Oracle Cloud Infrastructure Documentation

IAM Policy Details for Oracle Integration

This topic covers details for writing policies to control access to Oracle Integration.

Resource Types

These are the resources available for Oracle Integration:

  • integration-instance

Supported Variables

The integration-instance resource type can use the following variables.

Supported Variables Variable Variable Type Description

Required Variables Supplied by the Service for Every Request

 target.compartment.id ENTITY The OCID of the primary resource for the request.
request.operation STRING The operation id (for example 'GetUser') for the request.
target.resource.kind STRING The resource kind name of the primary resource for the request.

Automatic Variables Supplied by the SDK for Every Request

 request.user.id ENTITY For user-initiated requests. The OCID of the calling user.
request.groups.id LIST(ENTITY) For user-initiated requests. The OCIDs of the groups of request.user.id.
target.compartment.name STRING The name of the compartment specified in target.compartment.id.
target.tenant.id ENTITY The OCID of the target tenant id.
Additional Variables for Oracle Integration target.integration-instance.id ENTITY The OCID of the Oracle Integration instance that was created.

Details for Verb + Resource-Type Combinations

The following table shows the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage.

Verb Permissions APIs Fully Covered APIs Partially Covered
INSPECT
  • INTEGRATION_INSTANCE_INSPECT
  • ListIntegrationInstances
  • ListWorkRequests
 None
READ
  • Inherits from INSPECT:
    • INTEGRATION_INSTANCE_INSPECT
  • INTEGRATION_INSTANCE_READ
  • GetIntegrationInstance
  • GetWorkRequest
 None
USE
  • Inherits from READ:
    • INTEGRATION_INSTANCE_INSPECT
    • INTEGRATION_INSTANCE_READ
  • INTEGRATION_INSTANCE_UPDATE
  • UpdateIntegrationInstances
  • StartIntegrationInstance
  • StopIntegrationInstance
 None
MANAGE
  • Inherits from USE:
    • INTEGRATION_INSTANCE_INSPECT
    • INTEGRATION_INSTANCE_READ
    • INTEGRATION_INSTANCE_UPDATE
  • INTEGRATION_INSTANCE_CREATE
  • INTEGRATION_INSTANCE_DELETE
  • INTEGRATION_INSTANCE_MOVE
  • CreateIntegrationInstance
  • DeleteIntegrationInstance
  • ChangeIntegrationCompartment
 None

Permissions Required for Each API Operation

API Operation Permissions Required to Use the Operation

ListIntegrationInstances

 INTEGRATION_INSTANCE_INSPECT

GetIntegrationInstance

 INTEGRATION_INSTANCE_READ

CreateIntegrationInstance

 INTEGRATION_INSTANCE_CREATE

DeleteIntegrationInstance

 INTEGRATION_INSTANCE_DELETE

UpdateIntegrationInstances

 INTEGRATION_INSTANCE_UPDATE

StartIntegrationInstance

 INTEGRATION_INSTANCE_UPDATE

StopIntegrationInstance

 INTEGRATION_INSTANCE_UPDATE

ListWorkRequests

 INTEGRATION_INSTANCE_INSPECT

GetWorkRequest

 INTEGRATION_INSTANCE_READ

ChangeIntegrationCompartment

 INTEGRATION_INSTANCE_MOVE