oci_adm_knowledge_baseoci_adm_vulnerability_auditoci_ai_anomaly_detection_ai_private_endpointoci_ai_anomaly_detection_data_assetoci_ai_anomaly_detection_modeloci_ai_anomaly_detection_projectoci_analytics_instanceoci_apigateway_apioci_application_migration_migrationoci_application_migration_sourceoci_artifacts_container_imageoci_artifacts_container_image_signatureoci_artifacts_container_repositoryoci_artifacts_generic_artifactoci_artifacts_repositoryoci_autoscaling_auto_scaling_configurationoci_autoscaling_auto_scaling_policyoci_bastion_bastionoci_bastion_sessionoci_bds_bds_instanceoci_budget_alert_ruleoci_budget_budgetoci_certificates_authority_bundleoci_certificates_management_associationoci_certificates_management_ca_bundleoci_certificates_management_certificateoci_certificates_management_certificate_authorityoci_certificates_management_certificate_authority_versionoci_certificates_management_certificate_versionoci_cloud_guard_configurationoci_cloud_guard_detector_recipeoci_cloud_guard_managed_listoci_cloud_guard_responder_recipeoci_cloud_guard_targetoci_container_instances_containeroci_container_instances_container_instanceoci_containerengine_clusteroci_core_block_volume_replicaoci_core_boot_volumeoci_core_boot_volume_attachmentoci_core_boot_volume_backupoci_core_boot_volume_metric_read_opsoci_core_boot_volume_metric_read_ops_dailyoci_core_boot_volume_metric_read_ops_hourlyoci_core_boot_volume_metric_write_opsoci_core_boot_volume_metric_write_ops_dailyoci_core_boot_volume_metric_write_ops_hourlyoci_core_boot_volume_replicaoci_core_cluster_networkoci_core_dhcp_optionsoci_core_drgoci_core_imageoci_core_image_customoci_core_instanceoci_core_instance_configurationoci_core_instance_metric_cpu_utilizationoci_core_instance_metric_cpu_utilization_dailyoci_core_instance_metric_cpu_utilization_hourlyoci_core_internet_gatewayoci_core_load_balanceroci_core_local_peering_gatewayoci_core_nat_gatewayoci_core_network_load_balanceroci_core_network_security_groupoci_core_public_ipoci_core_public_ip_pooloci_core_route_tableoci_core_security_listoci_core_service_gatewayoci_core_subnetoci_core_vcnoci_core_vnic_attachmentoci_core_volumeoci_core_volume_attachmentoci_core_volume_backupoci_core_volume_backup_policyoci_core_volume_default_backup_policyoci_core_volume_groupoci_database_autonomous_databaseoci_database_autonomous_db_metric_cpu_utilizationoci_database_autonomous_db_metric_cpu_utilization_dailyoci_database_autonomous_db_metric_cpu_utilization_hourlyoci_database_autonomous_db_metric_storage_utilizationoci_database_autonomous_db_metric_storage_utilization_dailyoci_database_autonomous_db_metric_storage_utilization_hourlyoci_database_cloud_vm_clusteroci_database_dboci_database_db_homeoci_database_db_systemoci_database_exadata_infrastructureoci_database_pluggable_databaseoci_database_software_imageoci_devops_projectoci_devops_repositoryoci_dns_rrsetoci_dns_tsig_keyoci_dns_zoneoci_events_ruleoci_file_storage_file_systemoci_file_storage_mount_targetoci_file_storage_snapshotoci_functions_applicationoci_functions_functionoci_identity_api_keyoci_identity_auth_tokenoci_identity_authentication_policyoci_identity_availability_domainoci_identity_compartmentoci_identity_customer_secret_keyoci_identity_db_credentialoci_identity_domainoci_identity_dynamic_groupoci_identity_groupoci_identity_network_sourceoci_identity_policyoci_identity_tag_defaultoci_identity_tag_namespaceoci_identity_tenancyoci_identity_useroci_kms_keyoci_kms_key_versionoci_kms_vaultoci_logging_logoci_logging_log_groupoci_logging_searchoci_mysql_backupoci_mysql_channeloci_mysql_configurationoci_mysql_configuration_customoci_mysql_db_systemoci_mysql_db_system_metric_connectionsoci_mysql_db_system_metric_connections_dailyoci_mysql_db_system_metric_connections_hourlyoci_mysql_db_system_metric_cpu_utilizationoci_mysql_db_system_metric_cpu_utilization_dailyoci_mysql_db_system_metric_cpu_utilization_hourlyoci_mysql_db_system_metric_memory_utilizationoci_mysql_db_system_metric_memory_utilization_dailyoci_mysql_heat_wave_clusteroci_network_firewall_firewalloci_network_firewall_policyoci_nosql_tableoci_nosql_table_metric_read_throttle_countoci_nosql_table_metric_read_throttle_count_dailyoci_nosql_table_metric_read_throttle_count_hourlyoci_nosql_table_metric_storage_utilizationoci_nosql_table_metric_storage_utilization_dailyoci_nosql_table_metric_storage_utilization_hourlyoci_nosql_table_metric_write_throttle_countoci_nosql_table_metric_write_throttle_count_dailyoci_nosql_table_metric_write_throttle_count_hourlyoci_objectstorage_bucketoci_objectstorage_objectoci_ons_notification_topicoci_ons_subscriptionoci_queue_queueoci_regionoci_resource_searchoci_resourcemanager_stackoci_streaming_streamoci_vault_secret
Table: oci_identity_tenancy - Query OCI Identity Tenancies using SQL
The OCI Identity Tenancy is a dedicated instance of Oracle Cloud Infrastructure resources. It is the root compartment that contains all of the organization's resources. A tenancy is provisioned in a specific Oracle Cloud Infrastructure region, but it has access to all global regions.
Table Usage Guide
The oci_identity_tenancy table provides insights into the tenancies within Oracle Cloud Infrastructure Identity. As a cloud administrator, you can explore tenancy-specific details through this table, including the home region, description, and name. Utilize it to uncover information about tenancies, such as their ID, status, and time created, which can be useful for managing and auditing cloud resources.
Examples
Basic info
Explore the basic information about your Oracle Cloud Infrastructure (OCI) tenancy, such as its name and ID, as well as understanding its retention period and description. This is useful for getting a quick overview of your tenancy's configuration and settings.
select name, id, retention_period_days, descriptionfrom oci_identity_tenancy;select name, id, retention_period_days, descriptionfrom oci_identity_tenancy;List tenancies with a retention period less than 365 days
Explore tenancies that have a retention period of less than a year to assess compliance with data retention policies and identify any potential areas of risk.
select name, id, retention_period_days, home_region_keyfrom oci_identity_tenancywhere retention_period_days < 365;select name, id, retention_period_days, home_region_keyfrom oci_identity_tenancywhere retention_period_days < 365;Query examples
- blockstorage_block_volume_age_report
- blockstorage_block_volume_by_compartment
- blockstorage_block_volume_by_tenancy
- blockstorage_block_volume_encryption_report
- blockstorage_block_volume_input
- blockstorage_block_volume_storage_by_compartment
- blockstorage_block_volume_storage_by_tenancy
- blockstorage_block_volume_unattached_report
- blockstorage_boot_volume_age_report
- blockstorage_boot_volume_by_compartment
- blockstorage_boot_volume_by_tenancy
- blockstorage_boot_volume_encryption_report
- blockstorage_boot_volume_input
- blockstorage_boot_volume_storage_by_compartment
- blockstorage_boot_volume_storage_by_tenancy
- blockstorage_boot_volume_unattached_report
- compartment_table
- compute_instance_age_report
- compute_instance_by_compartment
- compute_instance_by_tenancy
- compute_instance_input
- database_autonomous_database_input
- database_autonomous_db_age_report
- database_autonomous_db_by_compartment
- database_autonomous_db_by_tenancy
- filestorage_filesystem_age_report
- filestorage_filesystem_by_compartment
- filestorage_filesystem_by_tenancy
- filestorage_filesystem_input
- identity_api_key_age_report
- identity_customer_secret_key_age_report
- identity_group_input
- identity_groups_by_tenancy
- identity_user_input
- identity_user_mfa_report
- identity_users_by_tenancy
- key_vault_input
- kms_key_age_report
- kms_key_by_compartment
- kms_key_by_tenancy
- kms_key_input
- kms_vault_age_report
- kms_vault_by_compartment
- kms_vault_by_tenancy
- mysql_backup_age_report
- mysql_backup_by_compartment
- mysql_backup_by_tenancy
- mysql_backup_storage_by_compartment
- mysql_backup_storage_by_tenancy
- mysql_db_system_age_report
- mysql_db_system_by_compartment
- mysql_db_system_by_tenancy
- mysql_db_system_input
- mysql_db_system_storage_by_compartment
- mysql_db_system_storage_by_tenancy
- nosql_table_age_report
- nosql_table_by_compartment
- nosql_table_by_tenancy
- nosql_table_input
- objectstorage_bucket_age_report
- objectstorage_bucket_by_compartment
- objectstorage_bucket_by_tenancy
- objectstorage_bucket_encryption_report
- objectstorage_bucket_input
- objectstorage_bucket_lifecycle_report
- objectstorage_bucket_public_access_report
- oci_vcn_by_compartment
- oci_vcn_by_tenancy
- oci_vcn_security_groups_by_compartment
- oci_vcn_security_groups_by_tenancy
- oci_vcn_security_list_by_compartment
- oci_vcn_security_list_by_tenancy
- oci_vcn_subnet_by_compartment
- oci_vcn_subnet_by_tenancy
- ons_notification_topic_age_report
- ons_notification_topic_by_compartment
- ons_notification_topic_by_tenancy
- ons_notification_topic_input
- ons_subscription_age_report
- ons_subscription_by_compartment
- ons_subscription_by_tenancy
- tenancy_count
- tenancy_table
- vcn_input
- vcn_network_security_group_input
- vcn_security_list_input
- vcn_subnet_input
Control examples
- CIS v1.1.0 > 1 Identity and Access Management > 1.1 Ensure service level admins are created to manage resources of particular service
- CIS v1.1.0 > 1 Identity and Access Management > 1.2 Ensure permissions on all resources are given only to the tenancy administrator group
- CIS v1.1.0 > 1 Identity and Access Management > 1.3 Ensure IAM administrators cannot update tenancy Administrators group
- CIS v1.1.0 > 3 Logging and Monitoring > 3.1 Ensure audit log retention period is set to 365 days
