This post is part of a series of blog posts on the Oracle Autonomous Database.

This is an Autonomous Database Dedicated component that the Fleet and Database Administrator would set up. So, in this case, we can say we’re going in and we’re configuring what a resource is.

An OCI Autonomous RESOURCE can be one of:
autonomous-exadata-infrastructures : dedicated hardware resources
autonomous-container-databases : runtime environments that meet specific SLAs
autonomous-databases : application databases
autonomous-backups : data archives

Policy statements
allow group <GROUP> to <VERB> <RESOURCE> in compartment

Group: specific set of users with the similar privileges

Compartment: an operating context for a specific set of service resources that are only available to GROUPS who are explicitly granted access

Policy: is used to bind privileges for a GROUP to a specific set of resources in a COMPARTMENT

Where VERB is one of: INSPECT, READ, USE, MANAGE

INSPECT: is a limited use read-only grant intended for auditors
READ: is a read-only grant, allowing a user to see details of existing resources
USE: is a grant to allow a user to take all actions on existing resources
MANAGE: is a grant to allow a user to both create new and take all actions on resources

e.g.
allow group CoyoteDBA to MANAGE autonomous-databases in compartment CoyoteCompartment

allow group CoyoteDBA to MANAGE autonomous-backups in compartment CoyoteCompartment

allow group RoadRunnerDBA to MANAGE autonomous-databases in compartment RoadRunnerCompartment

allow group RoadRunnerDBA to MANAGE autonomous-backups in compartment RoadRunnerCompartment

allow group AcmeFA to MANAGE autonomous-exadata-infrastructures in compartment FACompartment

allow group AcmeFA to MANAGE autonomous-container-databases in compartment FACompartment

allow group RoadRunnerDBA to READ autonomous-container-databases in compartment FACompartment

allow group CoyoteDBA to READ autonomous-container-databases in compartment FACompartment