服務原則

您可以使用授權原則來控制對租用戶中資源的存取權。例如，您可以建立授權使用者建立及管理 Oracle Content Management 執行處理的原則。

您可以使用「基礎架構主控台」來建立原則。請參閱管理原則。

下列資訊與 Oracle Content Management 服務原則相關：

Oracle Content Management 的資源類型

此表格列出 Oracle Content Management 的資源類型。

資源類型	描述
oce-instance	單一 Oracle Content Management 執行處理。
oce-instances	一或多個 Oracle Content Management 執行處理。
oce-workrequest	單一 Oracle Content Management 工作要求。您對 Oracle Content Management 執行處理執行的每項作業都會建立一個工作要求。例如，建立、更新、終止等作業。
oce-workrequests	一或多個 Oracle Content Management 工作要求。

支援的變數

這些變數的值由 Oracle Content Management 提供。此外，也支援其他一般變數。請參閱所有要求的一般變數。

此表格列出 Oracle Content Management 支援的變數。

變數	類型	描述	範例值
target.compartment.id	實體	要求之主要資源的 OCID。	target.compartment.id = 'ocid1.compartment.oc1..<unique_ID>'
request.operation	字串	要求的作業 ID (例如，'GetUser')。	request.operation = 'ocid1.compartment.oc1..<unique_ID>'
target.resource.kind	字串	要求之主要資源的資源種類名稱。	target.resource.kind = 'ocid1.contentexperiencecloudservice.oc1..<unique_ID>'

動詞與資源類型組合的詳細資訊

Oracle Cloud Infrastructure 提供一組標準動詞來定義所有 Oracle Cloud Infrastructure 資源的權限 (檢查、讀取、使用、管理)。這些表格列出與每個動詞相關的 Oracle Content Management 權限。因為您會依序具備檢查、讀取、使用和管理權限，所以存取層級是累加的。

INSPECT

資源類型	INSPECT 權限
oce-instance oce-instances	OCE_INSTANCE_INSPECT
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_WORKREQUEST_INSPECT

READ

資源類型	READ 權限
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

USE

資源類型	USE 權限
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_UPDATE
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_UPDATE OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

MANAGE

資源類型	MANAGE 權限
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_CREATE OCE_INSTANCE_UPDATE OCE_INSTANCE_DELETE
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_CREATE OCE_INSTANCE_UPDATE OCE_INSTANCE_DELETE OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

每個 API 作業所需的權限

此表格顯示 Oracle Content Management 適用的 API 作業，並依資源類型分組。

REST API 作業	CLI 命令作業	使用作業所需的權限
ListOceInstances	oce-instance list	OCE_INSTANCE_INSPECT
GetOceInstance	oce-instance get	OCE_INSTANCE_READ
CreateOceInstance	oce-instance create	OCE_INSTANCE_CREATE
DeleteOceInstance	oce-instance delete	OCE_INSTANCE_DELETE
UpdateOceInstance	oce-instance update	OCE_INSTANCE_UPDATE
ChangeOceInstanceCompartment	oce-instance change-compartment	OCE_INSTANCE_UPDATE
ListWorkRequests	work-request list	OCE_INSTANCE_WORKREQUEST_INSPECT
GetWorkRequest	work-request get	OCE_INSTANCE_WORKREQUEST_READ
ListWorkRequestErrors	work-request-error list	OCE_INSTANCE_WORKREQUEST_INSPECT
ListWorkRequestLogs	work-request-log list	OCE_INSTANCE_WORKREQUEST_INSPECT

可用以管理 Oracle Content Management 執行處理的原則敘述句範例

以下是您可以用來授權存取 Oracle Content Management 執行處理的一般原則敘述句。

當您建立租用戶的原則時，請以原則繼承的方式，將所有區間的存取權授予使用者。您也可以限制對個別 Oracle Content Management 執行處理或區間的存取。

讓「管理員」群組中的使用者完全管理任何 Oracle Content Management 執行處理

# Full admin permissions (CRUD)
allow group Administrators to manage oce-instances in tenancy
allow group Administrators to manage oce-workrequests in tenancy

# Full admin permissions (CRUD) using family
allow group Administrators to manage oce-instance-family in tenancy

讓 group1 群組中的使用者檢查任何 Oracle Content Management 執行處理和相關聯的工作要求

# Inspect permissions (list oce instances and work requests) using metaverbs:
allow group group1 to inspect oce-instances in tenancy
allow group group1 to inspect oce-workrequests in tenancy

# Inspect permissions (list oce instances and work requests) using permission names:
allow group group1 to {OCE_INSTANCE_INSPECT} in tenancy
allow group group1 to {OCE_INSTANCE_WORKREQUEST_INSPECT} in tenancy

讓 group2 群組中的使用者讀取任何 Oracle Content Management 執行處理和相關聯工作要求的詳細資訊

# Read permissions (read complete oce instance and work request metadata) using metaverbs:
allow group group2 to read oce-instances in tenancy
allow group group2 to read oce-workrequests in tenancy

# Read permissions (read complete oce instance and work request metadata) using permission names:
allow group group2 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ} in tenancy
allow group group2 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy

讓 group3 群組中的使用者讀取所有 Oracle Content Management 執行處理和相關聯的工作要求

# Use permissions (read on oce instance, read on work request) using metaverbs:
allow group group3 to use oce-instances in tenancy
allow group group3 to read oce-workrequests in tenancy

# Use permissions (read on oce instance, read on work request) using permission names:
allow group group3 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ, OCE_INSTANCE_UPDATE} in tenancy
allow group group3 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy

讓 group4 群組中的使用者管理任何 Oracle Content Management 執行處理和相關聯的工作要求

# Manage permissions (use/delete on oce instance, read/cancel on work request) using metaverbs:
allow group group4 to manage oce-instances in tenancy
allow group group4 to manage oce-workrequests in tenancy

# Manage permissions (use/delete on oce instance, read/cancel on work request) using permission names:
allow group group4 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ, OCE_INSTANCE_UPDATE,OCE_INSTANCE_CREATE, OCE_INSTANCE_DELETE} in tenancy
allow group group4 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy