oci_adm_knowledge_baseoci_adm_vulnerability_auditoci_ai_anomaly_detection_ai_private_endpointoci_ai_anomaly_detection_data_assetoci_ai_anomaly_detection_modeloci_ai_anomaly_detection_projectoci_analytics_instanceoci_apigateway_apioci_application_migration_migrationoci_application_migration_sourceoci_artifacts_container_imageoci_artifacts_container_image_signatureoci_artifacts_container_repositoryoci_artifacts_generic_artifactoci_artifacts_repositoryoci_autoscaling_auto_scaling_configurationoci_autoscaling_auto_scaling_policyoci_bastion_bastionoci_bastion_sessionoci_bds_bds_instanceoci_budget_alert_ruleoci_budget_budgetoci_certificates_authority_bundleoci_certificates_management_associationoci_certificates_management_ca_bundleoci_certificates_management_certificateoci_certificates_management_certificate_authorityoci_certificates_management_certificate_authority_versionoci_certificates_management_certificate_versionoci_cloud_guard_configurationoci_cloud_guard_detector_recipeoci_cloud_guard_managed_listoci_cloud_guard_responder_recipeoci_cloud_guard_targetoci_container_instances_containeroci_container_instances_container_instanceoci_containerengine_clusteroci_core_block_volume_replicaoci_core_boot_volumeoci_core_boot_volume_attachmentoci_core_boot_volume_backupoci_core_boot_volume_metric_read_opsoci_core_boot_volume_metric_read_ops_dailyoci_core_boot_volume_metric_read_ops_hourlyoci_core_boot_volume_metric_write_opsoci_core_boot_volume_metric_write_ops_dailyoci_core_boot_volume_metric_write_ops_hourlyoci_core_boot_volume_replicaoci_core_cluster_networkoci_core_dhcp_optionsoci_core_drgoci_core_imageoci_core_image_customoci_core_instanceoci_core_instance_configurationoci_core_instance_metric_cpu_utilizationoci_core_instance_metric_cpu_utilization_dailyoci_core_instance_metric_cpu_utilization_hourlyoci_core_internet_gatewayoci_core_load_balanceroci_core_local_peering_gatewayoci_core_nat_gatewayoci_core_network_load_balanceroci_core_network_security_groupoci_core_public_ipoci_core_public_ip_pooloci_core_route_tableoci_core_security_listoci_core_service_gatewayoci_core_subnetoci_core_vcnoci_core_vnic_attachmentoci_core_volumeoci_core_volume_attachmentoci_core_volume_backupoci_core_volume_backup_policyoci_core_volume_default_backup_policyoci_core_volume_groupoci_database_autonomous_databaseoci_database_autonomous_db_metric_cpu_utilizationoci_database_autonomous_db_metric_cpu_utilization_dailyoci_database_autonomous_db_metric_cpu_utilization_hourlyoci_database_autonomous_db_metric_storage_utilizationoci_database_autonomous_db_metric_storage_utilization_dailyoci_database_autonomous_db_metric_storage_utilization_hourlyoci_database_cloud_vm_clusteroci_database_dboci_database_db_homeoci_database_db_systemoci_database_exadata_infrastructureoci_database_pluggable_databaseoci_database_software_imageoci_devops_projectoci_devops_repositoryoci_dns_rrsetoci_dns_tsig_keyoci_dns_zoneoci_events_ruleoci_file_storage_file_systemoci_file_storage_mount_targetoci_file_storage_snapshotoci_functions_applicationoci_functions_functionoci_identity_api_keyoci_identity_auth_tokenoci_identity_authentication_policyoci_identity_availability_domainoci_identity_compartmentoci_identity_customer_secret_keyoci_identity_db_credentialoci_identity_domainoci_identity_dynamic_groupoci_identity_groupoci_identity_network_sourceoci_identity_policyoci_identity_tag_defaultoci_identity_tag_namespaceoci_identity_tenancyoci_identity_useroci_kms_keyoci_kms_key_versionoci_kms_vaultoci_logging_logoci_logging_log_groupoci_logging_searchoci_mysql_backupoci_mysql_channeloci_mysql_configurationoci_mysql_configuration_customoci_mysql_db_systemoci_mysql_db_system_metric_connectionsoci_mysql_db_system_metric_connections_dailyoci_mysql_db_system_metric_connections_hourlyoci_mysql_db_system_metric_cpu_utilizationoci_mysql_db_system_metric_cpu_utilization_dailyoci_mysql_db_system_metric_cpu_utilization_hourlyoci_mysql_db_system_metric_memory_utilizationoci_mysql_db_system_metric_memory_utilization_dailyoci_mysql_heat_wave_clusteroci_network_firewall_firewalloci_network_firewall_policyoci_nosql_tableoci_nosql_table_metric_read_throttle_countoci_nosql_table_metric_read_throttle_count_dailyoci_nosql_table_metric_read_throttle_count_hourlyoci_nosql_table_metric_storage_utilizationoci_nosql_table_metric_storage_utilization_dailyoci_nosql_table_metric_storage_utilization_hourlyoci_nosql_table_metric_write_throttle_countoci_nosql_table_metric_write_throttle_count_dailyoci_nosql_table_metric_write_throttle_count_hourlyoci_objectstorage_bucketoci_objectstorage_objectoci_ons_notification_topicoci_ons_subscriptionoci_queue_queueoci_regionoci_resource_searchoci_resourcemanager_stackoci_streaming_streamoci_vault_secret
Table: oci_identity_compartment - Query OCI Identity Compartments using SQL
Oracle Cloud Infrastructure Identity and Access Management (IAM) service lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources. This is achieved through the use of compartments, which are a fundamental component of Oracle Cloud Infrastructure for organizing and isolating your cloud resources.
Table Usage Guide
The oci_identity_compartment table provides insights into compartments within Oracle Cloud Infrastructure Identity and Access Management (IAM). As a cloud architect or administrator, you can explore compartment-specific details through this table, including compartment names, descriptions, and states. Utilize it to manage and understand your OCI resource organization, such as identifying compartments with specific resources, understanding your compartment hierarchy, and ensuring appropriate resource isolation.
Examples
Basic info
Discover the segments that are in different lifecycle states within your OCI Identity Compartments. This could be useful in assessing the elements within your compartments and understanding their statuses for better resource management.
select name, lifecycle_state, id, compartment_id as parent_compartmentfrom oci.oci_identity_compartmentselect name, lifecycle_state, id, compartment_id as parent_compartmentfrom oci_identity_compartmentDetails joined with parent compartment
Analyze the settings to understand the relationship between different compartments within an OCI identity compartment hierarchy. This is useful for understanding the structure and dependencies within your OCI environment.
select child.name as name, coalesce(parent.name, 'root') as parent_compartment, child.id as id, coalesce(parent.id, child.tenant_id) as parent_compartment_idfrom oci_identity_compartment child left join oci_identity_compartment parent on (child.compartment_id = parent.id)order by parent.name;select child.name as name, coalesce(parent.name, 'root') as parent_compartment, child.id as id, coalesce(parent.id, child.tenant_id) as parent_compartment_idfrom oci_identity_compartment as child left join oci_identity_compartment as parent on child.compartment_id = parent.idorder by parent.name;Full path of the compartments
This query is useful in tracking the full path of active compartments within a system. It aids in system organization and management by allowing users to understand the hierarchical structure of compartments, thereby facilitating easier navigation and data retrieval.
