How to Setup Oracle Cloud Infrastructure for Oracle Analytics Cloud

Compartments are logical containers used to organize and isolate resources (such as compute instances, storage, databases, etc.) within your OCI tenancy. This is the first security step to ensure that your resources are isolated for specific users, departments, groups, etc., which should be done prior to configuring the analytics instance.

In addition to organizing resources, compartments allow you to track usage, billing, auditing, and cost management, making it easy to analyze how your resources are being accessed and utilized in an organized manner. To create a compartment, navigate to Identity & Security, then from the menu choose Compartments.

Identity Domains are a security and identity boundary within your OCI tenancy that allows you to separate users, groups, authentication settings, etc., for different departments or teams. Each domain can have its own administrators, password policies, and more. Creating additional domains is great for delegated administration and allowing different teams to manage their own users and permission structures. The users who have been added to the custom domain will access the Analytics Cloud instance through that domain.

Your visual analytics journey has just begun.

Review benefits to see all the ways Playfair+ supports your data analyses.

Review benefits

Note that this step is not necessarily required as you can use the default domain of the root tenancy. But creating a separate domain(s) should be considered, as it adds an additional layer of security and access management. To create a new domain, navigate to Identity & Security, then select Domains from the menu.

Creating users for Analytics Cloud isn’t done directly inside the OAC service. Instead, you manage users through the Oracle Cloud Infrastructure IAM. Start by opening the Navigation menu → Identity & Security → Domains. Select your IAM domain (either the default domain or a custom domain that you’ve created). Go to Users and click Create User. Provide user details (name, email, etc.). The user will receive an email to set their password and login.

Groups in Oracle Cloud Infrastructure is a collection of users that you manage as a single entity for the purpose of assigning permissions via IAM policies. Grouping users is useful if you have multiple teams that require access to different compartments or Cloud resources. If you need to restrict user access to different Cloud resources, then it is important not to skip this step as you cannot create or manage permissions (via Policies; described in the next section) for individual users. Policies can only be created for Groups of users.

To create a Group, navigate to the IAM domain (either the default domain or your custom domain) and go to Groups. Select an existing group or create a new one (e.g., OAC-Users). Add the user(s) to this group.

Policies grant group-specific permissions in a compartment or tenancy. It answers the question: “Who can do what on which resources and in what scope?”. In other words, they are statements that define permissions for groups of users to access and manage OCI resources. Similar to Groups, Policies are most useful when you are managing multiple teams who have different access requirements for your Cloud services or resources.

For example, if you’ve created a compartment that contains an analytics instance, you can write a policy that grants a group of users the ability to develop or create new analytics instances while restricting a separate group of users with only the ability to view the instances within the compartment.

I would like to again emphasize the difference between IAM Policies and OAC permissions. Policies deliver or restrict access and management to groups of users for different Cloud resources such as compute instances, storage, applications, etc. Whereas within the Analytics Cloud instance, there is an entirely separate permissioning structure where you can set permissions to different folders, workbooks, and data sources for specific users.

To define a policy that gives a group permission to use the OAC instance, go to Identity & Security → Policies. Create a policy in the compartment where the OAC instance resides.

Creating an Oracle Analytics Cloud instance

The analytics instance is where the data visualization development will be done within Oracle Analytics Cloud. Before creating the instance, first ensure that you have the proper IAM permissions set up, or at a minimum, a compartment where the instance should be stored. The following are basic instructions to create an analytics instance and do not cover how to create a Virtual Cloud Network (VCN) or other advanced Data Base Administration (DBA) setups, which may or may not be required for your organization. If you need assistance understanding which options would be best suited for your organization, I’d recommend contacting your administrator and/or the Oracle Support team.

Learn to navigate uncharted waters.

Upgrade to Core or Premium benefits to take your data skills even further.

Upgrade now

In the main navigation window, choose Analytics & AI, then Analytics Cloud.

Choose the desired compartment on the left-hand side, then select “Create Instance”.

Give the instance a name, description, ensure it’s the correct compartment, and capacity (either OCPU or Users). If you choose OCPU, select the OCPU Count. Choose the License, Edition, and Software Update.

💡 Oracle Compute Units (OCPUs) are the number of compute hours used as part of the Oracle Compute Cloud Service. The higher the OCPUs chosen, the more it will cost per hour. The User model charges a flat monthly rate based on the number of users allocated to the instance.

In the advanced settings, you can define the Access Type, Identity Management, Data Encryption, and Tagging. If your users have been provisioned through a custom identity domain, then be sure to change the “Identity Management” from the root tenancy to the custom domain. Otherwise, for a basic setup, you can leave these as the default settings. But to ensure your instance is properly configured, I’d recommend contacting your administrator and/or the Oracle Support team.

After all your settings have been provisioned, click Create. After a few minutes, the instance will be created and you can start building.

While you as the administrator can start using the Analytics instance, there is one more step required to give your team access. Navigate back to Identity & Security, choose Domains, and select the custom identity domain that you’ve created. 

From the top menu under Identity, choose Oracle cloud services, then choose the Analytics instance that you’ve created.

Choose Application roles from the top menu. Then from the available options select the proper role for your group of users, choose Manage groups, and assign the group to the role. And you’re done!

While configuring the Cloud environment can be a challenging task, it is an essential step to ensuring that your resources are safe and secure. I hope that this tutorial helps speed up your OCI and OAC setup process so you can get to the fun of analytics engineering in Oracle Analytics Cloud!

Thanks for reading,
Dan