Prerequisites and Permissions for Exadata Database Service on Cloud@Customer

Exadata Database Service on Cloud@Customer Service Permissions

To enable Ops Insights for Exadata Database Service on Cloud@Customer, ensure the following required policies are enabled:
  • User policies:
    allow group opsi-admins to use database-family in compartment ExaCCCompartment
    allow group opsi-admins to read dbmgmt-family in compartment ExaCCCompartment
    Note

    This compartment should be the highest level compartment where Exadata-related resources are located; this policy can also be written at a tenancy-level.
    allow group opsi-admins to read secret-family in compartment ExaCCCompartment where any { target.vault.id = 'VaultOCID' }

    User policies for Autonomous Databses

    Allow group opsi-admins to manage management-agents in compartment ExaCCdbCompartmen
    Allow group opsi-admins to manage management-agents-named-credentials in compartment ExaCCdbCompartment
  • OPSI policies:
    allow any-user to read secret-family in tenancy where ALL{request.principal.type='opsidatabaseinsight',target.vault.id = 'VaultOCID'}
    Allow any-user to read database-family in compartment ExaCCCompartment where ALL{request.principal.type = 'opsiexadatainsight'}

    OPSI policies for Autonomous Databses

    Allow any-user to read database-family in tenancy where ALL { request.principal.type = 'managementagent', request.operation = 'GenerateAutonomousDatabaseWallet' }

For more information on specific Exadata Database Service on Cloud@Customer service resource-types and permissions, see Details for Exadata Cloud Service Instances.

Exadata Database Service on Cloud@Customer Service Prerequisites