with recursive compartments as ( select name, id, compartment_id, tenant_id, name as path, name as last_name, id as last_id from oci_identity_compartment where lifecycle_state = 'ACTIVE' union all select oci_identity_compartment.name, oci_identity_compartment.id, oci_identity_compartment.compartment_id, oci_identity_compartment.tenant_id, oci_identity_compartment.name || '/' || compartments.path, compartments.last_name, compartments.last_id from oci_identity_compartment join compartments on oci_identity_compartment.id = compartments.compartment_id)select last_id as compartment_id, last_name as name, pathfrom compartmentswhere compartment_id = tenant_idorder by path;with recursive compartments as ( select name, id, compartment_id, tenant_id, name as path, name as last_name, id as last_id from oci_identity_compartment where lifecycle_state = 'ACTIVE' union all select oci_identity_compartment.name, oci_identity_compartment.id, oci_identity_compartment.compartment_id, oci_identity_compartment.tenant_id, oci_identity_compartment.name || '/' || compartments.path, compartments.last_name, compartments.last_id from oci_identity_compartment join compartments on oci_identity_compartment.id = compartments.compartment_id)select last_id as compartment_id, last_name as name, pathfrom compartmentswhere compartment_id = tenant_idorder by path;Query examples
- blockstorage_block_volume_age_report
- blockstorage_block_volume_by_compartment
- blockstorage_block_volume_encryption_report
- blockstorage_block_volume_input
- blockstorage_block_volume_storage_by_compartment
- blockstorage_block_volume_unattached_report
- blockstorage_boot_volume_age_report
- blockstorage_boot_volume_by_compartment
- blockstorage_boot_volume_encryption_report
- blockstorage_boot_volume_input
- blockstorage_boot_volume_storage_by_compartment
- blockstorage_boot_volume_unattached_report
- compartment_count
- compartment_table
- compute_instance_age_report
- compute_instance_by_compartment
- compute_instance_input
- database_autonomous_database_input
- database_autonomous_db_age_report
- database_autonomous_db_by_compartment
- filestorage_filesystem_age_report
- filestorage_filesystem_by_compartment
- filestorage_filesystem_input
- key_vault_input
- kms_key_age_report
- kms_key_by_compartment
- kms_key_input
- kms_vault_age_report
- kms_vault_by_compartment
- mysql_backup_age_report
- mysql_backup_by_compartment
- mysql_backup_storage_by_compartment
- mysql_db_system_age_report
- mysql_db_system_by_compartment
- mysql_db_system_input
- mysql_db_system_storage_by_compartment
- nosql_table_age_report
- nosql_table_by_compartment
- nosql_table_input
- objectstorage_bucket_age_report
- objectstorage_bucket_by_compartment
- objectstorage_bucket_encryption_report
- objectstorage_bucket_input
- objectstorage_bucket_lifecycle_report
- objectstorage_bucket_public_access_report
- oci_vcn_by_compartment
- oci_vcn_security_group_unrestricted_ingress_rdp_count
- oci_vcn_security_group_unrestricted_ingress_ssh_count
- oci_vcn_security_groups_by_compartment
- oci_vcn_security_list_by_compartment
- oci_vcn_security_list_unrestricted_ingress_rdp_count
- oci_vcn_security_list_unrestricted_ingress_ssh_count
- oci_vcn_subnet_by_compartment
- ons_notification_topic_age_report
- ons_notification_topic_by_compartment
- ons_notification_topic_input
- ons_subscription_age_report
- ons_subscription_by_compartment
- vcn_input
- vcn_network_security_group_input
- vcn_security_list_input
- vcn_subnet_input
Control examples
- CIS v1.1.0 > 2 Networking > 2.1 Ensure no security lists allow ingress from 0.0.0.0/0 to port 22
- CIS v1.1.0 > 2 Networking > 2.2 Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389
- CIS v1.1.0 > 2 Networking > 2.3 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22
- CIS v1.1.0 > 2 Networking > 2.4 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389
- CIS v1.1.0 > 2 Networking > 2.5 Ensure the default security list of every VCN restricts all traffic except ICMP
- CIS v1.1.0 > 3 Logging and Monitoring > 3.10 Ensure a notification is configured for changes to route tables
- CIS v1.1.0 > 3 Logging and Monitoring > 3.11 Ensure a notification is configured for security list changes
