Service Limits, Quotas, Policies, and Events

This section describes Oracle Content and Experience service limits, quotas, policies, and events.

Service Limits

Oracle Content and Experience has various default limits. Whenever you create an Oracle Content and Experience instance, the system ensures that your request is within the bounds of your limit.

If necessary, you can submit a request to increase your limits in the Infrastructure Console from the Limits, Quotas, and Usage page. See About Service Limits and Usage.

This table lists the default service limits for Oracle Content and Experience.

Resource Limit	Limit Short Names	Default Value	Description
Oracle Content and Experience Service Max	max-services-count-per-tenant	100	Maximum number of Oracle Content and Experience instances you can create per tenant.

Service Quotas

You can use quotas to determine how other users allocate Oracle Content and Experience resources across compartments in Oracle Cloud Infrastructure. Whenever you create an Oracle Content and Experience instance, the system ensures that your request is within the bounds of the quota for that compartment.

You can manage the service quotas in the Infrastructure Console from the compartment detail page. See About Compartment Quotas.

This table lists the service quotas for Oracle Content and Experience.

Quota Name	Scope	Description
oce-instance-count	Regional	Number of Oracle Content and Experience instances

Example Quota Statements for Oracle Content and Experience

Limit the number of Oracle Content and Experience instances that users can create in MyCompartment to 10.
```
Set oce quota oce-instance-count to 10 in compartment MyCompartment
```

Service Policies

You use authorization policies to control access to resources in your tenancy. For example, you can create a policy that authorizes users to create and manage Oracle Content and Experience instances.

You create policies using the Infrastructure Console. See Managing Policies.

The following information pertains to service policies for Oracle Content and Experience:

Resource Types for Oracle Content and Experience

This table lists the resource types for Oracle Content and Experience.

Resource Type	Description
oce-instance	A single Oracle Content and Experience instance.
oce-instances	One or more Oracle Content and Experience instances.
oce-workrequest	A single work request for Oracle Content and Experience. Each operation you perform on an Oracle Content and Experience instance, creates a work request. For example, operations such as create, update, terminate, and so on.
oce-workrequests	One or more work requests for Oracle Content and Experience.

Supported Variables

The values of these variables are supplied by Oracle Content and Experience. In addition, other general variables are supported. See General Variables for All Requests.

This table lists the supported variables for Oracle Content and Experience.

Variable	Type	Description	Sample Value
target.compartment.id	entity	The OCID of the primary resource for the request.	target.compartment.id = 'ocid1.compartment.oc1..<unique_ID>'
request.operation	string	The operation id (for example, 'GetUser') for the request.	request.operation = 'ocid1.compartment.oc1..<unique_ID>'
target.resource.kind	string	The resource kind name of the primary resource for the request.	target.resource.kind = 'ocid1.contentexperiencecloudservice.oc1..<unique_ID>'

Details for Verb and Resource-Type Combinations

Oracle Cloud Infrastructure offers a standard set of verbs to define permissions across Oracle Cloud Infrastructure resources (Inspect, Read, Use, Manage). These tables list the Oracle Content and Experience permissions associated with each verb. The level of access is cumulative as you go from Inspect to Read to Use to Manage.

INSPECT

Resource Type	INSPECT Permissions
oce-instance oce-instances	OCE_INSTANCE_INSPECT
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_WORKREQUEST_INSPECT

READ

Resource Type	READ Permissions
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

USE

Resource Type	USE Permissions
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_UPDATE
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_UPDATE OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

MANAGE

Resource Type	MANAGE Permissions
oce-instance oce-instances	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_CREATE OCE_INSTANCE_UPDATE OCE_INSTANCE_DELETE
oce-workrequest oce-workrequests	OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ
oce-instance-family	OCE_INSTANCE_INSPECT OCE_INSTANCE_READ OCE_INSTANCE_CREATE OCE_INSTANCE_UPDATE OCE_INSTANCE_DELETE OCE_INSTANCE_WORKREQUEST_INSPECT OCE_INSTANCE_WORKREQUEST_READ

Permissions Required for Each API Operation

This table shows the API operations available for Oracle Content and Experience, grouped by resource type.

REST API Operation	CLI Command Operation	Permission Required to Use the Operation
ListOceInstances	oce-instance list	OCE_INSTANCE_INSPECT
GetOceInstance	oce-instance get	OCE_INSTANCE_READ
CreateOceInstance	oce-instance create	OCE_INSTANCE_CREATE
DeleteOceInstance	oce-instance delete	OCE_INSTANCE_DELETE
UpdateOceInstance	oce-instance update	OCE_INSTANCE_UPDATE
ChangeOceInstanceCompartment	oce-instance change-compartment	OCE_INSTANCE_UPDATE
ListWorkRequests	work-request list	OCE_INSTANCE_WORKREQUEST_INSPECT
GetWorkRequest	work-request get	OCE_INSTANCE_WORKREQUEST_READ
ListWorkRequestErrors	work-request-error list	OCE_INSTANCE_WORKREQUEST_INSPECT
ListWorkRequestLogs	work-request-log list	OCE_INSTANCE_WORKREQUEST_INSPECT

Example Policy Statements to Manage Oracle Content and Experience Instances

Here are typical policy statements that you might use to authorize access to Oracle Content and Experience instances.

