Tjenestepolitikker

Du bruger autorisationspolitikker til at styre adgang til ressourcer i din arkitektur. Du kan for eksempel oprette en politik, der autoriserer, at brugere opretter og håndterer Oracle Content Management-instanser.

Du opretter politikker ved hjælp af Infrastructure-konsollen Se Managing Policies.

Følgende oplysninger vedrører tjenestepolitikker for Oracle Content Management:

Ressourcetyper for Oracle Content Management

Denne tabel viser ressourcetyperne for Oracle Content Management.

Ressourcetype	Beskrivelse
oce-instance	En enkelt instans af Oracle Content Management.
oce-instances	En eller flere instanser af Oracle Content Management.
oce-workrequest	En enkelt arbejdsanmodning for Oracle Content Management. Hver operation, som du udfører på en instans af Oracle Content Management, opretter en arbejdsanmodning. For eksempel operationer som opret, opdater, afslut og så videre.
oce-workrequests	En eller flere arbejdsanmodninger for Oracle Content Management.

Understøttede variabler

Værdierne af disse variabler leveres af Oracle Content Management. Derudover understøttes andre generelle variabler. Se Generelle variabler for alle anmodninger.

Denne tabel viser de understøttede variabler for Oracle Content Management.

Variabel	Type	Beskrivelse	Eksempelværdi
target.compartment.id	Entitet	OCID'et for den primære ressource for anmodningen.	target.compartment.id = 'ocid1.compartment.oc1..<unique_ID>'
request.operation	Streng	Operations-ID'et (for eksempel 'GetUser') for anmodningen.	request.operation = 'ocid1.compartment.oc1..<unique_ID>'
target.resource.kind	Streng	Ressourcetypenavnet for den primære ressource for anmodningen.	target.resource.kind = 'ocid1.contentexperiencecloudservice.oc1..<unique_ID>'

Detaljer om kombinationer af verber og ressourcetyper

Oracle Cloud Infrastructure har et standardsæt af verber til at definere tilladelser på tværs af Oracle Cloud Infrastructure ressourcer (Inspicer, Læs, Brug, Håndter). Disse tabeller viser de Oracle Content Management-tilladelser, der er associeret med hvert verbum. Adgangsniveauet er kumulativt, mens du går fra Inspect til Read til Use til Manage.

INSPECT

Ressourcetype	INSPECT-tilladelser
oce-instance oce-instances	OCE_INSTANCE_INSPECT
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_WORKREQUEST_INSPECT

READ

Ressourcetype	READ-tilladelser
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

USE

Ressourcetype	USE-tilladelser
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_UPDATE
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_UPDATE OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

MANAGE

Ressourcetype	MANAGE-tilladelser
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_CREATE OCE_INSTANCE_UPDATE OCE_INSTANCE_DELETE
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_CREATE OCE_INSTANCE_UPDATE OCE_INSTANCE_DELETE OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

Tilladelser, der kræves til hver enkelt API-operation

Denne tabel viser de tilgængelige API-operationer for Oracle Content Management, grupperet efter ressourcetype.

REST-API-operation	CLI-kommando-operation	Tilladelse, der kræves for at bruge operationen
ListOceInstances	oce-instance list	OCE_INSTANCE_INSPECT
GetOceInstance	oce-instance get	OCE_INSTANCE_READ
CreateOceInstance	oce-instance create	OCE_INSTANCE_CREATE
DeleteOceInstance	oce-instance delete	OCE_INSTANCE_DELETE
UpdateOceInstance	oce-instance update	OCE_INSTANCE_UPDATE
ChangeOceInstanceCompartment	oce-instance change-compartment	OCE_INSTANCE_UPDATE
ListWorkRequests	work-request list	OCE_INSTANCE_WORKREQUEST_INSPECT
GetWorkRequest	work-request get	OCE_INSTANCE_WORKREQUEST_READ
ListWorkRequestErrors	work-request-error list	OCE_INSTANCE_WORKREQUEST_INSPECT
ListWorkRequestLogs	work-request-log list	OCE_INSTANCE_WORKREQUEST_INSPECT

Eksempler på politikerklæringer til håndtering af Oracle Content Management-instanser

Her er nogle typiske politikerklæringer, som du kan bruge til at autorisere adgang tilOracle Content Management-instanser.

Når du opretter en politik for din lejer, tildeler du brugerne adgang til alle rum via nedarvning af politik. Som et alternativ kan du begrænse adgangen til individuelle Oracle Content Management-instanser eller -rum.

Lad brugere i gruppen Administrators håndtere enhver Oracle Content Management-instans

# Full admin permissions (CRUD)
allow group Administrators to manage oce-instances in tenancy
allow group Administrators to manage oce-workrequests in tenancy

# Full admin permissions (CRUD) using family
allow group Administrators to manage oce-instance-family in tenancy

Lad brugere i gruppen group1 inspicere enhver instans af Oracle Content Management og de tilknyttede arbejdsanmodninger

# Inspect permissions (list oce instances and work requests) using metaverbs:
allow group group1 to inspect oce-instances in tenancy
allow group group1 to inspect oce-workrequests in tenancy

# Inspect permissions (list oce instances and work requests) using permission names:
allow group group1 to {OCE_INSTANCE_INSPECT} in tenancy
allow group group1 to {OCE_INSTANCE_WORKREQUEST_INSPECT} in tenancy

Lad brugere i gruppen group2 læse detaljer om enhver instans af Oracle Content Management og de tilknyttede arbejdsanmodninger

# Read permissions (read complete oce instance and work request metadata) using metaverbs:
allow group group2 to read oce-instances in tenancy
allow group group2 to read oce-workrequests in tenancy

# Read permissions (read complete oce instance and work request metadata) using permission names:
allow group group2 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ} in tenancy
allow group group2 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy

Lad brugere i gruppen group3 læse alle instanser af Oracle Content Management og de tilknyttede arbejdsanmodninger

# Use permissions (read on oce instance, read on work request) using metaverbs:
allow group group3 to use oce-instances in tenancy
allow group group3 to read oce-workrequests in tenancy

# Use permissions (read on oce instance, read on work request) using permission names:
allow group group3 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ, OCE_INSTANCE_UPDATE} in tenancy
allow group group3 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy

Lad brugere i gruppen group4 håndtere enhver instans af Oracle Content Management og de tilknyttede arbejdsanmodninger

# Manage permissions (use/delete on oce instance, read/cancel on work request) using metaverbs:
allow group group4 to manage oce-instances in tenancy
allow group group4 to manage oce-workrequests in tenancy

# Manage permissions (use/delete on oce instance, read/cancel on work request) using permission names:
allow group group4 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ, OCE_INSTANCE_UPDATE,OCE_INSTANCE_CREATE, OCE_INSTANCE_DELETE} in tenancy
allow group group4 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy