Oracle Cloud Infrastructure Documentation

Managing Access Requests with Operator Access Control

Learn how to manage Oracle operator access requests to your Oracle Cloud@Customer Infrastructure and Compute Cloud@Customer dedicated infrastructure using Operator Access Control.

State of an Access Request

Review the list of states in which an Oracle operator access request can be listed in a status check.

Table 3-1 States of an Access Request

State Description

RAISED

Operator has submitted an access request, and the approver or the system has not taken any action on the request.

IN-REVIEW

The approver is reviewing the details of the access request before taking an approval action. The request is awaiting the approver’s decision.

MORE INFO-REQUESTED

The approver has requested additional information or clarification from the operator before proceeding with the approval. The request remains pending until the operator provides the required details.

APPROVED FOR FUTURE

The access request has been approved in advance for a future start time. The request will move to Approved status automatically when the scheduled access period begins.

IN-PROCESS

The system is processing the last action taken on the access request.

APPROVED

Approver has approved the access request.

PRE-APPROVED

The system has automatically approved the access request.
EXTENSION REQUESTED

Operator requests an extension of the period of the access request to have sufficient additional time for one or more operators to complete the task.

REJECTED

Approver has rejected the access request.
REVOKED

Approver has revoked the approval on a request. Any operator that may have been accessing the system have been disconnected from the system. No new actions can be taken on the request.
COMPLETED

The maintenance work for which the system access was requested is completed.

EXPIRED

Access request approval time period has expired. The operator cannot access the system without raising and obtaining approval for a new access request.

FAILED TO CLOSE

The system could not close an open access request. The close could have been triggered by REVOKE / COMPLETE / EXPIRE. Contact Oracle support.

View the List of Access Requests

When you receive a notice of an operator access request, you can view the list of all access requests by compartment, and accept or reject an access request.

You can Approve, Reject, Approve Extension, Reject Extension, and Revoke access requests.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.

Requests are listed by their Request IDs. The Resource Name column displays the name of the resource for which the request was raised, while the Resource Type column indicates the type of resource (for example, Autonomous Exadata VM Cluster or Exadata Infrastructure). The State column shows the current status of each request. The Access Duration column specifies the duration of access in hours. The Requested column displays the date and time when the request was submitted.

The Severity column displays the severity level set by the operator.

  • Severity 1 — Critical

    Complete loss of service for mission-critical operations, where work cannot reasonably continue until the issue is resolved. Immediate attention is required.

  • Severity 2 — High

    Significant or degraded loss of service or resources that impacts business operations. The issue needs prompt attention to restore normal functionality.

  • Severity 3 — Medium

    Minor loss or degradation of services or resources with limited operational impact. Work can continue with minimal disruption.

  • Severity 4 — Low

    No work is being impeded at the time. The report is informational in nature, or assistance is requested for a non-urgent matter.

The Access Request Reason column displays the reason provided by the operator for requesting system access. To view details of an individual request, click the corresponding Request ID.

View the Details of an Access Request

To view the details of an access request, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, you can filter Action Requests by Request ID, State, Resource Name, Resource Type, Requested, Severity, Access Duration (hours), or Access Request Reason.
  5. From the list of Access Requests, click the request ID of the request that you want to view details.

    The Access Request Information tab includes details such as access request information, resource information, reason for the request, and other information.

    The Approval Information tab displays details such as the last user who processed the request, the date and time it was processed, and the latest comments.

    The Operator Interaction tab provides the history of interactions between operators and approvers. You can filter the interaction history by user, time, or message.

Filter Access Requests by State

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the workflow state of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select an Action Request from the list.

    You can perform actions based on the state of the Access Request.

    Table 3-2 Actions on Access Requests

    Access Request State Allowed Action

    Raised

    Approve, In-Review, or Reject.

    In Review

    Approve or Reject.

    Approved for future

    Approve or Reject.

    Approved

    Revoke

    In-Process

    No actions.

    Pre-Approved

    Revoke

    Extension Requested

    Approve Extension, Reject Extension, or Revoke.

    Rejected

    No actions.

    Revoked

    No actions.

    Completed

    No actions.

    Expired

    No actions.

    Failed to Close

    No actions.

Filter Access Requests by Resource Name or Resource Type

To review, approve, update, or revoke Access Requests, you can filter the Access Requests based on the resource name or type of the request.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Resource Name or Resource Type from the list.
    • Resource Name:

      Enter the name of the resource, and the click Apply Filter.

    • Resource Type:

      Select the one or more resource types, and then click Apply Filter.

