Prerequisites for Elastic Pool Usage Across Parent/Child Tenancies

Provides information on required policies for working with elastic pools with a pool member in a child tenancy and the pool leader in the parent tenancy.

To use an elastic pool across tenancies you must define OCI Identity and Access Management policies that allow an Autonomous Database instance in a child tenancy to join an elastic pool in the parent tenancy.

Note

Adding policies for parent and child tenancies is only required when you use elastic pools across tenancies where a member Autonomous Database instance in a child tenancy is added to an elastic pool in a parent tenancy.

Consider the following cases:

  • You want to allow a user in the parent tenancy to create an instance as a pool member in the child tenancy, or add an existing instance from the child tenancy as a pool member to an elastic pool in the parent tenancy. To do this, a user in the parent tenancy should have the following OCI Identity and Access Management policies:

    Policies needed in the parent tenancy:

    
    define tenancy ChildTenancy as ocid1.tenancy.oc1....
    endorse group ParentTenancyUserGroup to manage autonomous-databases in tenancy ChildTenancy
    allow group ParentTenancyUserGroup to manage autonomous-databases in tenancy

    Policies needed in the child tenancy:

    define tenancy ParentTenancy as ocid1.tenancy.oc1...
    define group ParentTenancyUserGroup as ocid1.group.oc1...
    admit group ParentTenancyUserGroup of tenancy ParentTenancy to manage autonomous-databases in tenancy
  • You want to allow a user in the child tenancy to create an instance as a member of an elastic pool in the parent tenancy, or add an existing instance from the child tenancy as a pool member to an elastic pool in the parent tenancy. To do this, a user in the child tenancy should have the following OCI Identity and Access Management policies:

    Policies needed in the parent tenancy:

    define tenancy ChildTenancy as ocid1.tenancy.oc1....
    define group ChildTenancyUserGroup as ocid1.group.oc1...
    admit group ChildTenancyUserGroup of tenancy ChildTenancy to manage autonomous-databases in tenancy

    Policies needed in the child tenancy:

    define tenancy ParentTenancy as ocid1.tenancy.oc1...
    define group ParentTenancyUserGroup as ocid1.group.oc1...
    endorse group ChildTenancyUserGroup to manage autonomous-databases in tenancy ParentTenancy
    allow group ChildTenancyUserGroup to manage autonomous-databases in tenancy