Create a Database Tools Connection Using Token-Based Authentication
Learn how to create a Database Tools connection using token-based authentication.
- Create a Database Tools connection by following the steps in Create a Connection. Skip the step where you need to create a user name and password for the database.
- When creating the connection, complete the following steps for token-based
authentication.
In the Advanced Options section:
-
For Authentication, select Use token-based authentication.
- Expand Settings, in Connection properties, set
iam.db.token.scope to define the scope for IAM database
tokens.
This setting controls which Oracle Database resources an IAM database token can be issued for by matching the database’s OCID against one or more scope patterns.
Some valid scope patterns are listed below. Replace the placeholder values with the OCIDs from your tenancy, compartment and database.
urn:oracle:db::id::*: Applies to any supported database in scope.urn:oracle:db::id::ocid1.tenancy.oc1..xxxx: Applies to a specific tenancy.urn:oracle:db::id::ocid1.compartment.oc1..xxxx: Applies to a specific compartment.urn:oracle:db::id::ocid1.compartment.oc1..xxxx::ocid1.autonomousdatabase.oc1.phx.xxxx: Applies to one specific database in a compartment.
Note
Set
iam.db.token.scopeto be the same or more restrictive than the scope granted by your IAM policy for Database Tools connections, which provides theDB_CONNECTpermission.For example, consider this policy:
allow group dbuser to use database-connections in compartment productionThis policy allows the
dbusergroup to use Database Tools connections only in the production compartment. Therefore,iam.db.token.scopemust be the set tocompartment productionor a more restrictive scope. In this example, the scope is set to a specific database in the compartment production.urn:oracle:db::id::ocid1.compartment.oc1..xxxx::ocid1.autonomousdatabase.oc1.phx.xxxx
-
- After you create the connection, check the connection using Validate in the Actions menu.