Permissions Required to Discover Oracle Cloud Database Systems
To discover Oracle Cloud Database Systems in Database Management, you must belong to a user group in your tenancy with the required permissions on the following Database Management resource-types:
dbmgmt-cloud-dbsystem-discoveries: This resource-type allows a user group to initiate the discovery and update the discovery results with connection details.dbmgmt-cloud-dbsystems: This resource-type allows a user group to add the Oracle Cloud Database System and its components.dbmgmt-work-requests: This resource-type allows a user group to monitor the work requests associated with the Oracle Cloud Database System discovery.dbmgmt-family: This aggregate resource-type includes the individual Database Management resource-types and allows a user group to discover and monitor Oracle Cloud Database Systems. In addition, you can use this resource-type to grant the permissions required to enable and use Database Management for Oracle Databases, External Database Systems, and Exadata Infrastructure.
Here are examples of the individual policies that grant a user group the permissions required to discover Oracle Cloud Database Systems and monitor associated work requests:
Allow group DB-MGMT-CLOUDDBSYSTEM-ADMIN to manage dbmgmt-cloud-dbsystem-discoveries in tenancyAllow group DB-MGMT-CLOUDDBSYSTEM-ADMIN to manage dbmgmt-cloud-dbsystems in tenancyAllow group DB-MGMT-CLOUDDBSYSTEM-ADMIN to read dbmgmt-work-requests in tenancyAlternatively, a single policy using the Database Management aggregate resource-type grants the
DB-MGMT-CLOUDDBSYSTEM-ADMIN user group the same permissions
detailed in the preceding paragraph as well as the permissions required to use Database Management for Oracle Databases, External Database
Systems, and Exadata Infrastructure.
Allow group DB-MGMT-CLOUDDBSYSTEM-ADMIN to manage dbmgmt-family in tenancyFor more information on Database Management resource-types and permissions, see Policy Details for Database Management.
Additional Permissions Required to Discover Oracle Cloud Database Systems
In addition to Database Management permissions, the following Oracle Cloud Infrastructure service permissions are required to discover Oracle Cloud Database Systems.
Management Agent Permission
A resource principal policy is required to enable a Management Agent to add the components in the Oracle Cloud Database System. Here's an example:
Allow any-user to manage dbmgmt-cloud-dbsystems in compartment ABC where ALL {request.principal.type = 'managementagent', request.principal.compartment.id = '<Management_Agent_Compartment_OCID>'}For more information on the Management Agent resource-types and permissions, see Details for Management Agent.
Vault Service Permissions
Vault service permissions are required to create new secrets or use existing
secrets when discovering Oracle Cloud Database Systems or adding a connection to the
components. To grant these permissions, you must create a policy with the
read verb and the secret-family aggregate
resource-type.
Here's an example of the policy that grants the
DB-MGMT-CLOUDDBSYSTEM-ADMIN user group the permission to create and use
secrets in the tenancy:
Allow group DB-MGMT-CLOUDDBSYSTEM-ADMIN to read secret-family in tenancyFor more information on the Vault service resource-types and permissions, see Details for the Vault Service.