To use Database Management for External MySQL, the following Oracle Cloud Infrastructure service permissions are required in addition to Database Management permissions.

• Monitoring service permissions: Monitoring service permissions are required to:
  • View External MySQL DB system metrics on the HeatWave & External MySQL fleet summary and MySQL database details pages.
  • View open External MySQL DB system alarms in Database Management.
  • Perform alarm-related tasks in the Alarm definitions section on the MySQL database details page.

  Here's information on the policies that provide the permissions required to perform the tasks given in the preceding list:

  • To view External MySQL DB system metrics in Database Management, a policy with the read verb for the metrics resource-type must be created. Here's an example:

    Allow group DB-MGMT-MYSQL-USER to read metrics in compartment ABC

  • To view the open External MySQL DB system alarms in Database Management and the Alarm Status and Alarm Definitions pages of the Monitoring service, a policy with the read verb for the alarms resource-type must be created (in addition to a policy with the read verb for the metrics resource-type). Here's an example:

    Allow group DB-MGMT-MYSQL-USER to read alarms in compartment ABC

  • To perform alarm-related tasks in the Alarm definitions section on the MySQL database details page, a policy with the manage verb for the alarms resource-type must be created (in addition to a policy with the read verb for the metrics resource-type). Here's an example:

    Allow group DB-MGMT-MYSQL-USER to manage alarms in compartment ABC

  To build queries and create alarms using the Monitoring service, other permissions are required. For information on:

  • Monitoring service resource-types and permissions, see Details for Monitoring.

  • Common Monitoring service policies, see Common Policies.

• Notifications service permission: A Notifications service permission is required to use or create topics and subscriptions when creating alarms in the Alarm definitions section on the MySQL database details page.

  To grant this permission, a policy with the use or manage verb for the ons-topics resource-type must be created (in addition to Monitoring service permissions). Here's an example of a policy with the manage verb that allows you to create a new topic when creating an alarm:

  Allow group DB-MGMT-MYSQL-USER to manage ons-topics in compartment ABC

  For more information on the Notifications service resource-types and permissions, see Details for Notifications.

• Management Dashboard permissions: Management Dashboard permissions are required to use dashboards for Database Management-enabled External MySQL DB systems.

  To perform tasks such as creating a dashboard or a widget, you must have the required permissions on the Management Dashboard resource-types:

  • management-dashboard: This resource-type allows a user group to use dashboards.
  • management-saved-search: This resource-type allows a user group to use the saved searches in a dashboard.

  For more information on the Management Dashboard resource-types, permissions, API operations, and examples of policies, see Details for Management Dashboard.

• Events service permissions: An Events service permission is required to create and view the event rules to monitor changes to the External MySQL DB system or connector resource.

  To grant this permission, a policy with the manage verb for the cloudevents-rules resource-type must be created. Here's an example of a policy with the manage verb that allows you to create and view event rules:

  Allow group DB-MGMT-MYSQL-USER to manage cloudevents-rules in tenancy

  In addition to the Events service permission, you need other Oracle Cloud Infrastructure service permissions to specify an action type when creating an event rule. For information, see Events and IAM Policies.

  For more information on the Events service resource-type and permissions, see Details for the Events Service.