1. REST API for Oracle Private Cloud Appliance Compute Enclave
  2. Tasks
  3. Identity
  4. Policies

Create a Policy

post

/20160918/policies

Create a new policy in the specified compartment, either in the tenancy or in a different compartment. For information about policies, see "Managing Policies" (https://docs.oracle.com/en/engineered-systems/private-cloud-appliance/3.0-latest/user/user-usr-manage-policies.html).

You must specify a name for the policy, which must be unique across all policies in the tenancy and cannot be changed.

You must specify a description for the policy, although it can be an empty string.

You must specify one or more policy statements in the statements array.

After you send your request, the new object's lifecycleState will temporarily be CREATING. Before using the object, first make sure its lifecycleState has changed to ACTIVE.

New policies typically take effect within 10 seconds.

Request

Supported Media Types
Header Parameters
  • Minimum Length: 1
    Maximum Length: 64
    A token that uniquely identifies a request so it can be retried in case of a timeout or server error without risk of executing that same action again. Retry tokens expire after 24 hours, but can be invalidated before then due to conflicting operations (for example, if a resource has been deleted and purged from the system, then a retry of the original creation request may be rejected).
Body ()
Request object for creating a new policy.
Root Schema : CreatePolicyDetails
Type: object
Show Source
  • The OCID of the compartment containing the policy (either the tenancy or another compartment).
  • definedTags
    Additional Properties Allowed: additionalProperties
    Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
  • Minimum Length: 1
    Maximum Length: 400
    The description you assign to the policy during creation. Does not need to be unique, and it is changeable.
  • freeformTags
    Additional Properties Allowed: additionalProperties
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
  • locks
    Maximum Number of Items: 1
    Locks associated with this resource.
  • Minimum Length: 1
    Maximum Length: 100
    The name you assign to the policy during creation. The name must be unique across all policies in the tenancy and cannot be changed.
  • statements
    An array of policy statements written in the policy language.
  • The version of the policy. If null or set to an empty string, when a request comes in for authorization, the policy will be evaluated according to the current behavior of the services at that moment. If set to a particular date (YYYY-MM-DD), the policy will be evaluated according to the behavior of the services on that date.
Nested Schema : definedTags
Type: object
Additional Properties Allowed
Show Source
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
Nested Schema : freeformTags
Type: object
Additional Properties Allowed
Show Source
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
Nested Schema : locks
Type: array
Maximum Number of Items: 1
Locks associated with this resource.
Show Source
Nested Schema : statements
Type: array
An array of policy statements written in the policy language.
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Key-value pair representing a defined tag key and value, scoped to a namespace. Example: `{"CostCenter": "42"}`
Nested Schema : additionalProperties
Type: object
The value of the tag. Only the String type is supported.
Nested Schema : AddPolicyLockDetails
Type: object
Request payload to add lock to the resource.
Show Source
Back to Top

Response

Supported Media Types

200 Response

The policy is being created.
Headers
  • For optimistic concurrency control. See `if-match`.
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Policy
Type: object
A document that specifies the type of access a group has to the resources in a compartment. For information about policies, see [Managing Policies](https://docs.oracle.com/en/engineered-systems/private-cloud-appliance/3.0-latest/user/user-usr-manage-policies.html). The word "policy" is used by people in different ways:
  • An individual statement written in the policy language.
  • A collection of statements in a single, named policy document (which has an OCID assigned to it).
  • The overall body of policies your organization uses to control access to resources.

    Avoid entering confidential information when you supply string values using the API.

    • Show Source
    Nested Schema : definedTags
    Type: object
    Additional Properties Allowed
    Show Source
    Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
    Nested Schema : freeformTags
    Type: object
    Additional Properties Allowed
    Show Source
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
    Nested Schema : locks
    Type: array
    Locks associated with this resource.
    Show Source
    • ResourceLockPolicy
      Resource locks are used to prevent certain APIs from being called for the resource. A full lock prevents both updating the resource and deleting the resource. A delete lock prevents deleting the resource.
    Nested Schema : statements
    Type: array
    An array of one or more policy statements written in the policy language.
    Show Source
    Nested Schema : additionalProperties
    Type: object
    Additional Properties Allowed
    Show Source
    Key-value pair representing a defined tag key and value, scoped to a namespace. Example: `{"CostCenter": "42"}`
    Nested Schema : additionalProperties
    Type: object
    The value of the tag. Only the String type is supported.
    Nested Schema : ResourceLockPolicy
    Type: object
    Resource locks are used to prevent certain APIs from being called for the resource. A full lock prevents both updating the resource and deleting the resource. A delete lock prevents deleting the resource.
    Show Source
    Example Response (application-json)
    {   "statements" :     [       "Allow group InstanceLaunchers to manage instance-family in compartment ABC",       "Allow group InstanceLaunchers to use volume-family in compartment ABC",       "Allow group InstanceLaunchers to use virtual-network-family in compartment XYZ"     ],   "id" : "ocid1.policy.oc1..aaaaaaaauzkexampleuniqueID",   "compartmentId" : "ocid1.tenancy.oc1..aaaaaaaabaexampleuniqueID",   "name" : "LaunchInstances",   "description" : "Policy for users who need to launch instances, attach volumes, manage images",   "lifecycleState" : "ACTIVE",   "timeCreated" : "2016-12-07T00:49:14.807Z" }

    400 Response

    Bad Request
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    401 Response

    Unauthorized
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    403 Response

    Forbidden
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    404 Response

    Not Found
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    409 Response

    Conflict
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    429 Response

    Too Many Requests
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    500 Response

    Internal Server Error
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    Default Response

    An error has occurred.
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.
    Back to Top