IAM overview

This page describes the Oracle Database@Google Cloud Identity and Access Management (IAM) integration and how you can use IAM to manage access across your resources.

IAM lets you control user and group access to Oracle Database@Google Cloud resources for the Exadata Database and Autonomous Database services. Roles are defined at the Google Cloud project level. For example, giving a user viewer access in an Exadata Infrastructure instance would grant them viewer access to all Exadata Infrastructure instances and Exadata VM Clusters in that project.

Using access control with IAM, you can grant permissions to a user or a group without modifying each instance, cluster, or database individually. Oracle Database@Google Cloud provides a set of predefined roles to manage access. You can use predefined roles or specific permissions to grant access to users. For more information about how IAM works at Google Cloud, see IAM documentation .

Oracle Database@Google Cloud predefined roles

Predefined roles contain permissions that allow Google Cloud project members to perform specific actions on Oracle Database@Google Cloud resources. The role you grant to a project member controls what actions they can take in that project. Project members can be individuals, groups, or service accounts. You can grant multiple roles to the same project member, and can change the roles granted at any time.

Broader roles include the more narrowly defined roles. For example, the Cloud Exadata Infrastructure Adminrole includes all permissions of the Cloud Exadata Infrastructure Viewerrole, along with additional permissions of the Cloud Exadata Infrastructure Adminrole.

Each IAM role for Oracle Database@Google Cloud contains permissions that give the principal access to specific resources as shown in the following table.

Role

Permissions

Oracle Database@Google Cloud admin

( roles/ oracledatabase.admin )

Grants full access to manage all Oracle Database resources.

oracledatabase. autonomousDatabaseBackups.*

oracledatabase. autonomousDatabaseBackups. create
oracledatabase. autonomousDatabaseBackups. delete
oracledatabase. autonomousDatabaseBackups. get
oracledatabase. autonomousDatabaseBackups. list

oracledatabase. autonomousDatabaseCharacterSets. list

oracledatabase. autonomousDatabases.*

oracledatabase. autonomousDatabases. create
oracledatabase. autonomousDatabases. delete
oracledatabase. autonomousDatabases. failover
oracledatabase. autonomousDatabases. generateWallet
oracledatabase. autonomousDatabases. get
oracledatabase. autonomousDatabases. list
oracledatabase. autonomousDatabases. restart
oracledatabase. autonomousDatabases. restore
oracledatabase. autonomousDatabases. start
oracledatabase. autonomousDatabases. stop
oracledatabase. autonomousDatabases. switchover
oracledatabase. autonomousDatabases. update

oracledatabase. autonomousDbVersions. list

oracledatabase. cloudExadataInfrastructures.*

oracledatabase. cloudExadataInfrastructures. create
oracledatabase. cloudExadataInfrastructures. delete
oracledatabase. cloudExadataInfrastructures. get
oracledatabase. cloudExadataInfrastructures. list
oracledatabase. cloudExadataInfrastructures. update
oracledatabase. cloudExadataInfrastructures. use

oracledatabase. cloudVmClusters.*

oracledatabase. cloudVmClusters. create
oracledatabase. cloudVmClusters. delete
oracledatabase. cloudVmClusters. get
oracledatabase. cloudVmClusters. list
oracledatabase. cloudVmClusters. update

oracledatabase. databaseCharacterSets. list

oracledatabase.databases.*

oracledatabase.databases.get
oracledatabase.databases.list

oracledatabase.dbNodes.list

oracledatabase.dbServers.list

oracledatabase. dbSystemInitialStorageSizes. list

oracledatabase. dbSystemShapes. list

oracledatabase.dbSystems.*

oracledatabase. dbSystems. create
oracledatabase. dbSystems. delete
oracledatabase.dbSystems.get
oracledatabase.dbSystems.list

oracledatabase.dbVersions.list

oracledatabase. entitlements. list

oracledatabase. exadbVmClusters.*

oracledatabase. exadbVmClusters. create
oracledatabase. exadbVmClusters. delete
oracledatabase. exadbVmClusters. get
oracledatabase. exadbVmClusters. list
oracledatabase. exadbVmClusters. update

