Instruções de Política do Oracle Cloud Infrastructure IAM para o Oracle Database Service for Azure
Este tópico fornece exemplos de instruções de política do OCI IAM para que os usuários do Azure executem operações na console regular do OCI em recursos de banco de dados do OCI provisionados por meio de OracleDB para o Azure.
Observe que as operações "Create" são excluídas dessas políticas porque os usuários precisarão criar OracleDB para recursos de banco de dados do Azure usando o OracleDB para a console do Azure. Os recursos criados no OracleDB para o Azure são vinculados automaticamente à conta e às assinaturas do Azure associadas.
Para obter mais informações sobre OracleDB para grupos de usuários do Azure, consulte os seguintes tópicos:
- Grupos de Usuários do Azure para Recursos de Banco de Dados do OracleDB para Azure
- Grupos de Usuário do Azure para OracleDB para Rede do Azure, Gerenciamento de Custos e Solicitações de Suporte
odsa-db-family-administrators
Instrução da política:
Allow group odsa-db-family-administrators to manage database-family in compartment <odsa_compartment_name>
where all {request.operation != CreateAutonomousContainerDatabase,
request.operation != CreateAutonomousDatabase,
request.operation != CreateAutonomousDatabaseBackup,
request.operation != CreateAutonomousVmCluster,
request.operation != CreateBackup,
request.operation != CreateBackupDestination,
request.operation != CreateCloudAutonomousVmCluster,
request.operation != CreateCloudExadataInfrastructure,
request.operation != CreateCloudVmCluster,
request.operation != CreateDatabase,
request.operation != CreateDatabaseSoftwareImage,
request.operation != CreateDbHome,
request.operation != CreateExadataInfrastructure,
request.operation != CreateExternalBackupJob,
request.operation != CreateExternalContainerDatabase,
request.operation != CreateExternalDatabaseConnector,
request.operation != CreateExternalPluggableDatabase,
request.operation != CreatePluggableDatabase,
request.operation != CreateVmCluster,
request.operation != CreateVmClusterNetwork}odsa-exa-infra-administrators
Instrução da política:
Allow group odsa-exa-infra-administrators to manage cloud-exadata-infrastructures in compartment <odsa_compartment_name>
where request.operation != CreateCloudExadataInfrastructure
Allow group odsa-exa-infra-administrators to manage cloud-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudVmCluster
Allow group odsa-exa-infra-administrators to manage cloud-autonomous-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudAutonomousVmCluster
Allow group odsa-exa-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>odsa-exa-cdb-administrators
Instrução da política:
Allow group odsa-exa-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-exa-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-exa-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>odsa-exa-pdb-administrators
Instrução da política:
Allow group odsa-exa-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabaseodsa-basedb-infra-administrators
Instrução da política:
Allow group odsa-basedb-infra-administrators to manage db-systems in compartment <odsa_compartment_name>
where request.operation != LaunchDbSystem
Allow group odsa-basedb-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>odsa-basedb-cdb-administrators
Instrução da política:
Allow group odsa-basedb-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-basedb-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-basedb-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>odsa-basedb-pdb-administrators
Instrução da política:
Allow group odsa-basedb-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabaseodsa-adbs-db-administrators
Instrução da política:
Allow group odsa-adbs-db-administrators to manage autonomous-databases in compartment <odsa_compartment_name>
where request.operation != CreateAutonomousDatabase
Allow group odsa-adbs-db-administrators to manage autonomous-database-backups in compartment <odsa_compartment_name>odsa-mysql-infraadministrador
Instrução da política:
Allow group odsa-mysql-infra-administrators to manage mysql-instances in compartment <Cloudlink-Compartment>
where request.operation != CreateDbSystem
Allow group odsa-mysql-infra-administrators to manage mysql-configurations in compartment <Cloudlink-Compartment>
where request.operation != CreateConfiguration
Allow group odsa-mysql-infra-administrators to manage mysql-backups in compartment <Cloudlink-Compartment>
where request.operation != DbSystemBackup
Allow group odsa-mysql-infra-administrators to manage mysql-channels in compartment <Cloudlink-Compartment>
where request.operation != CreateChannel
Allow group odsa-mysql-infra-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveClusterodsa-mysql-administrator de ondas de calor
Instrução da política:
Allow group odsa-mysql-heatwave-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveClusterodsa-network-administrators
Instrução da política:
Allow odsa-network-administrators to manage virtual-network-family in compartment <odsa_compartment_name>odsa-costmgmt-administrators
Instrução da política:
Allow group odsa-costmgmt-administrators to manage usage-report in tenancyodsa-costmgmt-readers
Instrução da política:
Allow group odsa-costmgmt-readers to read usage-report in tenancy