Oracle Cloud Infrastructure Documentation

Details for the Database Service

This topic covers details for writing policies to control access to the Database service.

Resource-Types

database-family, which covers these individual resource-types:

db-systems

db-nodes

db-homes

databases

backups

autonomous-transaction-processing-family, which covers these individual resource-types:

autonomous-database

autonomous-backup

autonomous-data-warehouse-family, which covers these individual resource-types:

autonomous-data-warehouse

autonomous-data-warehouse-backup

Supported Variables

Only the general variables are supported (see General Variables for All Requests).

Details for Verb + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

For example, the read and use verbs for the db-systems resource-type cover no extra permissions or API operations compared to the inspect verb. However, the manage verb includes two more permissions and partially covers two more API operations.

For database-family Resource Types

db-systems
db-nodes
db-homes
databases

For autonomous-transaction-processing-family Resource Types

autonomous-databases
autonomous-backups

For autonomous-data-warehouse-family Resource Types

autonomous-data-warehouses
autonomous-data-warehouse-backups

Permissions Required for Each API Operation

The following tables list the API operations for database products in a logical order, grouped by resource type.

For information about permissions, see Permissions.

Database API Operations

API Operation Permissions Required to Use the Operation
ListDbSystems DB_SYSTEM_INSPECT
GetDbSystem DB_SYSTEM_INSPECT
LaunchDbSystem

DB_SYSTEM_CREATE and DB_HOME_CREATE and DATABASE_CREATE and VNIC_CREATE and VNIC_ATTACH and SUBNET_ATTACH

To enable automatic backups for the initial database, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ

UpdateDbSystem DB_SYSTEM_INSPECT and DB_SYSTEM_UPDATE
ListDbSystemPatches DB_SYSTEM_INSPECT
ListDbSystemPatchHistoryEntries DB_SYSTEM_INSPECT
GetDbSystemPatch DB_SYSTEM_INSPECT
GetDbSystemPatchHistoryEntry DB_SYSTEM_INSPECT
TerminateDbSystem

DB_SYSTEM_DELETE and DB_HOME_DELETE and DATABASE_DELETE and VNIC_DETACH and VNIC_DELETE and SUBNET_DETACH

If automatic backups are enabled for any database in the DB System, also need DELETE_BACKUP

GetDbNode DB_NODE_INSPECT
DbNodeAction DB_NODE_POWER_ACTIONS
ListDbHomes DB_HOME_INSPECT
GetDbHome DB_HOME_INSPECT
ListDbHomePatches DB_HOME_INSPECT
ListDbHomePatchHistoryEntries DB_HOME_INSPECT
GetDbHomePatch DB_HOME_INSPECT
GetDbHomePatchHistoryEntry DB_HOME_INSPECT
CreateDbHome

DB_SYSTEM_INSPECT and DB_SYSTEM_UPDATE and DB_HOME_CREATE and DATABASE_CREATE

To enable automatic backups for the database, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ

UpdateDbHome DB_HOME_UPDATE
DeleteDbHome

DB_SYSTEM_UPDATE and DB_HOME_DELETE and DATABASE_DELETE

If automatic backups are enabled, also need DELETE_BACKUP

If performing a final backup on termination, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ

ListDatabases DATABASE_INSPECT
GetDatabase DATABASE_INSPECT
UpdateDatabase

DATABASE_UPDATE

To enable automatic backups, also need DB_BACKUP_CREATE and DATABASE_CONTENT_READ

ListDbSystemShapes (no permissions required; available to anyone)
ListDbVersions (no permissions required; available to anyone)
GetDataGuardAssociation DATABASE_INSPECT
ListDataGuardAssociations DATABASE_INSPECT
CreateDataGuardAssociation DB_SYSTEM_UPDATE and DB_HOME_CREATE and DB_HOME_UPDATE and DATABASE_CREATE and DATABASE_UPDATE
SwitchoverDataGuardAssociation DATABASE_UPDATE
FailoverDataGuardAssociation DATABASE_UPDATE
ReinstateDataGuardAssociation DATABASE_UPDATE
GetBackup DB_BACKUP_INSPECT
ListBackups DB_BACKUP_INSPECT
CreateBackup DB_BACKUP_CREATE and DATABASE_CONTENT_READ
DeleteBackup DB_BACKUP_DELETE and DB_BACKUP_INSPECT
RestoreDatabase DB_BACKUP_INSPECT and DB_BACKUP_CONTENT_READ and DATABASE_CONTENT_WRITE

Autonomous Transaction Processing API Operations

API Operation Permissions Required to Use the Operation
GetAutonomousDatabase AUTONOMOUS_DATABASE_INSPECT
ListAutonomousDatabases AUTONOMOUS_DATABASE_INSPECT
CreateAutonomousDatabase AUTONOMOUS_DATABASE_CREATE
UpdateAutonomousDatabase AUTONOMOUS_DATABASE_UPDATE
DeleteAutonomousDatabase AUTONOMOUS_DATABASE_DELETE
StartAutonomousDatabase AUTONOMOUS_DATABASE_UPDATE
StopAutonomousDatabase AUTONOMOUS_DATABASE_UPDATE
RestoreAutonomousDatabase AUTONOMOUS_DB_BACKUP_CONTENT_READ and AUTONOMOUS_DATABASE_CONTENT_WRITE
CreateAutonomousDatabaseBackup AUTONOMOUS_DB_BACKUP_CREATE and AUTONOMOUS_DATABASE_CONTENT_READ
ListAutonomousDatabaseBackups AUTONOMOUS_DB_BACKUP_INSPECT
GetAutonomousDatabaseBackup AUTONOMOUS_DB_BACKUP_INSPECT

Autonomous Data Warehouse API Operations

API Operation Permissions Required to Use the Operation
GetAutonomousDataWarehouse AUTONOMOUS_DW_INSPECT
ListAutonomousDataWarehouses AUTONOMOUS_DW_INSPECT
CreateAutonomousDataWarehouse AUTONOMOUS_DW_CREATE
UpdateAutonomousDataWarehouse AUTONOMOUS_DW_UPDATE
DeleteAutonomousDataWarehouse AUTONOMOUS_DW_DELETE
StartAutonomousDataWarehouse AUTONOMOUS_DW_UPDATE
StopAutonomousDataWarehouse AUTONOMOUS_DW_UPDATE
RestoreAutonomousDataWarehouse AUTONOMOUS_DW_BACKUP_CONTENT_READ and AUTONOMOUS_DW_CONTENT_WRITE
ListAutonomousDataWarehouseBackups AUTONOMOUS_DW_BACKUP_INSPECT
GetAutonomousDataWarehouseBackup AUTONOMOUS_DW_BACKUP_INSPECT
CreateAutonomousDataWarehouseBackup AUTONOMOUS_DW_BACKUP_CREATE and AUTONOMOUS_DW_CONTENT_READ