Approve Access Request

When you approve an access request, you permit access, enable or disable keyboard logging, and provide comments for the action as needed.

Note

If the user reviewing access requests is not a member of the Administrator User Group for a compartment, or a member of an identity and access management (IAM) user group specifically granted permissions to approve or revoke access on that compartment, then that user must be granted the privileges inspect identity-providers, inspect groups, and inspect users on the compartment before that user can approve or reject access requests.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Raised from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to approve.
    Note

    If you have not configured notifications, then a warning banner is displayed.
    1. Click Configure.

      Configure notifications dialog is displayed.

    2. In the Configure notifications dialog, enter valid email addresses, and then click Create.
  6. In the Request ID page, click Approve.
  7. In the Approve Access Request page, do the following:
    1. Under Approval Time, select either Approve Now or Approve Later.
    2. Enter an approval comment.
  8. Click Approve.

    In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Review Access Request

To review and acknowledge a Raised Oracle Operator Access Request, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Raised from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to review.
  6. In the Request ID page, click Actions, and then select In Review.
  7. In the Review Access Request dialog, enter a comment.
  8. Click In Review.

Request Access for a Future Date and Time

When you submit an Access Request, you can schedule a future date and time for accessing resources.

The Access Request details page shows the scheduled date and time. Even if your request moves to the Approved state, you can access resources only at the scheduled date and time.

Gather More Information About an Access Request

If you need clarification of the information in the Access Request for you to approve the Access Request, you can use Operator Access Control to send questions to the Oracle operators working on the Access Request.

Oracle operators will answer your question through Operator Access Control interfaces, and you can ask further clarifying questions to get the details you need. To ask for further clarification of details in the Access Request, use the following procedure:

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, for example, select Raised from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to get clarified.
  6. In the Request ID page, click the Operator Interaction tab.
  7. In the Search and Filter field, filter by User, Time, or Message.
  8. Click Ask service provider.
  9. Post your message and click Create.

Download Operator Activity Audit Log Report

To download audit log reports in HTML format, which contains Operator Activity including the commands and keystrokes entered by the operators, use this procedure.

Note

Audit reports are generated automatically or updated periodically.

Audit log reports contain information about the commands and keystrokes entered by operators per session in human-decipherable HTML format. You can download the audit log report for any access that an operator has utilized to access your Exadata infrastructure. The audit log report will be available only if the operator has utilized it to log in to the infrastructure. After the audit log report is generated, it will be available for one year for the customers to download.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. From the list of access requests, identify the Access Request for which you want the audit log report, then click it.
  5. On the access request details page, click Actions, and then select Download Audit Report.

Reject Access Request

To reject an Oracle Operator Access Request that you have previously granted, use this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Raised from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to reject.
  6. In the Request ID page, click Actions, and then select Reject.
  7. In the Reject Access Request dialog, enter a reason for rejecting the request.
  8. Click Reject.

Revoke Access Request

To revoke access to your tenancy after you have granted access, complete this procedure.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Pre-Approved from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to revoke.
  6. In the Request ID page, click Actions, and then select Revoke.
  7. In the Revoke Access Request dialog, enter the explanation for revoking access in the comment field.
  8. Click Revoke.

Approve Extension Request

When you receive an extension request, you approve an extended duration for the system access.

  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Extension Requested from the list.
  5. From the list of Access Requests, click the request ID of the request that you want to extend duration.
  6. In the Request ID page, click Actions, and then select Approve Extension.
  7. In the Approve Extension Request page, do the following:
    1. Enter an approval comment.
  8. Click Approve Extension.

    In the Approval information section of the Access Request details page, you will find information regarding the number of approvals required, the number of approvals received, and the approvers who approved or rejected, as well as when they took action.

Reject Extension Request

If you receive an Oracle Operator access extension request that you want to reject, then use this procedure.

Operator Control access expires when an already approved duration elapses. If the Oracle Operator requests an extension to the duration you approved for access to your infrastructure, and this request is not acceptable, based on your service commitments, or for any other reason, then you can reject that access request.
  1. Log in to your Oracle Cloud Infrastructure tenancy.
  2. Open the navigation menu. Under Oracle AI Database, click Operator Access Control.
  3. Click Access Requests.
  4. In the Search and Filter field, select Extension Requested from the list.
  5. From the list of Access Requests, click the request ID of the request for which you want to reject the extension.
  6. In the Request ID page, click Actions, and then select Reject Extension.
  7. In the Reject Extension Request page, in the comment field, enter your reason for rejecting the extension request.
  8. Click Reject Extension.