To grant an application access to the Oracle Identity Cloud Service REST API, you must first know the allowed operations that you need the application to access. Then, assign the AppRoles with access to those operations to your application.

The following table displays the endpoints and the allowed operations for that endpoint that a Kerberos AppRole can access.

Endpoint Allowed Operations
AppKerberosRealmUpdater ALL
Groups GET/<ID>, GET(Search)
KerberosRealmUsers GET(Search), POST/.search, GET/<ID>, PATCH, PUT
PasswordAuthenticator ALL
PasswordPolicies GET/<ID>, GET(Search)
Users GET/<ID>, GET(Search)