Creating an Oracle Cloud Infrastructure Policy

Create a policy to grant permission to the users in a group to work with Oracle Integration instances within a specified tenancy or compartment.

Does not use identity domains This topic applies only to cloud accounts that do not use identity domains. See About Setting Up Users and Groups.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Policies.
  2. Click Create Policy.
  3. In the Create Policy window, enter a name (for example, IntegrationGroupPolicy) and a description.
  4. In the Policy Builder, select Show manual editor and enter the required policy statements.

    Syntax:

    • allow group group_name to verb resource-type in compartment compartment-name

      allow group group_name to verb resource-type in tenancy

    Example: allow group oci-integration-admins to manage integration-instance in compartment OICCompartment

    This policy statement allows the oci-integration-admins group in the admin domain to manage instance integration-instance in compartment OICCompartment.

    You can create separate groups for different permissions, such as a group with read permission only.

    Want to learn more about policies? See How Policies Work and Policy Reference, or click Help in the window.

    • When defining policy statements, you can specify either verbs (as used in these steps) or permissions (typically used by power users).

    • The read and manage verbs are most applicable to Oracle Integration. The manage verb has the most permissions (create, delete, edit, move, and view).

      Verb Access

      read

      Includes permission to view Oracle Integration instances and their details.

      manage

      Includes all permissions for Oracle Integration instances.

  5. If desired, you can add a policy to allow members of the group to view message metrics, as described in Viewing Message Metrics.

    For example:

    allow group oci-integration-admins to read metrics in compartment OICPMCompartment

  6. If you intend to use custom endpoints, add one or more additional policy statements. Otherwise, skip this step.
    Add policies that specify the compartment in which vaults and secrets reside and allow the admin group to manage secrets in it. See Configure a Custom Endpoint for an Instance.
    Note that you should specify the resource to return in <resource-type>, as described in Details for the Vault Service. Also note that Oracle Integration requires the read verb only but manage is recommended if the same group will also be administering the secrets (uploading/lifecycle operations).

    Syntax: allow group group-name to manage resource-type in compartment secrets-compartment

    Examples:

    • allow oci-integration-admins to manage secrets in compartment SecretsCompartment

      allow oci-integration-admins to manage vaults in compartment SecretsCompartment

  7. Click Create.
    The policy statements are validated and syntax errors are displayed.