oracledatabase. exascaleDbStorageVaults.*

oracledatabase. exascaleDbStorageVaults. create
oracledatabase. exascaleDbStorageVaults. delete
oracledatabase. exascaleDbStorageVaults. get
oracledatabase. exascaleDbStorageVaults. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase. minorVersions. list

oracledatabase.odbNetworks.*

oracledatabase. odbNetworks. create
oracledatabase. odbNetworks. delete
oracledatabase.odbNetworks.get
oracledatabase. odbNetworks. list

oracledatabase.odbSubnets.*

oracledatabase. odbSubnets. create
oracledatabase. odbSubnets. delete
oracledatabase.odbSubnets.get
oracledatabase.odbSubnets.list
oracledatabase.odbSubnets.use

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

oracledatabase. systemVersions. list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Autonomous Database Admin

( roles/ oracledatabase.autonomousDatabaseAdmin )

Grants full access to manage all Autonomous Database resources.

oracledatabase. autonomousDatabaseBackups.*

oracledatabase. autonomousDatabaseBackups. create
oracledatabase. autonomousDatabaseBackups. delete
oracledatabase. autonomousDatabaseBackups. get
oracledatabase. autonomousDatabaseBackups. list

oracledatabase. autonomousDatabaseCharacterSets. list

oracledatabase. autonomousDatabases.*

oracledatabase. autonomousDatabases. create
oracledatabase. autonomousDatabases. delete
oracledatabase. autonomousDatabases. failover
oracledatabase. autonomousDatabases. generateWallet
oracledatabase. autonomousDatabases. get
oracledatabase. autonomousDatabases. list
oracledatabase. autonomousDatabases. restart
oracledatabase. autonomousDatabases. restore
oracledatabase. autonomousDatabases. start
oracledatabase. autonomousDatabases. stop
oracledatabase. autonomousDatabases. switchover
oracledatabase. autonomousDatabases. update

oracledatabase. autonomousDbVersions. list

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbSubnets.get

oracledatabase.odbSubnets.list

oracledatabase.odbSubnets.use

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Autonomous Database Viewer

( roles/ oracledatabase.autonomousDatabaseViewer )

Grants read access to see all Autonomous Database resources.

oracledatabase. autonomousDatabaseBackups. get

oracledatabase. autonomousDatabaseBackups. list

oracledatabase. autonomousDatabaseCharacterSets. list

oracledatabase. autonomousDatabases. get

oracledatabase. autonomousDatabases. list

oracledatabase. autonomousDbVersions. list

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Infrastructure Admin

( roles/ oracledatabase.cloudExadataInfrastructureAdmin )

Grants full access to manage all Exadata Infrastructure resources.

oracledatabase. cloudExadataInfrastructures. create

oracledatabase. cloudExadataInfrastructures. delete

oracledatabase. cloudExadataInfrastructures. get

oracledatabase. cloudExadataInfrastructures. list

oracledatabase. cloudExadataInfrastructures. update

oracledatabase.dbServers.list

oracledatabase. dbSystemShapes. list

oracledatabase. entitlements. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Infrastructure User

( roles/ oracledatabase.cloudExadataInfrastructureUser )

Grants user access to use all Exadata Infrastructure resources.

oracledatabase. cloudExadataInfrastructures. get

oracledatabase. cloudExadataInfrastructures. list

oracledatabase. cloudExadataInfrastructures. use

oracledatabase.dbServers.list

oracledatabase. dbSystemShapes. list

oracledatabase. entitlements. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Infrastructure Viewer

( roles/ oracledatabase.cloudExadataInfrastructureViewer )

Grants read access to see all Exadata Infrastructure resources.

oracledatabase. cloudExadataInfrastructures. get

oracledatabase. cloudExadataInfrastructures. list

oracledatabase.dbServers.list

oracledatabase. dbSystemShapes. list

oracledatabase. entitlements. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud VM Cluster Admin

( roles/ oracledatabase.cloudVmClusterAdmin )

Grants full access to manage all VM Cluster resources.

