Beispiele für Policy-Anweisungen zur Verwaltung von Analytics Cloud-Instanzen

In diesem Abschnitt finden Sie typische Policy-Anweisungen, mit denen Sie den Zugriff auf Oracle Analytics Cloud-Instanzen autorisieren können.

Wenn Sie eine Policy für Ihren Mandanten erstellen, erteilen Sie Benutzern durch Vererbung der Policy Zugriffsberechtigungen auf alle Compartments. Alternativ können Sie den Zugriff auf einzelne Oracle Analytics Cloud-Instanzen oder -Compartments einschränken.

Benutzer in der Administratorengruppe können jede Analytics-Instanz vollständig verwalten

# Full manage permissions (Create, View, Update, Delete, Scale, Start, Stop...)
allow group Administrators to manage analytics-instances in tenancy
allow group Administrators to manage analytics-instance-work-requests in tenancy

Benutzer in der analytics_power_users-Gruppe können alle Analytics-Instanzen im Compartment MyOACProduction lesen, starten und stoppen

# Use permissions (List, Get, Start, Stop)
allow group analytics_power_users to use analytics-instances in compartment MyOACProduction

Benutzer in der analytics_test_users-Gruppe können eine einzelne Analytics-Instanz (myanalytics_1) im Compartment MyOACTest erstellen und verwalten

# Full manage permissions on a single instance
allow group analytics_test_users to manage analytics-instances in compartment MyOACTest where target.analytics-instances.name = 'myanalytics_1'

Benutzer in der analytics_power_users-Gruppe können Analytics-Instanzen zwischen zwei benannten Compartments verschieben

# Custom permissions to move instances between two specific compartments.
allow group analytics_power_users to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_MOVE} in tenancy
where all {
        target.analytics-instance.source-compartment.id =
        'ocid1.compartment.oc1..aaa100',
        target.analytics-instance.destination-compartment.id =
        'ocid1.compartment.oc1..aaa200'
  }

Benutzer in der analytics_users-Gruppe können alle Analytics-Instanzen und ihre zugeordneten Arbeitsanforderungen prüfen

# Inspect permissions (list analytics instances and work requests) using metaverbs.
allow group analytics_users to inspect analytics-instances in tenancy
allow group analytics_users to inspect analytics-instance-work-requests in tenancy

# Inspect permissions (list analytics instances and work requests) using permission names.
allow group analytics_users to {ANALYTICS_INSTANCE_INSPECT} in tenancy
allow group analytics_users to {ANALYTICS_INSTANCE_WR_INSPECT} in tenancy

Benutzer in der analytics_users2-Gruppe können Details zu allen Analytics-Instanzen und den zugehörigen Arbeitsanforderungen lesen

# Read permissions (read complete analytics instance and work request metadata) using metaverbs.
allow group analytics_users2 to read analytics-instances in tenancy
allow group analytics_users2 to read analytics-instance-work-requests in tenancy

# Read permissions (read complete analytics instance and work request metadata) using permission names.
allow group analytics_users2 to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ} in tenancy
allow group analytics_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in tenancy

Benutzern in der Gruppe analytics_users2 das Anzeigen von Performancemetriken für jede Analytics-Instanz in einem benannten Compartment erlauben

# View performance metrics permissions
allow group analytics_users2 to read metrics in compartment myOACProduction

Benutzer in der analytics_power_users2-Gruppe können alle Analytics-Instanzen lesen, starten und stoppen und die zugehörigen Arbeitsanforderungen lesen

# Use permissions (read, stop, start on analytics instance, read on work request) using metaverbs.
allow group analytics_power_users2 to use analytics-instances in tenancy
allow group analytics_power_users2 to read analytics-instance-work-requests in tenancy

# Use permissions (read, stop, start on analytics instance, read on work request) using permission names.

allow group
        analytics_power_users2 to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE} in
        tenancy
allow group
        analytics_power_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in
        tenancy

Benutzer in der Administrators2-Gruppe können alle Analytics-Instanzen und die zugehörigen Arbeitsanforderungen verwalten

# Full manage permissions (use, scale, delete on analytics instance, read and cancel on work request) using metaverbs.
allow group Administrators2 to manage analytics-instances in tenancy
allow group Administrators2 to manage analytics-instance-work-requests in tenancy

# Full manage permissions (use, create, scale, delete on analytics instance, read and cancel on work request) using permission names.

allow group 
        Administrators2 to
        {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE,
        ANALYTICS_INSTANCE_CREATE, ANALYTICS_INSTANCE_DELETE, ANALYTICS_INSTANCE_UPDATE,
        ANALYTICS_INSTANCE_MOVE, ANALYTICS_INSTANCE_MANAGE} in 
        tenancy
allow group
        Administrators2 to 
        {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ, ANALYTICS_INSTANCE_WR_DELETE} in
        tenancy

Oracle Cloud Infrastructure - Dokumentation

Beispiele für Policy-Anweisungen zur Verwaltung von Analytics Cloud-Instanzen