Data Labeling Policies
To control who has access to Data Labeling, and the type of access for each group of users, you must create policies.
By default only the users in the Administrators
group have access to all
Data Labeling resources. For everyone else who's
involved with Data Labeling, you must set up policies that assign them proper rights to
Data Labeling resources.
For a complete list of Oracle Cloud Infrastructure policies, see policy reference for IAM without Identity Domains and IAM with Identity Domains.
Resource Kinds
Data Labeling has four resource kinds.
Resource Kind | Permissions |
---|---|
data-labeling-datasets/data-labeling-dataset |
DATA_LABELING_DATASET_READ DATA_LABELING_DATASET_INSPECT DATA_LABELING_DATASET_CREATE DATA_LABELING_DATASET_DELETE DATA_LABELING_DATASET_UPDATE DATA_LABELING_DATASET_MOVE |
data-labeling-records/data-labeling-record |
DATA_LABELING_RECORD_READ DATA_LABELING_RECORD_INSPECT DATA_LABELING_RECORD_CREATE DATA_LABELING_RECORD_DELETE DATA_LABELING_RECORD_UPDATE |
data-labeling-annotations/data-labeling-annotation |
DATA_LABELING_ANNOTATION_READ DATA_LABELING_ANNOTATION_INSPECT DATA_LABELING_ANNOTATION_CREATE DATA_LABELING_ANNOTATION_DELETE DATA_LABELING_ANNOTATION_UPDATE |
data-labeling-work-requests/data-labeling-work-request |
DATA_LABELING_WORK_REQUEST_INSPECT DATA_LABELING_WORK_REQUEST_READ DATA_LABELING_WORK_REQUEST_DELETE |
Resource-Principals
Data Labeling has one resource principal.
Service | Resource Principal Name |
---|---|
datalabeling |
|
Permissions Required for Each API Operation
The following table lists the API operations in a logical order, grouped by resource type.
For information about permissions, see permissions.
API Operation |
Permissions Required to Use the Operation |
---|---|
|
DATA_LABELING_DATASET_INSPECT |
|
DATA_LABELING_DATASET_CREATE |
|
DATA_LABELING_DATASET_DELETE |
|
DATA_LABELING_DATASET_READ |
UpdateDataset |
DATA_LABELING_DATASET_UPDATE |
|
DATA_LABELING_DATASET_UPDATE |
|
DATA_LABELING_DATASET_MOVE |
|
DATA_LABELING_DATASET_UPDATE |
|
DATA_LABELING_DATASET_UPDATE |
|
DATA_LABELING_DATASET_UPDATE |
|
DATA_LABELING_DATASET_UPDATE |
|
DATA_LABELING_DATASET_INSPECT |
|
DATA_LABELING_RECORD_INSPECT |
|
DATA_LABELING_RECORD_CREATE |
|
DATA_LABELING_RECORD_DELETE |
GetRecord |
DATA_LABELING_RECORD_READ |
GetRecordContent |
DATA_LABELING_RECORD_READ |
GetRecordPreviewContent |
DATA_LABELING_RECORD_READ |
UpdateRecord |
DATA_LABELING_RECORD_UPDATE |
SummarizeRecordAnalytics |
DATA_LABELING_RECORD_INSPECT |
ListAnnotations |
DATA_LABELING_ANNOTATION_INSPECT |
CreateAnnotation |
DATA_LABELING_ANNOTATION_CREATE |
DeleteAnnotation |
DATA_LABELING_ANNOTATION_DELETE |
GetAnnotation |
DATA_LABELING_ANNOTATION_READ |
UpdateAnnotation |
DATA_LABELING_ANNOTATION_UPDATE |
SummarizeAnnotationAnalytics |
DATA_LABELING_ANNOTATION_INSPECT |
ListWorkRequests |
DATA_LABELING_WORK_REQUEST_INSPECT DATA_LABELING_DATASET_INSPECT |
GetWorkRequest |
DATA_LABELING_WORK_REQUEST_READ DATA_LABELING_DATASET_READ |
ListWorkRequestLogs |
DATA_LABELING_WORK_REQUEST_READ |
ListWorkRequestErrors |
DATA_LABELING_WORK_REQUEST_READ |
Details for Verbs + Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb for
Data Labeling. The level of access is cumulative as you go from
inspect > read > use > manage
. A plus sign (+)
in a
table cell indicates incremental access compared to the cell directly above it, whereas "no
extra" indicates no incremental access.
Verb | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
INSPECT |
DATA_LABELING_DATASET_INSPECT |
|
none |
READ |
INSPECT + DATA_LABELING_DATASET_READ |
INSPECT +
|
none |
USE |
READ + DATA_LABELING_DATASET_UPDATE |
READ +
|
none |
MANAGE |
USE + DATA_LABELING_DATASET_CREATE, DATA_LABELING_DATASET_MOVE, DATA_LABELING_DATASET_DELETE |
USE +
|
none |
Verb | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
INSPECT |
DATA_LABELING_RECORD_INSPECT |
|
none |
READ |
INSPECT + DATA_LABELING_RECORD_READ |
INSPECT +
|
none |
USE |
READ + DATA_LABELING_RECORD_UPDATE |
READ +
|
none |
MANAGE |
USE+ DATA_LABELING_RECORD_CREATE, DATA_LABELING_RECORD_DELETE |
USE+
|
none |
Verb | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
INSPECT |
DATA_LABELING_ANNOTATION_INSPECT |
|
none |
READ |
INSPECT + DATA_LABELING_ANNOTATION_READ |
INSPECT +
|
none |
USE |
READ + DATA_LABELING_ANNOTATION_UPDATE |
READ +
|
none |
MANAGE |
USE+ DATA_LABELING_ANNOTATION_CREATE, DATA_LABELING_ANNOTATION_DELETE |
USE+
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
INSPECT |
DATA_LABELING_WORK_REQUEST_INSPECT |
|
none |
READ |
INSPECT + DATA_LABELING_WORK_REQUEST_READ |
INSPECT +
|
none |
For the aggregate
data-labeling-family
resource-type, all the APIs listed
in the preceding table apply.