Oracle Cloud Migrations IAM Policies
Create Identity and Access Management (IAM) policies to control who has access to Oracle Cloud Migrations (OCM) resources, and to control the type of access for each group of users.
By default, users in the
Administrators group have access to all the Oracle Cloud Migrations resources. If you are new to IAM policies, see
Getting Started with Policies.
This section explains the following topics:
Use variables when adding conditions to a policy.
The Migration service supports the following variables types:
- Entity: Oracle Cloud Identifier (OCID)
- String: Free-form text.
- List: List of Entity, or String
Variables are lowercase and hyphen-separated. For example,
name must be unique, and
display-name is the
Required variables are supplied by the Migration service for every request. Automatic variables are supplied by the authorization engine (either service-local with the SDK for a thick client, or on the Identity data plane for a thin client).
||Entity (OCID)||The OCID of the primary resource for the request.|
||String||The operation ID (for example,
||String||The resource kind name of the primary resource for the request.|
||Entity (OCID)||The OCID of the requesting user.|
||List of entities (OCIDs)||The OCIDs of the groups the requesting user is in.|
||String||The name of the compartment specified in
||Entity (OCID)||The OCID of the target tenant ID.|
||String||The value of each tag on a group of which the principal is a member.|
||String||The value of each tag on the compartment that contains the principal.|
||String||The value of each tag on the target resource. The variable is computed based on tagSlug supplied by service on each request.|
||String||The value of each tag on the compartment that contains the target resource. The variable is computed based on tagSlug supplied by service on each request.|
Creating a Policy
Review the steps required to create a policy.
Here's how you create a policy in the Oracle Cloud Console:
- Open the navigation menu and click Identity & Security. Under Identity, click Policies.
- Click Create Policy.
- Enter a name and description for the policy.
Under Policy Builder, click the Show manual
editor switch to enable the editor.
Enter a policy rule in the following format:
allow <resource_type> to <verb> in <compartment or tenancy details>
- Click Create.