oracledatabase. cloudExadataInfrastructures. list

oracledatabase. cloudExadataInfrastructures. use

oracledatabase. cloudVmClusters.*

oracledatabase. cloudVmClusters. create
oracledatabase. cloudVmClusters. delete
oracledatabase. cloudVmClusters. get
oracledatabase. cloudVmClusters. list
oracledatabase. cloudVmClusters. update

oracledatabase.dbNodes.list

oracledatabase.dbServers.list

oracledatabase. entitlements. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbSubnets.get

oracledatabase.odbSubnets.list

oracledatabase.odbSubnets.use

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

oracledatabase. systemVersions. list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud VM Cluster Viewer

( roles/ oracledatabase.cloudVmClusterViewer )

Grants read access to see all VM Cluster resources.

oracledatabase. cloudVmClusters. get

oracledatabase. cloudVmClusters. list

oracledatabase.dbNodes.list

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Container Database Viewer

( roles/ oracledatabase.databaseViewer )

Grants read access to see all Container Database resources.

oracledatabase.databases.*

oracledatabase.databases.get
oracledatabase.databases.list

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.get

oracledatabase.operations.list

oracledatabase. pluggableDatabases.*

oracledatabase. pluggableDatabases. get
oracledatabase. pluggableDatabases. list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud DB System Admin

( roles/ oracledatabase.dbSystemAdmin )

Grants full access to manage all DB System resources.

oracledatabase. databaseCharacterSets. list

oracledatabase.databases.*

oracledatabase.databases.get
oracledatabase.databases.list

oracledatabase. dbSystemInitialStorageSizes. list

oracledatabase. dbSystemShapes. list

oracledatabase.dbSystems.*

oracledatabase. dbSystems. create
oracledatabase. dbSystems. delete
oracledatabase.dbSystems.get
oracledatabase.dbSystems.list

oracledatabase.dbVersions.list

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud DB System Viewer

( roles/ oracledatabase.dbSystemViewer )

Grants read access to see all DB System resources.

oracledatabase. databaseCharacterSets. list

oracledatabase.databases.*

oracledatabase.databases.get
oracledatabase.databases.list

oracledatabase. dbSystemShapes. list

oracledatabase.dbSystems.get

oracledatabase.dbSystems.list

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture VM Cluster Admin

( roles/ oracledatabase.exadbVmClusterAdmin )

Grants full access to manage all Exadata Database Service on Exascale Infrastracture VM Cluster resources.

oracledatabase.dbNodes.list

oracledatabase. dbSystemShapes. list

oracledatabase. entitlements. list

oracledatabase. exadbVmClusters.*

oracledatabase. exadbVmClusters. create
oracledatabase. exadbVmClusters. delete
oracledatabase. exadbVmClusters. get
oracledatabase. exadbVmClusters. list
oracledatabase. exadbVmClusters. update

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase. minorVersions. list

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture VM Cluster Viewer

( roles/ oracledatabase.exadbVmClusterViewer )

Grants read access to see all Exadata Database Service on Exascale Infrastracture VM Cluster resources.

oracledatabase.dbNodes.list

oracledatabase. dbSystemShapes. list

oracledatabase. entitlements. list

oracledatabase. exadbVmClusters. get

oracledatabase. exadbVmClusters. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase. minorVersions. list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture Storage Vault Admin

( roles/ oracledatabase.exascaleDbStorageVaultAdmin )

Grants full access to manage all Exadata Database Service on Exascale Infrastracture Storage Vault resources.

oracledatabase.dbNodes.list

oracledatabase. dbSystemShapes. list

oracledatabase. entitlements. list

oracledatabase. exascaleDbStorageVaults.*

oracledatabase. exascaleDbStorageVaults. create
oracledatabase. exascaleDbStorageVaults. delete
oracledatabase. exascaleDbStorageVaults. get
oracledatabase. exascaleDbStorageVaults. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase. minorVersions. list

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture Storage Vault Viewer

( roles/ oracledatabase.exascaleDbStorageVaultViewer )

Grants read access to see all Exadata Database Service on Exascale Infrastracture Storage Vault resources.

oracledatabase.dbNodes.list

oracledatabase. dbSystemShapes. list

oracledatabase. entitlements. list

oracledatabase. exascaleDbStorageVaults. get

oracledatabase. exascaleDbStorageVaults. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase. minorVersions. list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Network Admin

( roles/ oracledatabase.networkAdmin )

Grants full access to manage all ODB Network and ODB Subnet resources.

