An OCI user does not ≠ ADB user
Creating an additional user in your Oracle Cloud Infrastructure (OCI) is not the same thing as creating an additional user in your Autonomous Database (ADB). I spent about two days (on and off) last week, wrapping my head around this. Maybe you knew this…I did not.
Chris Hoina – 2022
If however, you want to create an additional OCI user; one that would be able to access various resources in OCI, then please bookmark this page. This is all you need to get started.
However, you may not even need to create this additional user (as was the case with me). While I followed the steps in that documentation (very simple/straightforward actually), it wasn’t till after I finished, did I realize that doing it was completely unnecessary. What I was really trying to do was create a new database user, not an OCI user. The steps are different, simpler.
Federations
Another area that I got really hung up was with “Federations”. This was a relatively new concept for me. And I’m not sure if I should even do a deep dive on how Federations work. However, let it be known, if I receive even one (legitimate) comment on this subject, I will put together a treatise on Federations in OCI.
It took me about a day and a half to educate myself on how Federations and Identity Providers work in OCI. So, if you are reading this, and you think you’d benefit from a standalone article, then let me know. Otherwise, this page and this page are both very helpful for learning more about Federations in OCI.
Are you me?
If so, then you are acting as an administrator in your Always Free OCI account, as well as the database administrator. Being both is confusing for me, and maybe it is for you too. Since I don’t consider myself a traditional user (I’m blurring the lines when it comes to the different roles), I’m tasked with managing my OCI tenancy and also setting up my development environment. All this so I can begin to work on some applications/proofs of concepts (POCs) for interacting with my Autonomous Database via ORDS (Oracle REST Database Services aka our REST APIs).
Don’t be like me and allow yourself to get too weighed down with all the technical jargon thrown your way. Naturally, our docs read like they are geared toward the System or Database Administrator. And this makes sense; remember when you are in your tenancy you’re the de-facto admin for everything. At a larger organization/enterprise a developer would probably never do any of this setup. You’d just sign in to the database directly or connect via a command line.
Workflow for the “Every Person”
But for me (with my limited experience), the workflow looks something like this:
Start here
Sign-up for an Oracle Cloud Account. You’ll be provided a Cloud Account Name* and credentials.
*You’ll also hear this account being referred to as your Tenancy name (you can modify the name later if you want).
Next, create an Autonomous Database and create the “ADMIN” credentials* for said database. You can see how to do that in Lab 1 of this workshop.
REMINDER: This administrator is different that the OCI Tenancy administrator.
Add a new user by:
Navigating to your Autonomous Database under “Oracle Database”. It might be in your recently viewed.
After you click the database, you’ll see this screen. Click “Database Actions”. You’ll link out to the Database Actions dashboard.
Select the Database Users option in the Administration section.
Select the “Create User” option.
At a minimum, you’ll want to enable “Web Access” for this user. This will automatically grant two roles for the user:
- CONNECT
- RESOURCE
Both are needed for the developer though.
If you want to take a look at the different roles available, click this tab. Scrolling through, you can see the CONNECT and RESOURCE roles are checked.
HINT: You can always go back and edit the roles if more roles need to be granted. Both are needed for the developer though.
Finish (kind of)
Once complete, you’ll see a URL in that user’s newly-created tile. This URL will link you out to a login page, for accessing the Database Actions console. Since you are the only user, you’ll just want to document the URL. Otherwise, as the admin, I’m assuming you’d share this with the respective recipient.
Next Up
From here on out, I’ll do all my development work with this account (I called mine “appdev”), to mimic what a typical user might encounter in a practical setting.
Right now, I’ m wrapping up a python + flask + database course on LinkedIn Learning. So far, its been pretty informative. If you are interested, you can take a look as well (to see the direction I’m headed). My goal will be to use the templates in this course as a resource for connecting to my database, but with ORDS.
I hope to have something small in the next week or so. And I’ll be sharing here, and on my GitHub as well. So stay tuned.
Helpful resources
What I did here was very simplified, a distillation for creating a new user in your Autonomous Database. But I’ll include some of the resources that helped get me to this level of understanding:
- Autonomous Database Workshop (I also mentioned this earlier in the post)
- Oracle Cloud Infrastructure Foundations (I’ve completed this, and can confirm it is a helpful course)
- Python + Flask Web App course (I’m currently enrolled, so far it has been a great experience)
- Oracle REST Data Services (ORDS) documentation
- ORDS forum
Find me
And that’s it for now. But if you want to follow along then check me out at these places…