Dynamic Groups
Dynamic groups allow you to group Database Tools connections as principal actors, similar to user groups.
You can then create policies to permit Database Tools connections in the dynamic groups to access secrets stored in OCI Vault. Membership in the group is determined by a set of criteria you define, called matching rules.
Example Matching Rules
-
The following example shows a matching rule including all Database Tools connections in the defined compartment:
ALL {resource.type = 'databasetoolsconnection', resource.compartment.id = 'ocid1.compartment.oc1..<uniqueID>'} -
The following example shows a matching rule that includes a single Database Tools connection from the defined compartment:
All {resource.id = 'ocid1.databasetoolsconnection.oc1..<uniqueID>', resource.compartment.id = 'ocid1.compartment.oc1..<uniqueID>'}
For more information, see Writing Matching Rules to Define Dynamic Groups.
Dynamic groups require a name, description, and matching rule. See Creating a Dynamic Group.