Resource-Permissions Model

Each resource defines its own permissions model. This permissions model forms the basis of how a policy is defined to allow for authorized access to distributed database resources.

These permissions are intended to be mapped to Operations (list, get, update delete, and so on) to allow for fine grained access control.

Read (read-only)– allows the user to view resource details
Update – grants View permission, plus allows the user to edit an existing resource, including move, add shard, remove shard
Create – grants Update permission, plus allows the user to create new resources
Delete – grants Create permission, plus allows the user to delete a resource

The following table details the permissions model for Oracle's Globally Distributed Database resources.

Resource	Permissions
`distributed-database`	DISTRIBUTED_DB_INSPECT DISTRIBUTED_DB_READ DISTRIBUTED_DB_MANAGE DISTRIBUTED_DB_MOVE DISTRIBUTED_DB_CREATE DISTRIBUTED_DB_DELETE
`distributed-database-privateendpoint`	DISTRIBUTED_DB_PRIVATE_ENDPOINT_INSPECT DISTRIBUTED_DB_PRIVATE_ENDPOINT_READ DISTRIBUTED_DB_PRIVATE_ENDPOINT_MANAGE DISTRIBUTED_DB_PRIVATE_ENDPOINT_MOVE DISTRIBUTED_DB_PRIVATE_ENDPOINT_CREATE DISTRIBUTED_DB_PRIVATE_ENDPOINT_DELETE
`distributed-database-work-requests`	DISTRIBUTED_DB_WORK_REQUEST_LIST DISTRIBUTED_DB_WORK_REQUEST_READ

Parent topic: Globally Distributed Database Policies