Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 14 Oracle Analytics Lounge
- 211 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 77 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
allow provisioning OAC instance without idcs_access_token
As of now user member of IDCS admin role need to generate an idcs_access_token and hand over to a user provisioning an OAC instance via terraform.
This is because terraform oci_analytics_analytics_instance resource has this requirement.
Please consider implementing separate OAC resource for encapsulating such idcs_access_token - to be provisioned by separate privileged user - e.g. oci_analytics_analytics_instance_idcs_access_token
This way instead of exposing such privileged information (that token is kinda "God" mode token, through which the user can even manipulate users, groups of the tenancy) please make it possible to reference an oci_analytics_analytics_instance_idcs_access_token by its ocid and the actual token remains protected.
Comments
-
Without this support OAC instance can only be provisioned by tenancy (more specifically tenancy IDCS) admins which is also not a good practice.
3 -
Alternatives to use of idcs access tokens are under review.
1
