IAM Permissions
This topic discusses the policies that are required to access the API endpoints for IAM-based Digital Assistant instances. This topic doesn't apply to instances that are paired with a subscription to a Fusion-based Oracle Cloud Applications service, such as HCM Cloud or Sales Cloud, nor to 19.4.1 instances that were migrated to Oracle Cloud Infrastructure.
To be able to send requests to the API endpoints, you must be an IAM user who has been assigned to a group that has an IAM policy to allow group <group-name> to <verb> oda-instance-resource
. The verb in the policy -- which can be inspect
, read
, or use
-- determines which operations you can access, as shown in the following table.
Verb | Operations You Can Access |
---|---|
inspect |
|
read |
|
use |
|
To learn about IAM users, policies, and groups, see Set Up Groups, Users, and Policies in Using Oracle Digital Assistant.