Oracle Cloud Infrastructure Documentation

Required IAM Policies

To use OCI, the publisher must be granted security access in a policy by an administrator. This access is required whether the publisher is using the Console or the REST API with an SDK, CLI, or other tool. If a publisher receives a message that they don't have permission or are unauthorized, they must verify with their administrator about the type of access they have and the compartment that they can work in.

For information about policies, see Getting Started with Policies and Common Policies.

Policies for Private Offer Partner-Publisher

The following policies enable the creation and management of private offers in the Marketplace. If the publisher wants to reduce the scope of access to a particular compartment, they must specify the compartment instead of the tenancy.
Note

Private offers exist at the tenancy level, so private offer policies must be scoped to the tenancy.

  • The following policy gives the specified example group the ability to list, view, create, update, delete, send, and withdraw private offers. To narrow down the specific actions for the example group, add or remove actions from the list.

    Allow group PrivateOfferPublisher to 
{MARKETPLACE_PUBLISHER_INSPECT,
MARKETPLACE_PUBLISHER_METADATA_INSPECT,
MARKETPLACE_OFFER_SELLER_INSPECT, MARKETPLACE_OFFER_READ,
MARKETPLACE_OFFER_DETAILS_READ, MARKETPLACE_OFFER_CREATE, 
MARKETPLACE_OFFER_UPDATE, MARKETPLACE_OFFER_DELETE, 
MARKETPLACE_OFFER_SEND, MARKETPLACE_OFFER_WITHDRAW} in tenancy

  • The same level of permission can also be achieved by using the manage verb with the marketplace-offers noun and additionally adding the inspect verb for the marketplace-publisher-resource.

    Allow group PrivateOfferPublisher to manage marketplace-offers in tenancy
Allow group PrivateOfferPublisher to inspect marketplace-publisher-resource in tenancy
Allow group PrivateOfferPublisher to inspect marketplace-publisher-metadata in tenancy

Policies for Private Offer Customer-Buyer

The following policies allow the customers to view and accept private offers in Marketplace.

Note

Private offers exist at the tenancy level, so private offer policies must be scoped to the tenancy.

  • The following policy gives the specified example group PrivateOfferBuyer the ability to list, view, and accept private offers. To narrow the specific actions for the example group, add or remove actions from the list

    Allow group PrivateOfferBuyer to {MARKETPLACE_OFFER_BUYER_INSPECT,
MARKETPLACE_OFFER_READ, MARKETPLACE_OFFER_ACCEPT} in tenancy

  • The same level of permission can also be achieved by using the manage verb along with the marketplace-offers noun.

    Allow group PrivateOfferBuyer to manage marketplace-offers in tenancy