My Oracle Support Banner

OCI Oracle Database Service for Azure (ODSA) - Recommended Changes to Multicloud Link Authorization Policies (Doc ID 3053159.1)

Last updated on NOVEMBER 22, 2024

Applies to:

Oracle Cloud Infrastructure - Version N/A and later
Information in this document applies to any platform.

Details

Policy Change: You are requested to make the recommended changes to the Oracle Database Service for Azure (ODSA) Multicloud Link Authorization Policies.

Date Announced: October 28, 2024

Date in Effect: December 4, 2024

Details: We want to inform you that as part of our ongoing commitment to cloud security and implementing Least Privilege Access Control measures, we are making updates that affect your Oracle Database Service for Azure (ODSA) Multicloud Link Authorization Policies. These changes aim to enhance security by limiting unauthorized access to critical resources.

Actions

What do I need to do? As part of our ongoing commitment to cloud security and driving least privilege access control we are recommending you make the policy statement changes outlined in this document to the Oracle Database Service for Azure (ODSA) Multicloud Link Authorization Policies.

These steps will:

You can either use the attached policy_migration.py script (Option 1) to perform an automated update to the policy statements, or (Option 2) follow through the manual steps to update the policies in the OCI Console.

Option 1: Automated Policy Changes

  1. OCI user with Administrator permission is required to perform these operations.
  2. Download both of the attached files:
    1. README.md
    2. policy_migration.py
  3. Execute the script
  4. Click Save changes

Frequently Asked Questions (FAQ)

  1. Are my services currently at risk without these changes?
    • No. These access policies only affect how Oracle Database Service for Azure control plane services interact with your OCI tenancy. There is no impact to the external access security posture.
  2. Do I need to make these changes to continue using the Oracle Database Service for Azure.
    • Existing database instances will continue to operate without making these changes, but new database provisioning after December 4, 2024 will fail if the changes have not been applied.
  3. I am no longer using the Oracle Database Service for Azure, do I need to make these changes?
    • If you no longer wish to use the Oracle Database Service for Azure you can follow the steps on support “OCI Oracle Database Service for Azure (ODSA) - Unlink Azure and OCI (Doc ID 2922421.1)” and then safely remove the Multicloud Link Authorization policies.

For more information contact OCI Support.

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
Actions
 Option 1: Automated Policy Changes
 Option 2: Manual Policy Changes
 Frequently Asked Questions (FAQ)
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.