- CIS v1.1.0 > 3 Logging and Monitoring > 3.12 Ensure a notification is configured for network security group changes
- CIS v1.1.0 > 3 Logging and Monitoring > 3.13 Ensure a notification is configured for changes to network gateways
- CIS v1.1.0 > 3 Logging and Monitoring > 3.14 Ensure VCN flow logging is enabled for all subnets
- CIS v1.1.0 > 3 Logging and Monitoring > 3.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually
- CIS v1.1.0 > 3 Logging and Monitoring > 3.3 Create at least one notification topic and subscription to receive monitoring alerts
- CIS v1.1.0 > 3 Logging and Monitoring > 3.4 Ensure a notification is configured for Identity Provider changes
- CIS v1.1.0 > 3 Logging and Monitoring > 3.5 Ensure a notification is configured for IdP group mapping changes
- CIS v1.1.0 > 3 Logging and Monitoring > 3.6 Ensure a notification is configured for IAM group changes
- CIS v1.1.0 > 3 Logging and Monitoring > 3.7 Ensure a notification is configured for IAM policy changes
- CIS v1.1.0 > 3 Logging and Monitoring > 3.8 Ensure a notification is configured for user changes
- CIS v1.1.0 > 3 Logging and Monitoring > 3.9 Ensure a notification is configured for VCN changes
- CIS v1.1.0 > 4 Object Storage > 4.1 Ensure no Object Storage buckets are publicly visible
- CIS v1.1.0 > 5 Asset Management > 5.1 Create at least one compartment in your tenancy to store cloud resources
- CIS v1.2.0 > 2 Networking > 2.1 Ensure no security lists allow ingress from 0.0.0.0/0 to port 22
- CIS v1.2.0 > 2 Networking > 2.2 Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389
- CIS v1.2.0 > 2 Networking > 2.3 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22
- CIS v1.2.0 > 2 Networking > 2.4 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389
- CIS v1.2.0 > 2 Networking > 2.5 Ensure the default security list of every VCN restricts all traffic except ICMP
- CIS v1.2.0 > 2 Networking > 2.8 Ensure Oracle Autonomous Shared Databases (ADB) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- CIS v1.2.0 > 3 Logging and Monitoring > 3.10 Ensure a notification is configured for changes to route tables
- CIS v1.2.0 > 3 Logging and Monitoring > 3.11 Ensure a notification is configured for security list changes
- CIS v1.2.0 > 3 Logging and Monitoring > 3.12 Ensure a notification is configured for network security group changes
- CIS v1.2.0 > 3 Logging and Monitoring > 3.13 Ensure a notification is configured for changes to network gateways
- CIS v1.2.0 > 3 Logging and Monitoring > 3.14 Ensure VCN flow logging is enabled for all subnets
- CIS v1.2.0 > 3 Logging and Monitoring > 3.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually
- CIS v1.2.0 > 3 Logging and Monitoring > 3.3 Create at least one notification topic and subscription to receive monitoring alerts
- CIS v1.2.0 > 3 Logging and Monitoring > 3.4 Ensure a notification is configured for Identity Provider changes
- CIS v1.2.0 > 3 Logging and Monitoring > 3.5 Ensure a notification is configured for IdP group mapping changes
- CIS v1.2.0 > 3 Logging and Monitoring > 3.6 Ensure a notification is configured for IAM group changes
- CIS v1.2.0 > 3 Logging and Monitoring > 3.7 Ensure a notification is configured for IAM policy changes
- CIS v1.2.0 > 3 Logging and Monitoring > 3.8 Ensure a notification is configured for user changes
- CIS v1.2.0 > 3 Logging and Monitoring > 3.9 Ensure a notification is configured for VCN changes
- CIS v1.2.0 > 4 Storage > 4.1 Object Storage > 4.1.1 Ensure no Object Storage buckets are publicly visible
- CIS v1.2.0 > 4 Storage > 4.1 Object Storage > 4.1.2 Ensure Object Storage Buckets are encrypted with a Customer Managed Key
- CIS v1.2.0 > 4 Storage > 4.1 Object Storage > 4.1.3 Ensure Versioning is Enabled for Object Storage Buckets
- CIS v1.2.0 > 4 Storage > 4.2 Block Volumes > 4.2.1 Ensure Block Volumes are encrypted with Customer Managed Keys (CMK)
- CIS v1.2.0 > 4 Storage > 4.2 Block Volumes > 4.2.2 Ensure boot volumes are encrypted with Customer Managed Key (CMK)
- CIS v1.2.0 > 4 Storage > 4.3 File Storage Service > 4.3.1 Ensure File Storage Systems are encrypted with Customer Managed Keys (CMK)
