Políticas del servicio Oracle Cloud Migrations

Allow dynamic-group MigrationDynamicGroup to manage instance-family in compartment <migration_compartment_name>
Allow dynamic-group MigrationDynamicGroup to manage compute-image-capability-schema in compartment <migration_compartment_name>
Allow dynamic-group MigrationDynamicGroup to manage virtual-network-family in compartment <migration_compartment_name>
Allow dynamic-group MigrationDynamicGroup to manage volume-family in compartment <migration_compartment_name>
Allow dynamic-group MigrationDynamicGroup to manage object-family in compartment <migration_compartment_name>
Allow dynamic-group MigrationDynamicGroup to read ocb-inventory in tenancy
Allow dynamic-group MigrationDynamicGroup to read ocb-inventory-asset in compartment <migration_compartment_name>
Allow dynamic-group MigrationDynamicGroup to {OCB_CONNECTOR_READ, OCB_CONNECTOR_DATA_READ, OCB_ASSET_SOURCE_READ, OCB_ASSET_SOURCE_CONNECTOR_DATA_UPDATE } in compartment <migration_compartment_name>
Allow dynamic-group MigrationDynamicGroup to {INSTANCE_IMAGE_INSPECT, INSTANCE_IMAGE_READ} in tenancy
Allow dynamic-group MigrationDynamicGroup to {INSTANCE_INSPECT} in tenancy where any {request.operation='ListShapes'}
Allow dynamic-group MigrationDynamicGroup to {DEDICATED_VM_HOST_READ} in tenancy where any {request.operation='GetDedicatedVmHost'}
Allow dynamic-group MigrationDynamicGroup to {CAPACITY_RESERVATION_READ} in tenancy where any {request.operation='GetComputeCapacityReservation'}
Allow dynamic-group MigrationDynamicGroup to {ORGANIZATIONS_SUBSCRIPTION_INSPECT} in tenancy where any {request.operation='ListSubscriptions'}
Allow dynamic-group MigrationDynamicGroup to read rate-cards in tenancy
Allow dynamic-group MigrationDynamicGroup to read metrics in tenancy where target.metrics.namespace='ocb_asset'
Allow dynamic-group MigrationDynamicGroup to read tag-namespaces in tenancy
Allow dynamic-group MigrationDynamicGroup to use tag-namespaces in tenancy where target.tag-namespace.name='CloudMigrations'

Define tenancy OCM-SERVICE AS <ocm_service_tenancy_ocid_for_realm>     
Endorse dynamic-group HydrationAgentDynamicGroup to { OBJECT_CREATE } in tenancy OCM-SERVICE where all { target.bucket.name = 'tenancy_ocid' }
Allow dynamic-group HydrationAgentDynamicGroup to {OCM_HYDRATION_AGENT_TASK_INSPECT, OCM_HYDRATION_AGENT_TASK_UPDATE, OCM_HYDRATION_AGENT_REPORT_STATUS} in compartment <migration_compartment_name>
Allow dynamic-group HydrationAgentDynamicGroup to manage objects in compartment <migration_compartment_name>
Allow dynamic-group HydrationAgentDynamicGroup to read secret-family in compartment <migrationsecret_compartment_name>