When you create a policy for your tenancy, you grant users access to all compartments by way of policy inheritance. Alternatively, you can restrict access to individual Oracle Content and Experience instances or compartments.

Let users in the Administrators group fully manage any Oracle Content and Experience instance

# Full admin permissions (CRUD)
allow group Administrators to manage oce-instances in tenancy
allow group Administrators to manage oce-workrequests in tenancy

# Full admin permissions (CRUD) using family
allow group Administrators to manage oce-instance-family in tenancy

Let users in the group1 group inspect any Oracle Content and Experience instance and their associated work requests

# Inspect permissions (list oce instances and work requests) using metaverbs:
allow group group1 to inspect oce-instances in tenancy
allow group group1 to inspect oce-workrequests in tenancy

# Inspect permissions (list oce instances and work requests) using permission names:
allow group group1 to {OCE_INSTANCE_INSPECT} in tenancy
allow group group1 to {OCE_INSTANCE_WORKREQUEST_INSPECT} in tenancy

Let users in the group2 group read details about any Oracle Content and Experience instance and their associated work requests

# Read permissions (read complete oce instance and work request metadata) using metaverbs:
allow group group2 to read oce-instances in tenancy
allow group group2 to read oce-workrequests in tenancy

# Read permissions (read complete oce instance and work request metadata) using permission names:
allow group group2 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ} in tenancy
allow group group2 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy

Let users in the group3 group read all Oracle Content and Experience instances and read their associated work requests

# Use permissions (read on oce instance, read on work request) using metaverbs:
allow group group3 to use oce-instances in tenancy
allow group group3 to read oce-workrequests in tenancy

# Use permissions (read on oce instance, read on work request) using permission names:
allow group group3 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ, OCE_INSTANCE_UPDATE} in tenancy
allow group group3 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy

Let users in the group4 group manage any Oracle Content and Experience instance and their associated work requests

# Manage permissions (use/delete on oce instance, read/cancel on work request) using metaverbs:
allow group group4 to manage oce-instances in tenancy
allow group group4 to manage oce-workrequests in tenancy

# Manage permissions (use/delete on oce instance, read/cancel on work request) using permission names:
allow group group4 to {OCE_INSTANCE_INSPECT, OCE_INSTANCE_READ, OCE_INSTANCE_UPDATE,OCE_INSTANCE_CREATE, OCE_INSTANCE_DELETE} in tenancy
allow group group4 to {OCE_INSTANCE_WORKREQUEST_INSPECT, OCE_INSTANCE_WORKREQUEST_READ} in tenancy

Service Events

Actions that you perform on Oracle Content and Experience instances emit events. You can use the Infrastructure Console to define rules that trigger a specific action when an event occurs. For example, you might define a rule that sends a notification to administrators when someone deletes an instance. See Overview of Events and Get Started with Events.

This table lists the Oracle Content and Experience events that you can reference.

Event Name	Event Type
GetOceInstance	com.oraclecloud.oce.GetOceInstance
ListOceInstances	com.oraclecloud.oce.ListOceInstances
ChangeOceInstanceCompartment (begin)	com.oraclecloud.oce.ChangeOceInstanceCompartment.begin
ChangeOceInstanceCompartment (end)	com.oraclecloud.oce.ChangeOceInstanceCompartment.end
CreateOceInstance (begin)	com.oraclecloud.oce.CreateOceInstance.begin
CreateOceInstance (end)	com.oraclecloud.oce.CreateOceInstance.end
DeleteOceInstance (begin)	com.oraclecloud.oce.DeleteOceInstance.begin
DeleteOceInstance (end)	com.oraclecloud.oce.DeleteOceInstance.end
UpdateOceInstance (begin)	com.oraclecloud.oce.UpdateOceInstance.begin
UpdateOceInstance (end)	com.oraclecloud.oce.UpdateOceInstance.end

Example

This example shows information associated with the event CreateOceInstance (begin):

{
  "eventType": "com.oraclecloud.oce.CreateOceInstance.begin",
  "cloudEventsVersion": "0.1",
  "eventTypeVersion": "2.0",
  "source": "oce",
  "eventId": "<unique_ID>",
  "eventTime": "2019-10-10T04:33:06.133Z",
  "contentType": "application/json",
  "data": {
    "eventGroupingId": "ocid1.coreservicesworkrequest.oc1..<unique_ID>",
    "eventName": "CreateOceInstance",
    "compartmentId": "ocid1.compartment.oc1..<unique_ID>",
    "compartmentName": "my_compartment",
    "resourceName": "my_oce",
    "resourceId": "ocid1.contentexperiencecloudservice.oc1..<unique_ID>",
    "availabilityDomain": "<availability_domain>",
    "freeformTags": null,
    "definedTags": null,
    "identity": {
      "principalName": "admin",
      "principalId": "ocid1.user.oc1..<unique_ID>",
      "authType": "natv",
      "callerName": null,
      "callerId": null,
      "tenantId": "ocid1.tenancy.oc1..<unique_ID>",
      "ipAddress": "<ip_address>",
      "credentials": "ocid1.tenancy.oc1..<unique_ID>/ocid1.user.oc1..<unique_ID>",
      "userAgent": null,
      "consoleSessionId": null
    },
...

Oracle Cloud Infrastructure Documentation