1. Visualizing Data and Building Reports in Oracle Analytics Cloud
  2. Reference
  3. Data Preparation Reference
  4. Integrate Oracle Analytics with OCI Document Understanding
  5. Policies Required to Integrate OCI Document Understanding with Oracle Analytics

Policies Required to Integrate OCI Document Understanding with Oracle Analytics

To integrate Oracle Analytics with OCI Document Understanding, make sure that you have the required security policies.

The OCI user that you specify in the connection between Oracle Analytics Cloud and your OCI tenancy must have read, write, and delete permissions on the compartment containing the OCI resources you want to use. Ensure that the OCI user belongs to a user group with the following minimum OCI security policies. When you connect to an OCI tenancy from Oracle Analytics, you can use either an OCI API key or resource principal.

Note: For resource principal, to include all Analytics instances under a compartment, specify {request.principal.type='analyticsinstance', request.principal.compartment.id='<compartmentA_ocid>'} instead of {request.principal.id='<analytics_instance_ocid>'}.

Table 32-5 Security policies required for OCI Document Understanding integration

API Key Policies Resource Principal Policies
Allow group <group_name> to manage ai-service-document-family in tenancy Allow any-user to manage ai-service-document-family in tenancy where all {request.principal.id='<analytics_instance_ocid>'}
Allow group <group_name> to read buckets in compartment <compartment_name> Allow any-user to read buckets in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}
Allow group <group_name> to manage objects in compartment <compartment_name> where target.bucket.name='<staging_bucket_name>' Allow any-user to manage objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<staging_bucket_name>'}
Allow group <group_name> to read objects in compartment <compartment_name> where target.bucket.name='<document_bucket_name>' Allow any-user to read objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<document_bucket_name>'}
Allow group <group_name> to read objectstorage-namespaces in tenancy Allow any-user to read objectstorage-namespaces in tenancy where all {request.principal.id='<analytics_instance_ocid>'}