OCI Oracle Database Service for Azure (ODSA) - Recommended Changes to Multicloud Link Authorization Policies
(Doc ID 3053159.1)
Last updated on NOVEMBER 22, 2024
Applies to:
Oracle Cloud Infrastructure - Version N/A and laterInformation in this document applies to any platform.
Details
Policy Change: You are requested to make the recommended changes to the Oracle Database Service for Azure (ODSA) Multicloud Link Authorization Policies.
Date Announced: October 28, 2024
Date in Effect: December 4, 2024
Details: We want to inform you that as part of our ongoing commitment to cloud security and implementing Least Privilege Access Control measures, we are making updates that affect your Oracle Database Service for Azure (ODSA) Multicloud Link Authorization Policies. These changes aim to enhance security by limiting unauthorized access to critical resources.
Actions
What do I need to do? As part of our ongoing commitment to cloud security and driving least privilege access control we are recommending you make the policy statement changes outlined in this document to the Oracle Database Service for Azure (ODSA) Multicloud Link Authorization Policies.
These steps will:
- Add new fine grained authorization policies that enable the Oracle Database Service for Azure to perform actions required to manage the Multicloud database and networking resources
- Remove broader access authorization policies for resource managed the Oracle Database Service does not need management permissions for."
You can either use the attached policy_migration.py script (Option 1) to perform an automated update to the policy statements, or (Option 2) follow through the manual steps to update the policies in the OCI Console.
Option 1: Automated Policy Changes
- OCI user with Administrator permission is required to perform these operations.
- Download both of the attached files:
- README.md
- policy_migration.py
- README.md
- Execute the script
- Click Save changes
Frequently Asked Questions (FAQ)
- Are my services currently at risk without these changes?
- No. These access policies only affect how Oracle Database Service for Azure control plane services interact with your OCI tenancy. There is no impact to the external access security posture.
- Do I need to make these changes to continue using the Oracle Database Service for Azure.
- I am no longer using the Oracle Database Service for Azure, do I need to make these changes?
- If you no longer wish to use the Oracle Database Service for Azure you can follow the steps on support “OCI Oracle Database Service for Azure (ODSA) - Unlink Azure and OCI (Doc ID 2922421.1)” and then safely remove the Multicloud Link Authorization policies.
For more information contact OCI Support.
Contacts
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Details |
Actions |
Option 1: Automated Policy Changes |
Option 2: Manual Policy Changes |
Frequently Asked Questions (FAQ) |
Contacts |
References |