Instruções de Política do Oracle Cloud Infrastructure IAM para o Oracle Database Service for Azure
Este tópico fornece exemplo de instruções de política do OCI IAM para que os usuários do OracleDB para o Azure executem operações na console regular do OCI em recursos de banco de dados do OCI provisionados por meio de OracleDB para o Azure.
Observe que as operações "Criar" são excluídas dessas políticas porque os usuários precisarão criar OracleDB para recursos de banco de dados do Azure usando a console OracleDB para o Azure. Os recursos criados no OracleDB para o Azure são vinculados automaticamente à conta e às assinaturas do Azure associadas.
Para obter mais informações sobre grupos de usuários do OracleDB for Azure, consulte os seguintes tópicos:
- Grupos de Usuários do Azure para OracleDB para Recursos de Banco de Dados do Azure
- Grupos de Usuários do Azure para OracleDB para Rede, Gerenciamento de Custos e Solicitações de Suporte do Azure
odsa-db-family-administrators
Instrução da política:
Allow group odsa-db-family-administrators to manage database-family in compartment <odsa_compartment_name>
where all {request.operation != CreateAutonomousContainerDatabase,
request.operation != CreateAutonomousDatabase,
request.operation != CreateAutonomousDatabaseBackup,
request.operation != CreateAutonomousVmCluster,
request.operation != CreateBackup,
request.operation != CreateBackupDestination,
request.operation != CreateCloudAutonomousVmCluster,
request.operation != CreateCloudExadataInfrastructure,
request.operation != CreateCloudVmCluster,
request.operation != CreateDatabase,
request.operation != CreateDatabaseSoftwareImage,
request.operation != CreateDbHome,
request.operation != CreateExadataInfrastructure,
request.operation != CreateExternalBackupJob,
request.operation != CreateExternalContainerDatabase,
request.operation != CreateExternalDatabaseConnector,
request.operation != CreateExternalPluggableDatabase,
request.operation != CreatePluggableDatabase,
request.operation != CreateVmCluster,
request.operation != CreateVmClusterNetwork}odsa-exa-infra-administrators
Instrução da política:
Allow group odsa-exa-infra-administrators to manage cloud-exadata-infrastructures in compartment <odsa_compartment_name>
where request.operation != CreateCloudExadataInfrastructure
Allow group odsa-exa-infra-administrators to manage cloud-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudVmCluster
Allow group odsa-exa-infra-administrators to manage cloud-autonomous-vmclusters in compartment <odsa_compartment_name>
where request.operation != CreateCloudAutonomousVmCluster
Allow group odsa-exa-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>odsa-exa-cdb-administrators
Instrução da política:
Allow group odsa-exa-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-exa-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-exa-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>odsa-exa-pdb-administrators
Instrução da política:
Allow group odsa-exa-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabaseodsa-basedb-infra-administrators
Instrução da política:
Allow group odsa-basedb-infra-administrators to manage db-systems in compartment <odsa_compartment_name>
where request.operation != LaunchDbSystem
Allow group odsa-basedb-infra-administrators to manage db-nodes in compartment <odsa_compartment_name>odsa-basedb-cdb-administrators
Instrução da política:
Allow group odsa-basedb-cdb-administrators to manage db-homes in compartment <odsa_compartment_name>
where request.operation != CreateDbHome
Allow group odsa-basedb-cdb-administrators to manage databases in compartment <odsa_compartment_name>
where request.operation != CreateDatabase
Allow group odsa-basedb-cdb-administrators to manage db-backups in compartment <odsa_compartment_name>odsa-basedb-pdb-administrators
Instrução da política:
Allow group odsa-basedb-pdb-administrators to manage pluggable-databases in compartment <odsa_compartment_name>
where request.operation != CreatePluggableDatabaseodsa-adbs-db-administrators
Instrução da política:
Allow group odsa-adbs-db-administrators to manage autonomous-databases in compartment <odsa_compartment_name>
where request.operation != CreateAutonomousDatabase
Allow group odsa-adbs-db-administrators to manage autonomous-database-backups in compartment <odsa_compartment_name>odsa-mysql-infra-administrador
Instrução da política:
Allow group odsa-mysql-infra-administrators to manage mysql-instances in compartment <Cloudlink-Compartment>
where request.operation != CreateDbSystem
Allow group odsa-mysql-infra-administrators to manage mysql-configurations in compartment <Cloudlink-Compartment>
where request.operation != CreateConfiguration
Allow group odsa-mysql-infra-administrators to manage mysql-backups in compartment <Cloudlink-Compartment>
where request.operation != DbSystemBackup
Allow group odsa-mysql-infra-administrators to manage mysql-channels in compartment <Cloudlink-Compartment>
where request.operation != CreateChannel
Allow group odsa-mysql-infra-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveClusterodsa-mysql-heatwave-administrator
Instrução da política:
Allow group odsa-mysql-heatwave-administrators to manage mysql-heatwave in compartment <Cloudlink-Compartment>
where request.operation != AddHeatWaveClusterodsa-network-administrators
Instrução da política:
Allow odsa-network-administrators to manage virtual-network-family in compartment <odsa_compartment_name>odsa-costmgmt-administrators
Instrução da política:
Allow group odsa-costmgmt-administrators to manage usage-report in tenancyodsa-costmgmt-readers
Instrução da política:
Allow group odsa-costmgmt-readers to read usage-report in tenancy