- CIS v1.1.0 > 3 Logging and Monitoring > 3.17 Ensure write level Object Storage logging is enabled for all buckets
- CIS v1.1.0 > 3 Logging and Monitoring > 3.2 Ensure default tags are used on resources
- CIS v1.1.0 > 5 Asset Management > 5.1 Create at least one compartment in your tenancy to store cloud resources
- CIS v1.1.0 > 5 Asset Management > 5.2 Ensure no resources are created in the root compartment
- CIS v1.2.0 > 1 Identity and Access Management > 1.1 Ensure service level admins are created to manage resources of particular service
- CIS v1.2.0 > 1 Identity and Access Management > 1.13 Ensure Dynamic Groups are used for OCI instances, OCI Cloud Databases and OCI Function to access OCI resources
- CIS v1.2.0 > 1 Identity and Access Management > 1.14 Ensure storage service-level admins cannot delete resources they manage
- CIS v1.2.0 > 1 Identity and Access Management > 1.2 Ensure permissions on all resources are given only to the tenancy administrator group
- CIS v1.2.0 > 1 Identity and Access Management > 1.3 Ensure IAM administrators cannot update tenancy Administrators group
- CIS v1.2.0 > 1 Identity and Access Management > 1.5 Ensure IAM password policy expires passwords within 365 days
- CIS v1.2.0 > 1 Identity and Access Management > 1.6 Ensure IAM password policy prevents password reuse
- CIS v1.2.0 > 2 Networking > 2.6 Ensure Oracle Integration Cloud (OIC) access is restricted to allowed sources
- CIS v1.2.0 > 2 Networking > 2.7 Ensure Oracle Analytics Cloud (OAC) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- CIS v1.2.0 > 3 Logging and Monitoring > 3.1 Ensure audit log retention period is set to 365 days
- CIS v1.2.0 > 3 Logging and Monitoring > 3.17 Ensure write level Object Storage logging is enabled for all buckets
- CIS v1.2.0 > 3 Logging and Monitoring > 3.2 Ensure default tags are used on resources
- CIS v1.2.0 > 5 Asset Management > 5.1 Create at least one compartment in your tenancy to store cloud resources
- CIS v1.2.0 > 5 Asset Management > 5.2 Ensure no resources are created in the root compartment
- CIS v2.0.0 > 1 Identity and Access Management > 1.1 Ensure service level admins are created to manage resources of particular service
- CIS v2.0.0 > 1 Identity and Access Management > 1.14 Ensure Instance Principal authentication is used for OCI instances, OCI Cloud Databases and OCI Functions to access OCI resources
- CIS v2.0.0 > 1 Identity and Access Management > 1.15 Ensure storage service-level admins cannot delete resources they manage
- CIS v2.0.0 > 1 Identity and Access Management > 1.2 Ensure permissions on all resources are given only to the tenancy administrator group
- CIS v2.0.0 > 1 Identity and Access Management > 1.3 Ensure IAM administrators cannot update tenancy Administrators group
- CIS v2.0.0 > 1 Identity and Access Management > 1.5 Ensure IAM password policy expires passwords within 365 days
- CIS v2.0.0 > 1 Identity and Access Management > 1.6 Ensure IAM password policy prevents password reuse
- CIS v2.0.0 > 2 Networking > 2.6 Ensure Oracle Integration Cloud (OIC) access is restricted to allowed sources
- CIS v2.0.0 > 2 Networking > 2.7 Ensure Oracle Analytics Cloud (OAC) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- CIS v2.0.0 > 3 Compute > 3.2 Ensure Secure Boot is enabled on Compute Instance
- CIS v2.0.0 > 4 Logging and Monitoring > 4.1 Ensure default tags are used on resources
- CIS v2.0.0 > 4 Logging and Monitoring > 4.17 Ensure write level Object Storage logging is enabled for all buckets
- CIS v2.0.0 > 6 Asset Management > 6.1 Create at least one compartment in your tenancy to store cloud resources
- CIS v2.0.0 > 6 Asset Management > 6.2 Ensure no resources are created in the root compartment
Schema for oci_identity_tenancy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| compartment_id | text | The OCID of the compartment in Tenant in which the resource is located. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| description | text | The description of the tenancy. | |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| home_region_key | text | The region key for the tenancy's home region. | |
| id | text | The OCID of the tenancy. | |
| name | text | The name of the tenancy. | |
| retention_period_days | bigint | The retention period setting, specified in days. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| title | text | Title of the resource. | |
| upi_idcs_compatibility_layer_endpoint | text | Url which refers to the UPI IDCS compatibility layer endpoint configured for this Tenant's home region. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_identity_tenancy