Resource Principal
You can use Database Tools identity to authenticate and access Oracle Cloud Infrastructure (OCI) resources using resource principal. This approach avoids storing, exposing, or requiring manual updates to user credentials and enhances security. You can use a Database Tools identity only with a Database Tools connections that you have created with resource principal as the runtime identity.
Authenticated Principal and Resource Principal are different ways of providing access to the database connection password and connection wallet information to establish a database connection. When you use Authenticated Principal, the user who is currently logged in to OCI, retrieves the password. In this case, an administrator must create the required policies to grant access to the user. When you use Resource Principal, the resource retrieves the password. So an administrator does not have to grant a user access to the password and it is more secure.
When you use Database Tools connection with resource principal, you do not need to create a credential object to access OCI resources. You must create an Database Tools identity object, which in turn creates and secures the resource principal credentials that you use to access the specified OCI resources.
A resource principal consists of a temporary session token and secure credentials that enable the resource to authenticate itself to other OCI services. Database Tools connections can use resource principals to access the secrets that are used in connections. This approach offers an advantage as access to the secret is granted to the connection resource and not the user. So, Database Tools connection administrators can restrict users from accessing secrets. When you use Database Tools connection with resource principal, you do not need to create a credential object to access OCI resources. Database Tools creates and secures the resource principal credentials that you use to access the specified OCI resources.
To use resource principals, a tenancy administrator must define the appropriate OCI policies and dynamic groups that allow resource principals to access OCI resources. When you use a resource principal to access services, the generated session token and credentials are valid only for the OCI resources to which the dynamic group has been granted access.
For information about creating a Database Tools connection to use resource principal, see Using the Oracle Cloud Infrastructure Console.
The components of a resource principal are: