Oracle Cloud Infrastructure Documentation

Configuring an IoT Domain's Data Access

Configuring access to your view your data is optional and depends on which system you want to use to consume your data.

Depending on where you want to view your data configure you configure authentication options for the specific system you want to connect to.

  • When you create a domain you can specify the data access options. After a domain is created, you can change the options to authenticate connection to access your data.

    1. On the domains list page, select the domain you want to work with. If you need help finding the list page or an IoT domain, see Listing IoT Domains.
    2. To view which authentication options are configured for this IoT domain, select the data access tab.

      Depending on the type of data connection that's configured for the domain, view the IoT domain group's authentication details. For example, if you see Identity group names, then the IoT domain is configured to authenticate to view IoT data using ORDS.

    3. To update which option the IoT domain uses to view the IoT data, select the Actions menu, and then select Change Data Access.
    4. Select any Access type to enter the authentication details to view data for this IoT domain in any of the follow systems:
      • direct data access: If you want to establish a direct connection to the database to view data in the database then you must create an Identity dynamic group. Or if you want to connect to Analytics Cloud, then you must configure create an Identity domain user. After that, enter the IAM Identity group or groups allowed to connect to the database.

        If multiple Identity domain users are set up, then add multiple Identity groups to access data for this IoT domain, select Add another Identity Group.

        Enter any of the following options for the IAM Identity group:

        • An <identity-group-name> is either the Identity group of users or an Identity dynamic group.
        • If the <identity-group-name> is in the default Identity domain use this format:

          <tenancy-OCID:<identity-group-name>

        • If the <identity-group-name> is not in the default Identity domain, use this format to specify to Identity domain name for the Identity domain group of users or the identity dynamic group:

          <tenancy-OCID:<identity-domain-name>/<identity-group-name>

      • Oracle REST Data Services (ORDS) access: To configure access your data in ORDS, enter the Identity domain host name that's authorized to establish a connection to the data host using ORDS:

        idcs-<unique-id>.identity.oraclecloud.com

      • Oracle Application Express (APEX) access: If you configure access your data in APEX, enter the initial APEX password for the APEX workspace for your IoT domain:

        <your-apex-initial-password>

        Note

        The initial APEX password must be at least 12 characters.
    5. Select Update.
    6. (Optional) To view the work request for an update, go to the domain, and then select the work request tab.

      Select the work request operation name to view the OCID.

      Select Messages to see the related logs messages, log errors, and the associated resources. For example, the associated resources for domain groups displays the related domains.

      For more information, see Getting a Work Request's Details for your Internet of Things.

  • Configuration depends on which system you want to connect to view your IoT data. Both of the following ways to require using the oci iot domain configure-direct-data-access command during the configuration process:

    Use the oci iot domain configure-direct-data-access command and the required parameters to configure an IoT domain's authentication to establish a direct database connection.

    Replace the <tenancy-OCID:<identity-group-name> with the values for your environment. <identity-group-name> can refer to either identity group of users or identity dynamic group.

    • For the <identity-group-name> parameter, you can refer to either the identity group of users or the identity dynamic group: <tenancy-OCID>:<identity-group-name>
    • If the <identity-domain-name> is not in the default Identity domain, then you must specify the <identity-domain-name>. For example:

      <tenancy-OCID>:<identity-domain-name>/<identity-group-name>

    oci iot domain configure-direct-data-access --iot-domain-id <iot-domain-OCID> --db-allow-listed-identity-group-names '["<tenancy-OCID:<identity-domain-name>/<identity-group-name>"]'

    To view your data in ORDS requires configuring access to view your IoT data in ORDS this configuration process uses the following command.

    Use the oci iot domain configure-ords-data-access command and required parameters to configure an IoT domain's access to Oracle REST Data Services (ORDS):

    oci iot domain configure-ords-data-access --iot-domain-id <iot-domain-OCID> --db-allowed-identity-domain-host <idcs-<unique-id>.identity.oraclecloud.com>

    To view your data in APEX requires configuring access to view your IoT data in APEX using the following command.

    Use the oci iot domain configure-apex-data-access command and required parameters to configure an IoT domain's access to Oracle Application Express (APEX):

    oci iot domain configure-apex-data-access --iot-domain-id <iot-domain-OCID> --db-workspace-admin-initial-password "<your-apex-initial-password>"
    Note

    The initial APEX password must be at least 12 characters.

    For a complete list of parameters and values for CLI commands, see CLI Command Reference.

  • Run the ConfigureIotDomainDataAccess operation to authenticate an IoT domain to establish a direct database connection:

    If you want to query your IoT data directly in the database, then you must configure a direct database connection or if you want to connect to Oracle Analytics Cloud, then you must configure a database connection to Oracle Analytics Cloud. As part of the configuration process you can use the API to add the Identity domain user or group to an IoT domain that's configured to connect to the IoT database, for example:
    POST /20250531/iotDomains/{iotDomainId}/actions/configureDataAccess
{
    "type": "DIRECT", 
    "dbAllowlistedIdentityGroupNames": ["<identity-group-name>",...]
}
    To view your data in ORDS requires configuring access to view your IoT data in ORDS. As part of the configuration process you can use the API to add the Identity domain host to an IoT domain to connect to Oracle REST Data Services (ORDS), for example:
    POST /20250531/iotDomains/{iotDomainId}/actions/configureDataAccess
{
    "type": "ORDS",
    "dbAllowedIdentityDomainHost": "<idcs-<unique-id>.identity.oraclecloud.com>"
}
    To view your data in APEX requires configuring access to view your IoT data in APEX. As part of this configuration process you can use the API to configure your APEX for the IoT domain, for example:
    POST /20250531/iotDomains/{iotDomainId}/actions/configureDataAccess
{
  "type": "APEX",
  "dbWorkspaceAdminInitialPassword": "<your-apex-initial-password>"
}
    Note

    The initial APEX password must be at least 12 characters.