This page describes the Oracle Database@Google Cloud Identity and Access Management (IAM) integration and how you can use IAM to manage access across your resources.
IAM lets you control user and group access to Oracle Database@Google Cloud
resources for the Exadata Database and Autonomous Database services. Roles
are defined at the Google Cloud project level.
For example, giving a user viewer access in an Exadata Infrastructure instance would grant
them viewer access to all Exadata Infrastructure instances and VM Clusters
in that project.
Using access control with IAM, you can grant permissions to a user or a group without modifying each instance, cluster, or database individually. Oracle Database@Google Cloud provides a set of predefined roles to manage access. You can use predefined roles or specific permissions to grant access to users. For more information about how IAM works at Google Cloud, see IAM documentation.
Predefined user roles
Predefined roles contain permissions that allow Google Cloud project members to perform specific actions on Oracle Database@Google Cloud resources. The role you grant to a project member controls what actions they can take in that project. Project members can be individuals, groups, or service accounts. You can grant multiple roles to the same project member, and can change the roles granted at any time.
Broader roles include the more narrowly defined roles. For example, the Cloud Exadata Infrastructure Admin role includes all permissions of the Cloud Exadata Infrastructure Viewer role, along with additional permissions of the Cloud Exadata Infrastructure Admin role.
For more information about the available predefined roles and their permissions, see the following:
- Oracle Database@Google Cloud predefined roles
- Exadata Database Service predefined roles
- Autonomous Database Service predefined roles
Oracle Database@Google Cloud predefined roles
Roles defined at the Oracle Database@Google Cloud level give users access to Exadata Infrastructure instances, VM Clusters, and Autonomous Databases within the project where the role is granted. The available roles are:
roles/admin: this role grants full access to manage all Oracle Database@Google Cloud resources.roles/viewer: this role grants view access to all Oracle Database@Google Cloud resources.
Exadata Database Service predefined roles
The following table shows the predefined roles available for Exadata Database Service in Oracle Database@Google Cloud, along with their permissions:
| Role name | Permissions |
|---|---|
| Oracle Database@Google Cloud Exadata Infrastructure Admin
( roles/cloudExadataInfrastructureAdmin)
Grants full access to manage all Exadata Infrastructure resources. |
projects.get projects.list cloudVmClusters.get cloudVmClusters.get cloudExadataInfrastructures.create cloudExadataInfrastructures.delete cloudExadataInfrastructures.get cloudExadataInfrastructures.list cloudExadataInfrastructures.update locations.get locations.list operations.cancel operations.delete operations.get operations.list dbServers.list dbSystemShapes.list entitlements.list giVersions.list |
| Oracle Database@Google Cloud Exadata Infrastructure Viewer
( roles/cloudExadataInfrastructureViewer)
Grants read access to all Exadata Infrastructure resources. |
projects.get projects.list operations.get operations.list locations.get locations.list cloudExadataInfrastructures.get cloudExadataInfrastructures.list dbServers.list dbSystemShapes.list entitlements.list giVersions.list |
| Oracle Database@Google Cloud VM Cluster Admin
( roles/cloudVmClusterAdmin)
Grants full access to manage all VM Cluster resources. |
cloudExadataInfrastructures.use cloudVmClusters.create cloudVmClusters.delete cloudVmClusters.update cloudVmClusters.get cloudVmClusters.list operations.cancel operations.delete operations.list operations.get projects.get projects.list dbNodes.list entitlements.list locations.get locations.list |
| Oracle Database@Google Cloud VM Cluster Viewer
( roles/cloudVmClusterViewer)
Grants read access to manage all VM Cluster resources. |
cloudVmClusters.get cloudVmClusters.list projects.get projects.list operations.list operations.get dbNodes.list entitlements.list locations.get locations.list |
Autonomous Database Service predefined roles
The following table lists the predefined roles available for Autonomous Database Service in Oracle Database@Google Cloud, along with their permissions:
| Role name | Permissions |
|---|---|
| Oracle Database@Google Cloud Autonomous Database
Admin
( roles/autonomousDatabaseAdmin)
Grants full access to manage all Autonomous Database resources. |
autonomousDatabases.create autonomousDatabases.delete autonomousDatabases.update autonomousDatabases.restore autonomousDatabases.get autonomousDatabases.list autonomousDatabaseCharacterSets.list autonomousDbVersions.list autonomousDatabaseBackups.get autonomousDatabaseBackups.list autonomousDatabaseBackups.create autonomousDatabaseBackups.delete autonomousDatabaseBackups.update operations.cancel operations.delete operations.get operations.list projects.get projects.list entitlements.list giVersions.list locations.get locations.list |
| Oracle Database@Google Cloud Autonomous Database
Viewer
( roles/autonomousDatabaseViewer)
Grants read access to manage all Autonomous Database resources. |
autonomousDatabases.get autonomousDatabases.list autonomousDatabaseCharacterSets.list autonomousDatabaseBackups.get autonomousDatabaseBackups.list operations.get operations.list projects.get projects.list entitlements.list giVersions.list locations.get locations.list |
What's next
- Learn more about how to grant access using IAM.
- Learn more about Oracle Database@Google Cloud.