-infrastructures in compartment <odsa_compartment_name>
  where request.operation != CreateCloudExadataInfrastructure
 
Allow group odsa-exa-infra-administrators to manage cloud-vmclusters in compartment <odsa_compartment_name>
  where request.operation != CreateCloudVmCluster
 
Allow group odsa-exa-infra-administrators to manage cloud-autonomous-vmclusters in compartment <odsa_compartment_name>
  where request.operation != CreateCloudAutonomousVmCluster
 
Allow group odsa-exa-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>

odsa-exa-cdb-administrators

ポリシー・ステートメント:

Allow group odsa-exa-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
  where request.operation != CreateDbHome
 
Allow group odsa-exa-cdb-administrators to manage databases in compartment <odsa_compartment_name>
  where request.operation != CreateDatabase
 
Allow group odsa-exa-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>

odsa-exa-pdb-administrators

ポリシー・ステートメント:

Allow group odsa-exa-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
  where request.operation != CreatePluggableDatabase

odsa-basedb-infra-administrators

ポリシー・ステートメント:

Allow group odsa-basedb-infra-administrators to manage db-systems in compartment <odsa_compartment_name>
  where request.operation != LaunchDbSystem
 
Allow group odsa-basedb-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>

odsa-basedb-cdb-administrators

ポリシー・ステートメント:

Allow group odsa-basedb-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
  where request.operation != CreateDbHome
 
Allow group odsa-basedb-cdb-administrators to manage databases in compartment <odsa_compartment_name>
  where request.operation != CreateDatabase
 
Allow group odsa-basedb-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>

odsa-basedb-pdb-administrators

ポリシー・ステートメント:

Allow group odsa-basedb-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
  where request.operation != CreatePluggableDatabase

odsa-adbs-db-administrators

ポリシー・ステートメント:

Allow group odsa-adbs-db-administrators to manage autonomous-databases in compartment <odsa_compartment_name>
  where request.operation != CreateAutonomousDatabase
 
Allow group odsa-adbs-db-administrators to manage autonomous-database-backups in compartment <odsa_compartment_name>

odsa-mysql-infra-administrator

ポリシー・ステートメント:

Allow group odsa-mysql-infra-administrators to manage mysql-instances in compartment <Cloudlink-Compartment>
  where request.operation != CreateDbSystem
 
Allow group odsa-mysql-infra-administrators to manage mysql-configurations in compartment <Cloudlink-Compartment>
  where request.operation != CreateConfiguration
 
Allow group odsa-mysql-infra-administrators to manage mysql-backups in compartment <Cloudlink-Compartment>
  where request.operation != DbSystemBackup
 
Allow group odsa-mysql-infra-administrators to manage mysql-channels in compartment <Cloudlink-Compartment>
  where request.operation != CreateChannel
 
Allow group odsa-mysql-infra-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
  where request.operation != AddHeatWaveCluster

odsa-mysql-heatwave管理者

ポリシー・ステートメント:

Allow group odsa-mysql-heatwave-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
  where request.operation != AddHeatWaveCluster

odsa-network-administrators

ポリシー・ステートメント:

Allow odsa-network-administrators to manage virtual-network-family in compartment <odsa_compartment_name>

odsa-costmgmt-administrators

ポリシー・ステートメント:

Allow group odsa-costmgmt-administrators to manage usage-report in tenancy

odsa-costmgmt-readers

ポリシー・ステートメント:

Allow group odsa-costmgmt-readers to read usage-report in tenancy

Oracle Cloud Infrastructureドキュメント

Oracle Database Service for Azureに対するOracle Cloud Infrastructure IAMポリシー・ステートメント

odsa-db-family-administrators

odsa-exa-infra-administrators

odsa-exa-cdb-administrators

odsa-exa-pdb-administrators

odsa-basedb-infra-administrators

odsa-basedb-cdb-administrators

odsa-basedb-pdb-administrators

odsa-adbs-db-administrators

odsa-mysql-infra-administrator

odsa-mysql-heatwave管理者

odsa-network-administrators

odsa-costmgmt-administrators

odsa-costmgmt-readers