To use Database Management for HeatWave, the following Oracle Cloud Infrastructure service permissions are required in addition to Database Management permissions.

• HeatWave service permission: A HeatWave service permission is required to:
  • View the total number of HeatWave DB systems in the selected compartment on the MySQL databases tile on the Database Management Overview page.
  • Go to the DB system details page in the HeatWave service from the MySQL database details page in Database Management. If you do not have this permission, an error is displayed when you click the DB system name link in the MySQL database information section on the MySQL database details page.
  • Go to the Configuration details page in the HeatWave service from the MySQL database details page in Database Management. If you do not have this permission, an error is displayed when you click the MDS configuration link in the Configuration variables section on the MySQL database details page.

  To grant this permission, a policy with the manage verb and the HeatWave resource-types must be created. Here's an example in which the mysql-family aggregate resource-type is used:

  Allow group DB-MGMT-MYSQL-USER to manage mysql-family in compartment ABC

  For more information on the HeatWave service resource-types and permissions, see IAM Policies.

  Note
  
  This additional permission is required for a user group that does not have the HeatWave service permission to enable Database Management for HeatWave. For information, see Permissions Required to Enable Database Management.
• Monitoring service permissions: Monitoring service permissions are required to:
  • View HeatWave DB system and HeatWave cluster metrics on the HeatWave & External MySQL fleet summary and MySQL database details pages.
  • View open HeatWave DB system and HeatWave cluster alarms in Database Management.
  • Perform alarm-related tasks in the Alarm definitions section on the MySQL database details page.

  Here's information on the policies that provide the permissions required to perform the tasks given in the preceding list:

  • To view HeatWave DB system and HeatWave cluster metrics in Database Management, a policy with the read verb for the metrics resource-type must be created. Here's an example:

    Allow group DB-MGMT-MYSQL-USER to read metrics in compartment ABC

  • To view the open HeatWave DB system and HeatWave cluster alarms in Database Management and the Alarm Status and Alarm Definitions pages of the Monitoring service, a policy with the read verb for the alarms resource-type must be created (in addition to a policy with the read verb for the metrics resource-type). Here's an example:

    Allow group DB-MGMT-MYSQL-USER to read alarms in compartment ABC

  • To perform alarm-related tasks in the Alarm definitions section on the MySQL database details page, a policy with the manage verb for the alarms resource-type must be created (in addition to a policy with the read verb for the metrics resource-type). Here's an example:

    Allow group DB-MGMT-MYSQL-USER to manage alarms in compartment ABC

  To build queries and create alarms using the Monitoring service, other permissions are required. For information on:

  • Monitoring service resource-types and permissions, see Details for Monitoring.

  • Common Monitoring service policies, see Common Policies.

• Notifications service permission: A Notifications service permission is required to use or create topics and subscriptions when creating alarms in the Alarm definitions section on the MySQL database details page.

  To grant this permission, a policy with the use or manage verb for the ons-topics resource-type must be created (in addition to Monitoring service permissions). Here's an example of a policy with the manage verb that allows you to create a new topic when creating an alarm:

  Allow group DB-MGMT-MYSQL-USER to manage ons-topics in compartment ABC

  For more information on the Notifications service resource-types and permissions, see Details for Notifications.