IAM overview
Stay organized with collections
Save and categorize content based on your preferences.
This page describes the Oracle Database@Google Cloud Identity and Access Management (IAM) integration and how
you can use IAM to manage access across your resources.
IAM lets you control user and group access to Oracle Database@Google Cloud
resources for the Exadata Database and Autonomous Database services. Roles
are defined at the Google Cloud project level.
For example, giving a user viewer access in an Exadata Infrastructure instance would grant
them viewer access to all Exadata Infrastructure instances and VM Clusters
in that project.
Using access control with IAM, you can grant permissions to a user
or a group without modifying each instance, cluster, or database individually.
Oracle Database@Google Cloud provides a set of predefined roles to manage access.
You can use predefined roles or specific permissions to grant access to users.
For more information about how IAM works at Google Cloud,
see IAM documentation .
Oracle Database@Google Cloud predefined roles
Predefined roles contain permissions that allow Google Cloud project
members to perform specific actions on Oracle Database@Google Cloud resources. The role
you grant to a project member controls what actions they can take in that project.
Project members can be individuals, groups, or service accounts. You can
grant multiple roles to the same project member, and can change the roles granted
at any time.
Broader roles include the more narrowly defined roles. For example, the
Cloud Exadata Infrastructure Admin role includes all permissions of the
Cloud Exadata Infrastructure Viewer role, along with additional permissions
of the Cloud Exadata Infrastructure Admin role.
Each IAM role for Oracle Database@Google Cloud contains permissions
that give the principal access to specific resources as shown in the following
table.
Role
Permissions
Oracle Database@Google Cloud admin
(roles/oracledatabase.admin )
Grants full access to manage all Oracle Database resources.
oracledatabase.*
oracledatabase.autonomousDatabaseBackups.create oracledatabase.autonomousDatabaseBackups.delete oracledatabase.autonomousDatabaseBackups.get oracledatabase.autonomousDatabaseBackups.list oracledatabase.autonomousDatabaseCharacterSets.list oracledatabase.autonomousDatabases.create oracledatabase.autonomousDatabases.delete oracledatabase.autonomousDatabases.generateWallet oracledatabase.autonomousDatabases.get oracledatabase.autonomousDatabases.list oracledatabase.autonomousDatabases.restart oracledatabase.autonomousDatabases.restore oracledatabase.autonomousDatabases.start oracledatabase.autonomousDatabases.stop oracledatabase.autonomousDatabases.switchover oracledatabase.autonomousDbVersions.list oracledatabase.cloudExadataInfrastructures.create oracledatabase.cloudExadataInfrastructures.delete oracledatabase.cloudExadataInfrastructures.get oracledatabase.cloudExadataInfrastructures.list oracledatabase.cloudExadataInfrastructures.update oracledatabase.cloudExadataInfrastructures.use oracledatabase.cloudVmClusters.create oracledatabase.cloudVmClusters.delete oracledatabase.cloudVmClusters.get oracledatabase.cloudVmClusters.list oracledatabase.cloudVmClusters.update oracledatabase.dbNodes.listoracledatabase.dbServers.listoracledatabase.dbSystemShapes.list oracledatabase.entitlements.list oracledatabase.giVersions.listoracledatabase.locations.getoracledatabase.locations.listoracledatabase.operations.cancel oracledatabase.operations.delete oracledatabase.operations.getoracledatabase.operations.listoracledatabase.systemVersions.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud Autonomous Database Admin
(roles/oracledatabase.autonomousDatabaseAdmin )
Grants full access to manage all Autonomous Database resources.
