To authorize your compute instance to perform actions on the NoSQL Service, ObjectStorage, and Oracle Autonomous AI Lakehouse, a dynamic group must be created and a set of matching rules must be added for your instance. To allow the Oracle Autonomous AI Lakehouse database to use the OCI Resource Principal to access Object Storage, a dynamic group with the appropriate set of rules must also be created. If you wish, the same dynamic group you create for your compute instance can also be used for the Oracle Autonomous AI Lakehouse database. This is shown in the example below.

• Select Identity & Security from the menu on the left side of the display.
• Under Identity, select Domains. Click the domain you want to work in and from horizontal scroll bar at the top, select Dynamic groups.
  
  
  Description of the illustration oci-dom.png
  
  
• Click Create Dynamic Group.
  
  
  Description of the illustration new-crt-iden-dg.png
  
  
• Enter a name for the group, for example, nosql-to-adw-group.
• Enter a description for the group; for example, the list of the group’s members.
• Enter the desired matching rules; for example, Any {instance.id=''<ocid-of-compute-instance}' and 'resource.id='<ocid-ofthe-database>'.
  
  
  Description of the illustration new-dg-input-values.png
  
  
• Click Create.

Once a dynamic group is created, you must create a policy that grants permissions to it that allows members of that group (for example, the compute instance) to read tables in the NoSQL Cloud Service, read and write objects in ObjectStorage, and execute procedures in the Oracle Autonomous AI Lakehouse.

• Select Identity & Security from the menu on the left side of the display.
• Under Identity, select Policies.
  
  
  Description of the illustration new-oci-pol.png
  
  
• Click the Compartment filter next to Applied filters. Select your compartment from the drop-down list and click Apply filter.
• Click Create Policy.
  
  
  Description of the illustration new-crt-iden-pol.png
  
  
• Enter a name for the policy.
• Enter a description for the policy; for example, a description of what the members of the group are allowed to do.
• Enter the compartment and click Create.
  
  
  Description of the illustration new-pol-inp-values.png
  
  
• Add Statements to the policy using Show manual editor.
  
  
  Description of the illustration new-policy-builder.png
  
  

An example set of policies that allow the compute instance from the dynamic group to access the NoSQL Cloud Service, ObjectStorage, and Oracle Autonomous AI Lakehouse is given below.

Allow dynamic-group <dyn-grp-name> to manage nosql-tables in compartment <compartment-name>
Allow dynamic-group <dyn-grp-name> to manage nosql-rows in compartment <compartment-name>
Allow dynamic-group <dyn-grp-name> to manage nosql-indexes in compartment <compartment-name>
Allow dynamic-group <dyn-grp-name> to read buckets in compartment <compartment-name>
Allow dynamic-group <dyn-grp-name> to read objects in compartment <compartment-name>
Allow dynamic-group <dyn-grp-name> to manage buckets in compartment <compartment-name>
Allow dynamic-group <dyn-grp-name> to manage objects in compartment <compartment-name>
Allow dynamic-group <dyn-grp-name> to manage autonomous-database in compartment <compartment-name>