Politikker, der kræves for at integrere OCI Document Understanding med Oracle Analytics

For at integrere Oracle Analytics med OCI Document Understanding skal du kontrollere, at du har de påkrævede sikkerhedspolitikker.

Den OCI-bruger, som du angiver i forbindelsen mellem Oracle Analytics Cloud og din OCI-leje, skal have læse-, skrive- og slettetilladelser til det rum, der indeholder de Data Science-modeller, som du vil bruge. Sørg for, at OCI-brugeren tilhører en brugergruppe med følgende minimumpolitikker for OCI-sikkerhed. Når du opretter forbindelse til en OCI-leje fra Oracle Analytics, kan du bruge en OCI-API-nøgle eller -ressourceprincipal.

Bemærk:

Oracle Cloud-id'er (OCID'er) er ressourceidentifikatorer, der bruges i OCI.

Bemærk:

For at inkludere alle Analytics-instanser under et rum for en ressourceprincipal skal du angive {request.principal.type='analyticsinstance', request.principal.compartment.id='<compartmentA_ocid>'} i stedet for {request.principal.id='<analytics_instance_ocid>'}.
Politikker for API-nøgle Politikker for ressourceprincipal
Allow group <group_name> to manage ai-service-document-family in tenancy Allow any-user to manage ai-service-document-family in tenancy where all {request.principal.id='<analytics_instance_ocid>'}
Allow group <group_name> to read buckets in compartment <compartment_name> Allow any-user to read buckets in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}
Allow group <group_name> to manage objects in compartment <compartment_name> where target.bucket.name='<staging_bucket_name>' Allow any-user to manage objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<staging_bucket_name>'}
Allow group <group_name> to read objects in compartment <compartment_name> where target.bucket.name='<document_bucket_name>' Allow any-user to read objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<document_bucket_name>'}
Allow group <group_name> to read objectstorage-namespaces in tenancy Allow any-user to read objectstorage-namespaces in tenancy where all {request.principal.id='<analytics_instance_ocid>'}