oracledatabase.autonomousDatabaseBackups.*
oracledatabase.autonomousDatabaseBackups.create oracledatabase.autonomousDatabaseBackups.delete oracledatabase.autonomousDatabaseBackups.get oracledatabase.autonomousDatabaseBackups.list
oracledatabase.autonomousDatabaseCharacterSets.list
oracledatabase.autonomousDatabases.*
oracledatabase.autonomousDatabases.create oracledatabase.autonomousDatabases.delete oracledatabase.autonomousDatabases.generateWallet oracledatabase.autonomousDatabases.get oracledatabase.autonomousDatabases.list oracledatabase.autonomousDatabases.restart oracledatabase.autonomousDatabases.restore oracledatabase.autonomousDatabases.start oracledatabase.autonomousDatabases.stop oracledatabase.autonomousDatabases.switchover
oracledatabase.autonomousDbVersions.list
oracledatabase.entitlements.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.*
oracledatabase.operations.cancel oracledatabase.operations.delete oracledatabase.operations.getoracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud Autonomous Database Viewer
(roles/oracledatabase.autonomousDatabaseViewer )
Grants read access to see all Autonomous Database resources.
oracledatabase.autonomousDatabaseBackups.get
oracledatabase.autonomousDatabaseBackups.list
oracledatabase.autonomousDatabaseCharacterSets.list
oracledatabase.autonomousDatabases.get
oracledatabase.autonomousDatabases.list
oracledatabase.autonomousDbVersions.list
oracledatabase.entitlements.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud Exadata Infrastructure Admin
(roles/oracledatabase.cloudExadataInfrastructureAdmin )
Grants full access to manage all Exadata Infrastructure resources.
oracledatabase.cloudExadataInfrastructures.create
oracledatabase.cloudExadataInfrastructures.delete
oracledatabase.cloudExadataInfrastructures.get
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.cloudExadataInfrastructures.update
oracledatabase.dbServers.list
oracledatabase.dbSystemShapes.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.*
oracledatabase.operations.cancel oracledatabase.operations.delete oracledatabase.operations.getoracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud Exadata Infrastructure User
(roles/oracledatabase.cloudExadataInfrastructureUser )
Grants user access to use all Exadata Infrastructure resources.
oracledatabase.cloudExadataInfrastructures.get
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.cloudExadataInfrastructures.use
oracledatabase.dbServers.list
oracledatabase.dbSystemShapes.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud Exadata Infrastructure Viewer
(roles/oracledatabase.cloudExadataInfrastructureViewer )
Grants read access to see all Exadata Infrastructure resources.
oracledatabase.cloudExadataInfrastructures.get
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.dbServers.list
oracledatabase.dbSystemShapes.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud VM Cluster Admin
(roles/oracledatabase.cloudVmClusterAdmin )
Grants full access to manage all VM Cluster resources.
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.cloudExadataInfrastructures.use
oracledatabase.cloudVmClusters.*
oracledatabase.cloudVmClusters.create oracledatabase.cloudVmClusters.delete oracledatabase.cloudVmClusters.get oracledatabase.cloudVmClusters.list oracledatabase.cloudVmClusters.update
oracledatabase.dbNodes.list
oracledatabase.dbServers.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.*
oracledatabase.operations.cancel oracledatabase.operations.delete oracledatabase.operations.getoracledatabase.operations.list
oracledatabase.systemVersions.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud VM Cluster Viewer
(roles/oracledatabase.cloudVmClusterViewer )
Grants read access to see all VM Cluster resources.
oracledatabase.cloudVmClusters.get
oracledatabase.cloudVmClusters.list
oracledatabase.dbNodes.list
oracledatabase.entitlements.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
Oracle Database@Google Cloud viewer
(roles/oracledatabase.viewer )
Grants view access to all Oracle Database resources.
oracledatabase.autonomousDatabaseBackups.get
oracledatabase.autonomousDatabaseBackups.list
oracledatabase.autonomousDatabaseCharacterSets.list
oracledatabase.autonomousDatabases.get
oracledatabase.autonomousDatabases.list
oracledatabase.autonomousDbVersions.list
oracledatabase.cloudExadataInfrastructures.get
oracledatabase.cloudExadataInfrastructures.list
oracledatabase.cloudVmClusters.get
oracledatabase.cloudVmClusters.list
oracledatabase.dbNodes.list
oracledatabase.dbServers.list
oracledatabase.dbSystemShapes.list
oracledatabase.entitlements.list
oracledatabase.giVersions.list
oracledatabase.locations.*
oracledatabase.locations.getoracledatabase.locations.list
oracledatabase.operations.get
oracledatabase.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
What's next