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbNetworks.*

oracledatabase. odbNetworks. create
oracledatabase. odbNetworks. delete
oracledatabase.odbNetworks.get
oracledatabase. odbNetworks. list

oracledatabase.odbSubnets.*

oracledatabase. odbSubnets. create
oracledatabase. odbSubnets. delete
oracledatabase.odbSubnets.get
oracledatabase.odbSubnets.list
oracledatabase.odbSubnets.use

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google ODB Network Admin

( roles/ oracledatabase.odbNetworkAdmin )

Grants full access to manage all ODB Network resources.

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbNetworks.*

oracledatabase. odbNetworks. create
oracledatabase. odbNetworks. delete
oracledatabase.odbNetworks.get
oracledatabase. odbNetworks. list

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google ODB Network Viewer

( roles/ oracledatabase.odbNetworkViewer )

Grants read access to see all ODB Network resources.

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbNetworks.get

oracledatabase. odbNetworks. list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google ODB Subnet Admin

( roles/ oracledatabase.odbSubnetAdmin )

Grants full access to manage all ODB Subnet resources.

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbSubnets.*

oracledatabase. odbSubnets. create
oracledatabase. odbSubnets. delete
oracledatabase.odbSubnets.get
oracledatabase.odbSubnets.list
oracledatabase.odbSubnets.use

oracledatabase.operations.*

oracledatabase. operations. cancel
oracledatabase. operations. delete
oracledatabase.operations.get
oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google ODB Subnet User

( roles/ oracledatabase.odbSubnetUser )

Grants use access to ODB Subnet resources.

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbSubnets.get

oracledatabase.odbSubnets.list

oracledatabase.odbSubnets.use

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google ODB Subnet Viewer

( roles/ oracledatabase.odbSubnetViewer )

Grants read access to see all ODB Subnet resources.

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.odbSubnets.get

oracledatabase.odbSubnets.list

oracledatabase.operations.get

oracledatabase.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud Pluggable Database Viewer

( roles/ oracledatabase.pluggableDatabaseViewer )

Grants read access to see all Pluggable Database resources.

oracledatabase. entitlements. list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase.operations.get

oracledatabase.operations.list

oracledatabase. pluggableDatabases.*

oracledatabase. pluggableDatabases. get
oracledatabase. pluggableDatabases. list

resourcemanager.projects.get

resourcemanager.projects.list

Oracle Database@Google Cloud viewer

( roles/ oracledatabase.viewer )

Grants view access to all Oracle Database resources.

oracledatabase. autonomousDatabaseBackups. get

oracledatabase. autonomousDatabaseBackups. list

oracledatabase. autonomousDatabaseCharacterSets. list

oracledatabase. autonomousDatabases. get

oracledatabase. autonomousDatabases. list

oracledatabase. autonomousDbVersions. list

oracledatabase. cloudExadataInfrastructures. get

oracledatabase. cloudExadataInfrastructures. list

oracledatabase. cloudVmClusters. get

oracledatabase. cloudVmClusters. list

oracledatabase. databaseCharacterSets. list

oracledatabase.databases.*

oracledatabase.databases.get
oracledatabase.databases.list

oracledatabase.dbNodes.list

oracledatabase.dbServers.list

oracledatabase. dbSystemShapes. list

oracledatabase.dbSystems.get

oracledatabase.dbSystems.list

oracledatabase. entitlements. list

oracledatabase. exadbVmClusters. get

oracledatabase. exadbVmClusters. list

oracledatabase. exascaleDbStorageVaults. get

oracledatabase. exascaleDbStorageVaults. list

oracledatabase.giVersions.list

oracledatabase.locations.*

oracledatabase.locations.get
oracledatabase.locations.list

oracledatabase. minorVersions. list

oracledatabase.odbNetworks.get

oracledatabase. odbNetworks. list

oracledatabase.odbSubnets.get

oracledatabase.odbSubnets.list

oracledatabase.operations.get

oracledatabase.operations.list

oracledatabase. pluggableDatabases.*

oracledatabase. pluggableDatabases. get
oracledatabase. pluggableDatabases. list

resourcemanager.projects.get

resourcemanager.projects.list

What's next

Learn more about how to grant access using IAM .
Learn more about Oracle Database@Google Cloud .