Permissions Required to Use Database Management
To use Database Management for MySQL HeatWave DB systems, you must belong to a user group in your tenancy with the required permissions on the following Database Management resource-types:
dbmgmt-managed-mysql-databases
: This resource-type allows a user group to use the Database Management features to monitor DB systems.dbmgmt-mysql-family
: This aggregate resource-type includes the individual Database Management resource-type for the MySQL HeatWave service.
Here are a few examples of the policies that grant user groups the permissions required to monitor DB systems using Database Management:
- To grant the
DB-MGMT-MYSQL-USER
user group the permission to use all Database Management features for all the DB systems in the tenancy:Allow group DB-MGMT-MYSQL-USER to manage dbmgmt-mysql-family in tenancy
-
To grant the
DB-MGMT-MYSQL-USER
user group the permission to view the number of DB systems for which Database Management is enabled (in compartmentABC
) on the MySQL databases tile on the Database Management Overview page:Allow group DB-MGMT-MYSQL-USER to inspect dbmgmt-managed-mysql-databases in compartment ABC
- To grant the
DB-MGMT-MYSQL-USER
user group the permission to view the metrics and other details for a fleet of DB systems and HeatWave clusters in compartmentABC
:Allow group DB-MGMT-MYSQL-USER to read dbmgmt-managed-mysql-databases in compartment ABC
- To grant the
DB-MGMT-MYSQL-USER
user group the permission to view SQL performance data and configuration variables of a single DB system in compartmentABC
:Allow group DB-MGMT-MYSQL-USER to use dbmgmt-managed-mysql-databases in compartment ABC
Additional Permissions Required to Use Database Management
To use Database Management for MySQL HeatWave, the following Oracle Cloud Infrastructure service permissions are required in addition to Database Management permissions.
- MySQL HeatWave service permission: A MySQL
HeatWave service permission is required to:
- View the total number of DB systems in the selected compartment on the MySQL databases tile on the Database Management Overview page.
- Go to the DB system details page in the MySQL HeatWave service from the MySQL database details page in Database Management. If you do not have this permission, an error is displayed when you click the DB system name link in the MySQL database information section on the MySQL database details page.
- Go to the Configuration details page in the MySQL HeatWave service from the MySQL database details page in Database Management. If you do not have this permission, an error is displayed when you click the MDS configuration link in the Configuration variables section on the MySQL database details page.
To grant this permission, a policy with the
manage
verb and the MySQL HeatWave resource-types must be created. Here's an example in which themysql-family
aggregate resource-type is used:Allow group DB-MGMT-MYSQL-USER to manage mysql-family in compartment ABC
For more information on the MySQL HeatWave service resource-types and permissions, see IAM Policies.
Note
This additional permission is required for a user group that does not have the MySQL HeatWave service permission to enable Database Management for MySQL HeatWave. For information, see Permissions Required to Enable Database Management. - Monitoring service permissions: Monitoring service
permissions are required to:
- View DB system and HeatWave cluster metrics on the MySQL HeatWave fleet summary and MySQL database details pages.
- View open DB system and HeatWave cluster alarms in Database Management.
- Perform alarm-related tasks in the Alarm definitions section on the MySQL database details page.
Here's information on the policies that provide the permissions required to perform the tasks given in the preceding list:
- To view DB system and HeatWave cluster metrics in Database Management, a policy with the
read
verb for themetrics
resource-type must be created. Here's an example:Allow group DB-MGMT-MYSQL-USER to read metrics in compartment ABC
- To view the open DB system and HeatWave cluster alarms in Database Management and the Alarm Status and Alarm Definitions pages of the
Monitoring service, a policy with the
read
verb for thealarms
resource-type must be created (in addition to a policy with theread
verb for themetrics
resource-type). Here's an example:Allow group DB-MGMT-MYSQL-USER to read alarms in compartment ABC
- To perform alarm-related tasks in the Alarm
definitions section on the MySQL database details
page, a policy with the
manage
verb for thealarms
resource-type must be created (in addition to a policy with theread
verb for themetrics
resource-type). Here's an example:Allow group DB-MGMT-MYSQL-USER to manage alarms in compartment ABC
To build queries and create alarms using the Monitoring service, other permissions are required. For information on:
-
Monitoring service resource-types and permissions, see Details for Monitoring.
-
Common Monitoring service policies, see Common Policies.
- Notifications service permission: A Notifications service permission is
required to use or create topics and subscriptions when creating alarms in the
Alarm definitions section on the MySQL database
details page.
To grant this permission, a policy with the
use
ormanage
verb for theons-topics
resource-type must be created (in addition to Monitoring service permissions). Here's an example of a policy with themanage
verb that allows you to create a new topic when creating an alarm:Allow group DB-MGMT-MYSQL-USER to manage ons-topics in compartment ABC
For more information on the Notifications service resource-types and permissions, see Details for Notifications.