Database connections are a useful feature when granting access to database to a specific user or defined groups of users. To help isolate these connections, use policies to grant access to specific connections based on a user's role, as demonstrated in the following example:

For an Autonomous Data Warehouse that is used for reporting, create a shared database connection named ReportingDataAccess. Assign this connection to a specific set of end users in a group called Data Scientists. The users in this group now have access to the details of the database connection, but are limited to using only this connection and the roles and privileges inherited by the user that the connection is using to access the database.

You can also create an administrator connection to the data warehouse, and assign a different set of users to that connection with a group called DatabaseAdministrators. Using compartments and policies, you can separate the access to these connections as follows:

Data Scientists group:

1. Create a compartment called Reporting.
2. Create a group in this compartment called DataScientists.
3. Create a database connection in the Reporting compartment called ReportingDataAccess.
4. Create a policy that gives access to the connection in the Reporting compartment to the DataScientists group:

   • Allow group DataScientists to read database-tools-family in compartment Reporting

   • Allow group DataScientists to use database-tools-connections in compartment Reporting

Database Administrators group:

1. Create a compartment called DBA.
2. Create a group in this compartment called DatabaseAdministrators.
3. Create a database connection called DatabaseAdmin in the DBA compartment.
4. Create a policy that gives access to the connection in the DBA compartment to that group:

   • Allow group DatabaseAdministrators to read database-tools-family in compartment DBA

   • Allow group DatabaseAdministrators to use database-tools-connections in compartment DBA

These groups and compartment-specific database connections help isolate which users can access which databases and determine the access they have.