- CIS v1.2.0 > 5 Asset Management > 5.1 Create at least one compartment in your tenancy to store cloud resources
- CIS v2.0.0 > 2 Networking > 2.1 Ensure no security lists allow ingress from 0.0.0.0/0 to port 22
- CIS v2.0.0 > 2 Networking > 2.2 Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389
- CIS v2.0.0 > 2 Networking > 2.3 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22
- CIS v2.0.0 > 2 Networking > 2.4 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389
- CIS v2.0.0 > 2 Networking > 2.5 Ensure the default security list of every VCN restricts all traffic except ICMP
- CIS v2.0.0 > 2 Networking > 2.8 Ensure Oracle Autonomous Shared Databases (ADB) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- CIS v2.0.0 > 3 Compute > 3.1 Ensure Compute Instance Legacy Metadata service endpoint is disabled
- CIS v2.0.0 > 3 Compute > 3.3 Ensure In-transit Encryption is enabled on Compute Instance
- CIS v2.0.0 > 4 Logging and Monitoring > 4.10 Ensure a notification is configured for security list changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.11 Ensure a notification is configured for network security group changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.12 Ensure a notification is configured for changes to network gateways
- CIS v2.0.0 > 4 Logging and Monitoring > 4.13 Ensure VCN flow logging is enabled for all subnets
- CIS v2.0.0 > 4 Logging and Monitoring > 4.15 Ensure a notification is configured for Oracle Cloud Guard problems detected
- CIS v2.0.0 > 4 Logging and Monitoring > 4.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually
- CIS v2.0.0 > 4 Logging and Monitoring > 4.2 Create at least one notification topic and subscription to receive monitoring alerts
- CIS v2.0.0 > 4 Logging and Monitoring > 4.3 Ensure a notification is configured for Identity Provider changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.4 Ensure a notification is configured for IdP group mapping changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.5 Ensure a notification is configured for IAM group changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.6 Ensure a notification is configured for IAM policy changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.7 Ensure a notification is configured for user changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.8 Ensure a notification is configured for VCN changes
- CIS v2.0.0 > 4 Logging and Monitoring > 4.9 Ensure a notification is configured for changes to route tables
- CIS v2.0.0 > 5 Storage > 5.1 Object Storage > 5.1.1 Ensure no Object Storage buckets are publicly visible
- CIS v2.0.0 > 5 Storage > 5.1 Object Storage > 5.1.2 Ensure Object Storage Buckets are encrypted with a Customer Managed Key
- CIS v2.0.0 > 5 Storage > 5.1 Object Storage > 5.1.3 Ensure Versioning is Enabled for Object Storage Buckets
- CIS v2.0.0 > 5 Storage > 5.2 Block Volumes > 5.2.1 Ensure Block Volumes are encrypted with Customer Managed Keys (CMK)
- CIS v2.0.0 > 5 Storage > 5.2 Block Volumes > 5.2.2 Ensure boot volumes are encrypted with Customer Managed Key (CMK)
- CIS v2.0.0 > 5 Storage > 5.3 File Storage Service > 5.3.1 Ensure File Storage Systems are encrypted with Customer Managed Keys (CMK)
- CIS v2.0.0 > 6 Asset Management > 6.1 Create at least one compartment in your tenancy to store cloud resources
Schema for oci_identity_compartment
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| compartment_id | text | The OCID of the compartment in Tenant in which the resource is located. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| description | text | The description you assign to the compartment. | |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | = | The OCID of the compartment. |
| inactive_status | bigint | The detailed status of INACTIVE lifecycleState | |
| is_accessible | boolean | Indicates whether or not the compartment is accessible for the user making the request. | |
| lifecycle_state | text | = | The compartment's current state. |
| name | text | = | The name assigned to the compartment during creation |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | Date and time the user was created. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_identity_compartment