Prerequisites and Permissions for Exadata Database Service on Cloud@Customer
Exadata Database Service on Cloud@Customer Service Permissions
To enable Ops Insights for Exadata Database Service on Cloud@Customer, ensure the following required policies are enabled:- User
policies:
allow group opsi-admins to use database-family in compartment ExaCCCompartment
allow group opsi-admins to read dbmgmt-family in compartment ExaCCCompartment
Note
This compartment should be the highest level compartment where Exadata-related resources are located; this policy can also be written at a tenancy-level.allow group opsi-admins to read secret-family in compartment ExaCCCompartment where any { target.vault.id = 'VaultOCID' }
User policies for Autonomous Databses
Allow group opsi-admins to manage management-agents in compartment ExaCCdbCompartmen
Allow group opsi-admins to manage management-agents-named-credentials in compartment ExaCCdbCompartment
- OPSI
policies:
allow any-user to read secret-family in tenancy where ALL{request.principal.type='opsidatabaseinsight',target.vault.id = 'VaultOCID'}
Allow any-user to read database-family in compartment ExaCCCompartment where ALL{request.principal.type = 'opsiexadatainsight'}
OPSI policies for Autonomous Databses
Allow any-user to read database-family in tenancy where ALL { request.principal.type = 'managementagent', request.operation = 'GenerateAutonomousDatabaseWallet' }
For more information on specific Exadata Database Service on Cloud@Customer service resource-types and permissions, see Details for Exadata Cloud Service Instances.
Exadata Database Service on Cloud@Customer Service Prerequisites
- If a Management Agent is not installed, then you must first install one. For information on how to install a Management Agent on Exadata Cloud to enable Database Management, see OCI : Observability & Management Support For Exadata Cloud (Article ID PNEWS1338). For additional information on installing Management Agents see Install Management Agents.
- Create the Management Agent credentials that will be used by Ops Insights to connect to the Exadata Database Service on Cloud@Customer Service. These credentials reside in the Management Agent and not within Ops Insights, for more information see: Management Agent Source Credentials.
- Ensure Management Agent version is the latest, the required agent version must be 250704.1404 or higher.
- Ensure port 443 is enabled and available.
- Review securing data recommendations: Secure on-premises observability data upload using Management Gateway.
- Ensure a database monitoring user is created, for a complete list of cloud database prerequisites see: Oracle Cloud Database-related Prerequisites