About Anomaly Detection Policies

Learn about the resource policies including API permissions.

To control who has access to Anomaly Detection, and the type of access for each group of users, you must create policies. By default, only the users in the Administrators group have access to all Anomaly Detection resources.

For everyone else who's using the service, you must create policies that assign them proper rights to Anomaly Detection resources. For a complete list of OCI policies, see Policy Reference.

Resource Types

Anomaly Detection offers both aggregate and individual resource-types for writing policies. You can use aggregate resource types to write fewer policies. For example, instead of allowing a group to manage all individual resource types, you can have a policy that allows the group to manage the aggregate resource type, ai-service-anomaly-detection-family.

Individual Resource Types
ai-service-anomaly-detection-model

ai-service-anomaly-detection-project

ai-service-anomaly-detection-data-asset

ai-service-anomaly-detection-private-endpoint
Aggregate Resource Type
ai-service-anomaly-detection-family

Example Policies

Allow users to manage all Anomaly Detection resources using the aggregate resource:

allow <a-user> to manage ai-service-anomaly-detection-family in <tenancy>

These policies control user access by theAnomaly Detection resources:

allow <a-user> to manage ai-service-anomaly-detection-project in <tenancy>
allow <a-user> to manage ai-service-anomaly-detection-model in <tenancy>
allow <a-user> to manage ai-service-anomaly-detection-data-asset in <tenancy>
allow <a-user> to manage ai-service-anomaly-detection-private-endpoint in <tenancy>

Resource Types and Permissions

Resource Permissions
ai-service-anomaly-detection-model AI_SERVICE_ANOMALY_DETECTION_MODEL_INSPECT
AI_SERVICE_ANOMALY_DETECTION_MODEL_CREATE
AI_SERVICE_ANOMALY_DETECTION_MODEL_READ
AI_SERVICE_ANOMALY_DETECTION_MODEL_UPDATE
AI_SERVICE_ANOMALY_DETECTION_MODEL_DELETE
AI_SERVICE_ANOMALY_DETECTION_MODEL_MOVE
AI_SERVICE_ANOMALY_DETECTION_MODEL_INFER
ai-service-anomaly-detection-project AI_SERVICE_ANOMALY_DETECTION_PROJECT_INSPECT
AI_SERVICE_ANOMALY_DETECTION_PROJECT_CREATE
AI_SERVICE_ANOMALY_DETECTION_PROJECT_READ
AI_SERVICE_ANOMALY_DETECTION_PROJECT_UPDATE
AI_SERVICE_ANOMALY_DETECTION_PROJECT_DELETE
AI_SERVICE_ANOMALY_DETECTION_PROJECT_MOVE
ai-service-anomaly-detection-data-asset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_INSPECT
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_CREATE
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_READ
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_UPDATE
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_DELETE
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_MOVE
ai-service-anomaly-detection-private-endpoint AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_INSPECT
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_CREATE
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_READ
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_UPDATE
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_DELETE
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_MOVE

Permissions Required for Each API Operation

You can use the individual resource types with API calls to interact with the service.

The following table lists the API operations for the Anomaly Detection service in a logical order, grouped by resource type, and the permissions required for resource types:

API Operation Permission

CreateProject

AI_SERVICE_ANOMALY_DETECTION_PROJECT_CREATE
GetProject AI_SERVICE_ANOMALY_DETECTION_PROJECT_READ
UpdateProject AI_SERVICE_ANOMALY_DETECTION_PROJECT_UPDATE
DeleteProject AI_SERVICE_ANOMALY_DETECTION_PROJECT_DELETE
ChangeProjectCompartment AI_SERVICE_ANOMALY_DETECTION_PROJECT_MOVE
CreateDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_CREATE
ListDataAssets AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_LIST
GetDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_READ
UpdateDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_UPDATE
DeleteDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_DELETE
ChangeDataAssetCompartment AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_MOVE
CreateModel AI_SERVICE__ANOMALY_DETECTION_MODEL_CREATE
ListModels AI_SERVICE_ANOMALY_DETECTION_MODEL_INSPECT
GetModel AI_SERVICE__ANOMALY_DETECTION_MODEL_READ
UpdateModel AI_SERVICE__ANOMALY_DETECTION_MODEL_UPDATE
DeleteModel AI_SERVICE__ANOMALY_DETECTION_MODEL_DELETE
ChangeModelCompartment AI_SERVICE__ANOMALY_DETECTION_MODEL_MOVE
DetectAnomalies AI_SERVICE_ANOMALY_DETECTION_MODEL_INFER