Pravila potrebna za integriranje OCI razumijevanja dokumenata i servisa Oracle Analytics

Kako biste integrirali Oracle Analytics i OCI razumijevanje dokumenata, uvjerite se kako imate potrebna sigurnosna pravila.

OCI korisnik kojega definirate u vezi između servisa Oracle Analytics Cloud i svoje OCI klijentske particije mora imati dopuštenja za čitanje, pisanje i brisanje u odjeljku u kojem se nalaze OCI resursi koje želite upotrijebiti. Provjerite pripada li korisnik servisa OCI grupi korisnika koja ima sljedeća minimalna pravila OCI zaštite. Nakon što povežete OCI klijentsku particiju iz servisa Oracle Analytics, možete upotrijebiti OCI API ključ ili glavni resurs.

Bilješka:

ID-jevi servisa Oracle Cloud (OCID-ovi) identifikatori su resursa koji se upotrebljavaju u OCI-ju.

Bilješka:

Za glavni resurs, kako biste uključili sve instance servisa Analytics iz odjeljka, definirajte {request.principal.type='analyticsinstance', request.principal.compartment.id='<compartmentA_ocid>'} umjesto {request.principal.id='<analytics_instance_ocid>'}.
Pravila API ključa Pravila glavnog resursa
Allow group <group_name> to use ai-service-document-family in compartment <compartment_name>

Allow group <group_name> to manage ai-service-document-document-job in compartment <compartment_name>

Allow group <group_name> to manage ai-service-document-processor-job in compartment <compartment_name>

 Allow any-user to use ai-service-document-family in tenancy where all {request.principal.id='<analytics_instance_ocid>'}

Allow any-user to manage ai-service-document-document-job in tenancy where all {request.principal.id='<analytics_instance_ocid>'}

Allow any-user to manage ai-service-document-processor-job in tenancy where all {request.principal.id='<analytics_instance_ocid>'}
Allow group <group_name> to read buckets in compartment <compartment_name> Allow any-user to read buckets in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}
Allow group <group_name> to manage objects in compartment <compartment_name> where target.bucket.name='<staging_bucket_name>' Allow any-user to manage objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<staging_bucket_name>'}
Allow group <group_name> to read objects in compartment <compartment_name> where target.bucket.name='<document_bucket_name>' Allow any-user to read objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<document_bucket_name>'}
Allow group <group_name> to read objectstorage-namespaces in tenancy Allow any-user to read objectstorage-namespaces in tenancy where all {request.principal.id='<analytics_instance_ocid>'}