Policies

Define Policy for a Dynamic Group

For Database Tools identities to access OCI services, you must define a policy which allows a dynamic group (that contains the Database Tools connections) to access the service.

For example, the following policy grants read-only access to all identities in the hr-identity-dynamic-group dynamic group to read Object Storage buckets in the hr compartment.

allow dynamic-group hr-identity-dynamic-group to read object-family in compartment hr

Define Policy for a Resource

Instead of using a dynamic group, you can also include a reference to the resource directly in the policy statement. For example, the following policy grants read-only access to the specified identity to read Object Storage buckets in the hr compartment.

allow any-user to read object-family in compartment hr where any {request.principal.id = 'ocid1.databasetoolsconnection.oc1...<uniqueID>' }

For more information, see For Oracle Database Connections.