LoginSignup
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@500InternalServerError

[Oracle Database@Google]OCI側に自動作成されるグループと付与されている権限の整理

Posted at

前提条件

  • 2025年6月にPublic OfferでプロビジョニングしたOracle Database@Google環境
  • あくまで実環境ベースで確認した内容を記したメモ

1. Oracle Database@Google用に自動作成されるグループの確認

スクリーンショット 2025-10-19 12.20.45.png

  • 自動作成されるグループ(18個)
    • odbg-adbs-db-administrators
    • odbg-adbs-db-readers
    • odbg-costmgmt-administrators
    • odbg-metrics-readers
    • odbg-dbmgmt-administrators
    • odbg-network-readers
    • odbg-network-administrators
    • odbg-exa-pdb-administrators
    • odbg-exa-cdb-administrators
    • odbg-db-family-readers
    • odbg-db-family-administrators
    • odbg-exascale-db-storage-vault-administrators
    • odbg-exadb-vm-cluster-administrators
    • odbg-vm-cluster-administrators
    • odbg-exa-infra-administrators
    • odbg-db-systems-administrators
    • odbg-multicloud-network-anchor-administrators
    • odbg-multicloud-resource-anchor-administrators

2. 自動作成されるグループに付与されている権限の確認

自動作成されるグループに関するポリシー・ステートメントが記述されているポリシーは、ルート・コンパートメントに作成されているMulticloudLink_ODBG_XXXXXXXXXXXXXX-DbFamilyPolicy

MulticloudLink_ODBG_XXXXXXXXXXXXXX-DbFamilyPolicyのポリシー・ステートメントを確認

スクリーンショット 2025-10-19 13.09.56.png

MulticloudLink_ODBG_XXXXXXXXXXXXXX-DbFamilyPolicy
Allow group odbg-db-family-administrators to manage database-family in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-db-family-administrators to manage objects in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-db-family-administrators to read buckets in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-db-family-readers to read database-family in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-infra-administrators to manage cloud-exadata-infrastructures in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-infra-administrators to use cloud-vmclusters in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-vm-cluster-administrators to use cloud-exadata-infrastructures in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-vm-cluster-administrators to manage cloud-vmclusters in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-vm-cluster-administrators to manage db-homes in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-vm-cluster-administrators to manage databases in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-vm-cluster-administrators to manage db-backups in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-vm-cluster-administrators to manage objects in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-vm-cluster-administrators to read buckets in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-cdb-administrators to manage db-homes in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-cdb-administrators to manage databases in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-cdb-administrators to manage db-backups in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-cdb-administrators to manage objects in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-cdb-administrators to read buckets in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exa-pdb-administrators to manage pluggable-databases in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-adbs-db-administrators to manage autonomous-databases in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-adbs-db-administrators to manage autonomous-backups in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exadb-vm-cluster-administrators to manage exadb-vm-clusters in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exadb-vm-cluster-administrators to manage db-nodes in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exadb-vm-cluster-administrators to manage db-homes in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exadb-vm-cluster-administrators to manage databases in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exadb-vm-cluster-administrators to manage db-backups in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-exascale-db-storage-vault-administrators to manage exascale-db-storage-vaults in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-adbs-db-readers to read autonomous-databases in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-adbs-db-readers to read autonomous-backups in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-network-administrators to manage virtual-network-family in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-network-readers to read virtual-network-family in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-dbmgmt-administrators to manage dbmgmt-family in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-dbmgmt-administrators to manage opsi-family in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-dbmgmt-administrators to manage vaults in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-dbmgmt-administrators to manage keys in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-dbmgmt-administrators to manage secret-family in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-metrics-readers to read metrics in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allow group odbg-costmgmt-administrators to manage usage-report in tenancy
Allow group odbg-exa-infra-administrators, odbg-vm-cluster-administrators, odbg-db-family-administrators, odbg-exa-cdb-administrators, odbg-exa-pdb-administrators, odbg-adbs-db-administrators, odbg-exadb-vm-cluster-administrators, odbg-exascale-db-storage-vault-administrators, odbg-adbs-db-readers, odbg-network-administrators, odbg-network-readers, odbg-dbmgmt-administrators, odbg-metrics-readers, odbg-costmgmt-administrators to {WORKREQUEST_INSPECT} in compartment id ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxは、rootコンパートメント直下に自動作成されるコンパートメントMulticloudLink_ODBG_XXXXXXXXXXXXのOCID

グループごとに付与されている権限を整理

  • odbg-adbs-db-administrators
動詞 リソース・タイプ コンパートメント
manage autonomous-databases MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage autonomous-backups MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-adbs-db-readers
動詞 リソース・タイプ コンパートメント
read autonomous-databases MulticloudLink_ODBAA_XXXXXXXXXXXXXX
read autonomous-backups MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-costmgmt-administrators
動詞 リソース・タイプ コンパートメント
manage usage-report root(tenancy)
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-metrics-readers
動詞 リソース・タイプ コンパートメント
read metrics MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-dbmgmt-administrators
動詞 リソース・タイプ コンパートメント
manage dbmgmt-family MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage opsi-family MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage vaults MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage keys MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage secret-family MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-network-readers
動詞 リソース・タイプ コンパートメント
read virtual-network-family MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-network-administrators
動詞 リソース・タイプ コンパートメント
manage virtual-network-family MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-exa-pdb-administrators
動詞 リソース・タイプ コンパートメント
manage pluggable-databases MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-exa-cdb-administrators
動詞 リソース・タイプ コンパートメント
manage db-homes MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage databases MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage db-backups MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage objects MulticloudLink_ODBAA_XXXXXXXXXXXXXX
read buckets MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-db-family-readers
動詞 リソース・タイプ コンパートメント
read database-family MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-db-family-administrators
動詞 リソース・タイプ コンパートメント
manage database-family MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage objects MulticloudLink_ODBAA_XXXXXXXXXXXXXX
read buckets MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-exascale-db-storage-vault-administrators
動詞 リソース・タイプ コンパートメント
manage exascale-db-storage-vaults MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-exadb-vm-cluster-administrators
動詞 リソース・タイプ コンパートメント
manage exadb-vm-clusters MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage db-nodes MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage db-homes MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage databases MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage db-backups MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-vm-cluster-administrators
動詞 リソース・タイプ コンパートメント
use cloud-exadata-infrastructures MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage cloud-vmclusters MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage db-homes MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage databases MulticloudLink_ODBAA_XXXXXXXXXXXXXX
manage db-backups MulticloudLink_ODBAA_XXXXXXXXXXXXXX
read buckets MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX
  • odbg-exa-infra-administrators
動詞 リソース・タイプ コンパートメント
manage cloud-exadata-infrastructures MulticloudLink_ODBAA_XXXXXXXXXXXXXX
use cloud-vmclusters MulticloudLink_ODBAA_XXXXXXXXXXXXXX
{WORKREQUEST_INSPECT} MulticloudLink_ODBAA_XXXXXXXXXXXXXX

  • odbg-db-systems-administrators
    付与されている権限なし

  • odbg-multicloud-network-anchor-administrators
    付与されている権限なし

  • odbg-multicloud-resource-anchor-administrators
    付与されている権限なし

1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?