Groups and roles for Oracle Database@Azure
This article lists the groups and roles used to manage access to Oracle Database@Azure. Using these groups and roles ensures that assigned users have the appropriate permissions to operate the service.
Groups and roles in Azure
Use the following groups in your Azure account.
| Group name | Azure role assigned | description |
|---|---|---|
| odbaa-exa-infra-administrators | odbaa-exa-infra-administrator | This group is for administrators who need to manage all Oracle Exadata Database Service resources in Azure |
| odbaa-vm-cluster-administrators | odbaa-vm-cluster-administrator | User in this group can administer VM cluster resources in Azure |
| odbaa-db-family-administrators | not applicable | This group is replicated in OCI during the optional identity federation process. OCI policies are defined for this group in the Oracle Cloud environment. |
| odbaa-db-family-readers | not applicable | This group is replicated in OCI during the optional identity federation process. OCI policies are defined for this group in the Oracle Cloud environment. |
| odbaa-exa-cdb-administrators | not applicable | This group is replicated in OCI during the optional identity federation process. OCI policies are defined for this group in the Oracle Cloud environment. |
| odbaa-exa-pdb-administrators | not applicable | This group is replicated in OCI during the optional identity federation process. OCI policies are defined for this group in the Oracle Cloud environment. |
Groups in Oracle Cloud Infrastructure
Use the following groups in your Oracle Cloud Infrastructure (OCI) tenancy.
| Group name | Description |
|---|---|
| odbaa-db-family-administrators | Users this group are administrators who manage database family actions. |
| odbaa-db-family-readers | Users this group are administrators who read database family actions. |
| odbaa-exa-cdb-administrators | Users this group are administrators who manage Oracle Container Database (CDB) actions. |
| odbaa-exa-pdb-administrators | Users this group are administrators who manage Oracle Pluggable Database (PDB) actions. |
Required IAM policies
The following IAM policies are needed for Oracle Database@Azure users or groups:
Allow any-user to use tag-namespaces in tenancy where request.principal.type = ‘multicloudlink’Allow any-user to manage tag-defaults in tenancy where request.principal.type = ‘multicloudlink’
For information on working with policies, see Getting Started with Policies.