Permissions to Generative AI Resources
This page lists the ways to access and set up authorization to OCI Generative AI resources.
Depending on user tasks and application use cases, you must set up access to Generative AI resources in the following categories:
- IAM Policies
- Give permission to user groups to access one or more OCI Generative AI resources.
- Give permission to OCI Generative AI resources to access other OCI services.
- Give permission to other OCI services to access OCI Generative AI resources.
- API keys
- Give access to OCI Generative AI models with unique service generated strings (API keys).
- Give access to OCI Generative AI API with unique service generated strings (API keys).
See API Keys.
- OAuth
OAuth is the only supported authentication type for agentic tasks and you must have an application in an OCI identity domain in advance to generate an auth token. Then information of this domain and its application is used to setup authentication configuration during Application creation.
- Create a domain in OCI identity domain and then create a secure applications the domain for agentic tasks.
- Set up OCI Generative AI applications that can access the domain application for agentic tasks.
- ZPR
- Create private endpoints in OCI Generative AI service.
- Add zero trust packet security to the private endpoints.
-
See Managing Security Attributes for Private Endpoints (PE)s.