Oracle Cloud Infrastructure Documentation

Manage Oracle Cloud Operator Access

Describes how to grant temporary access to your database for an Oracle Cloud Operator.

Oracle Cloud Operators do not have authorization to access your data or any other information in your database schemas. When access to your database schemas is required to troubleshoot or mitigate an issue, you can allow a cloud operator to access your Autonomous AI Database schemas for a limited time or grant unlimited access until it is revoked.

You allow a cloud operator to access the database schemas by running the procedure DBMS_CLOUD_ADMIN.ENABLE_OPERATOR_ACCESS. This means if you file a service request with Oracle Cloud Support and Oracle Cloud Operators need to access your database schemas, you must also enable operator access by running DBMS_CLOUD_ADMIN.ENABLE_OPERATOR_ACCESS.

Topics

Parent topic: Security

Enable Cloud Operator Access

Describes the steps to enable Cloud Operator access on an Autonomous AI Database instance.

  1. Enable operator access.

    To enable operator access for a specified number of hours, run the following:

    BEGIN
   DBMS_CLOUD_ADMIN.ENABLE_OPERATOR_ACCESS(
       auth_duration => 12 );
END;
/

    The auth_duration parameter specifies the number of hours for which the Cloud Operator is granted access. The value must be a whole number in the range of 1 to 24 and the default is 1 (Hour).

    To enable Cloud Operator access for an unlimited duration, run the following:

    BEGIN
   DBMS_CLOUD_ADMIN.ENABLE_OPERATOR_ACCESS(
       auth_duration => 'unlimited' );
END;
/

    In this example, the auth_duration parameter is set to UNLIMITED, which grants the Cloud Operator access without a time limit. The access remains enabled until it is explicitly revoked by running the DBMS_CLOUD_ADMIN.DISABLE_OPERATOR_ACCESS procedure.

    See ENABLE_OPERATOR_ACCESS Procedure for more information.

  2. Verify that operator access is enabled.

    To verify that operator access is enabled, query the DBA_CLOUD_CONFIG view: 

    SELECT param_name, param_value FROM DBA_CLOUD_CONFIG 
      WHERE LOWER(param_name) = 'operator_access';

    Example output - limited duration

    PARAM_NAME PARAM_VALUE
--------------- ----------------------------------------------------------------------------
operator_access {"auth_grantor":"\"ADMIN\"","auth_begin":"26-FEB-24 07.34.37.144846 PM UTC",
"auth_duration":"12 hour", "planned_auth_end":"27-FEB-24 07.34.37.146297 AM UTC"}

    Example output - unlimited duration

    PARAM_NAME       PARAM_VALUE
--------------- ---------------------------------------------------------------------------
operator_access  {"auth_grantor":"\"ADMIN\"",
                  "auth_begin":"24-APR-26 08.36.13.672803 AM UTC",
                  "auth_duration":"UNLIMITED",
                  "planned_auth_end": null}

    For unlimited access, the auth_duration value is UNLIMITED, and the planned_auth_end field is NULL.

DBMS_CLOUD_ADMIN.ENABLE_OPERATOR_ACCESS allows access only to the Cloud Operator and does not enable access for any other user.

All operations performed by the Cloud Operator are stored in the view DBA_OPERATOR_ACCESS. See View Oracle Cloud Infrastructure Operations Actions for more information.

Disable Cloud Operator Access

Describes the steps to disable Cloud Operator access on an Autonomous AI Database instance.

  1. Disable operator access.

    For example

    BEGIN 
    DBMS_CLOUD_ADMIN.DISABLE_OPERATOR_ACCESS;   
END;
/

    See DISABLE_OPERATOR_ACCESS Procedure for more information.

  2. Verify that operator access is disabled.

    For example:

    SELECT param_name, param_value FROM DBA_CLOUD_CONFIG 
      WHERE LOWER(param_name) = 'operator_access';
    No data found