Virtual Cloud Networking Resources
To use an Oracle Data Safe private endpoint to connect to a target database, prior to creating or using an existing private endpoint, you need to obtain permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM) on the underlying virtual networking resources of a private endpoint for the relevant compartments in your tenancy. The underlying resources of a private endpoint include a virtual network interface card (vnic), network security group, subnet, and so on.
The following table lists the Oracle Data Safe operations and the corresponding activities that you need to be able to perform for each type of virtual networking resource.
Oracle Data Safe private endpoint Operation | Required Activities on Virtual Networking Resources |
---|---|
Create an Oracle Data Safe private endpoint |
For the Oracle Data Safe private endpoint compartment:
For the subnet compartment:
|
Update an Oracle Data Safe private endpoint |
For the Oracle Data Safe private endpoint compartment:
|
Delete an Oracle Data Safe private endpoint |
For the Oracle Data Safe private endpoint compartment:
For the subnet compartment
|
Example 2-6 Broad permission
In this example, the dbadmin
group has broad permission
to use all virtual networking resources in the compartment
ADWcmp1
.
allow group dbadmin to manage virtual-network-family in compartment ADWcmp1
Example 2-7 Specific permissions
In this example, the dbadmin
group has specific
permissions on network resources. The third statement is required only if you want
to use network security groups to control traffic to and from the private
endpoint.
allow group dbadmin to manage vnics in compartment ADWcmp1
allow group dbadmin to use subnets in compartment ADWcmp1
allow group dbadmin to use network-security-groups in compartment ADWcmp1