若要將 Oracle Analytics 與 OCI Document Understanding 整合,請確定您具有必要的安全原則。
您在 Oracle Analytics Cloud 與 OCI 租用戶之間的連線指定的 OCI 使用者,對於包含您要使用之 OCI 資源的區間,必須具備讀取、寫入和刪除許可權。確定 OCI 使用者屬於具備以下最低 OCI 安全原則的使用者群組。當您從 Oracle Analytics 連線 OCI 租用戶時,可以使用 OCI API 金鑰或資源主體。
注意:對於資源主體,若要包含區間下的所有 Analytics 執行處理,請指定 {request.principal.type='analyticsinstance', request.principal.compartment.id='<compartmentA_ocid>'},而不是 {request.principal.id='<analytics_instance_ocid>'}。
表格 32-5 OCI Document Understanding 整合所需的安全原則
| API 金鑰原則 | 資源主體原則 |
|---|---|
Allow group <group_name> to manage ai-service-document-family in tenancy |
Allow any-user to manage ai-service-document-family in tenancy where all {request.principal.id='<analytics_instance_ocid>'} |
Allow group <group_name> to read buckets in compartment <compartment_name> |
Allow any-user to read buckets in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'} |
Allow group <group_name> to manage objects in compartment <compartment_name> where target.bucket.name='<staging_bucket_name>' |
Allow any-user to manage objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<staging_bucket_name>'} |
Allow group <group_name> to read objects in compartment <compartment_name> where target.bucket.name='<document_bucket_name>' |
Allow any-user to read objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<document_bucket_name>'} |
Allow group <group_name> to read objectstorage-namespaces in tenancy |
Allow any-user to read objectstorage-namespaces in tenancy where all {request.principal.id='<analytics_instance_ocid>'} |