Informations détaillées sur le service de gestion de l'organisation

Cette rubrique présente des informations détaillées sur l'écriture de politiques permettant de contrôler l'accès au service de gestion de l'organisation.

Types de ressource

organizations-family
organizations-link
organizations-recipient-invitation
organizations-sender-invitation
organizations-invitation
organizations-domain
organizations-domain-governance
organizations-entity
organizations-tenancy
organizations-order
organizations-subscription
organizations-subscription-mapping
organizations-assigned-subscription
organizations-subscription-region
organizations-governance-rules
organizations-enforced-governance-rules

Variables prises en charge

Le service Gestion de l'organisation prend en charge toutes les variables générales (voir Variables générales pour toutes les demandes), plus les variables répertoriées ici :

Variables requises (fournies par le service pour chaque demande) :


Variable	Type de variable	Commentaires
`target.resource.kind`	Chaîne	Nom du type de ressource de la ressource principale de la demande.

Variables automatiques (fournies par la trousse SDK pour chaque demande) :


Variable	Type de variable	Commentaires
`target.tenant.id`	Entité (OCID)	OCID de l'ID locataire cible.

Informations détaillées sur les combinaisons Verbe + Type de ressource

Les tableaux suivants présentent les autorisations et les opérations d'API couvertes par chaque verbe. Le niveau d'accès est cumulatif depuis inspect > read > use > manage. Par exemple, un groupe qui peut utiliser une ressource peut également inspecter et lire cette ressource. Un signe plus (+) dans une cellule de tableau indique un accès incrémentiel comparé à la cellule directement au-dessus, alors que "aucun accès supplémentaire" indique qu'il n'y a aucun accès incrémentiel.

organisations-famille


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_LINK_INSPECT ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT ORGANIZATIONS_DOMAIN_INSPECT ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT ORGANIZATIONS_TENANCY_INSPECT ORGANIZATIONS_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT GOVERNANCE_RULE_INSPECT ORGANIZATIONS_ENTITY_INSPECT ORGANIZATIONS_TENANCY_INSPECT	`ListLinks` `ListRecipientInvitations` `ListSenderInvitations` `ListDomains` `ListDomainGovernances` `ListOrganizationTenancies` `ListSubscriptions` `ListSubscriptionMappings` `ListAssignedSubscriptions` `ListAvailableRegions` `ListGovernanceRules` `ListOrganizations`	aucune
READ	INSPECTER + ORGANIZATIONS_LINK_READ ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ ORGANIZATIONS_DOMAIN_READ ORGANIZATIONS_DOMAIN_GOVERNANCE_READ ORGANIZATIONS_ENTITY_READ ORGANIZATIONS_TENANCY_READ ORGANIZATIONS_SUBSCRIPTION_READ ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ GOVERNANCE_RULE_READ	INSPECTER + `GetLink` `GetRecipientInvitation` `GetSenderInvitation` `GetDomain` `GetDomainGovernance` `GetOrganizationTenancy` `GetSubscriptionMapping` `GetAssignedSubscription` `GetGovernanceRule` `ListTenancyAttachments` `GetTenancyAttachment`	aucune
USE	LIRE + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE ORGANIZATIONS_DOMAIN_UPDATE ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY	LIRE + `AcceptRecipientInvitation` `IgnoreRecipientInvitation` `CancelSenderInvitation` `UpdateSenderInvitation` `UpdateDomain` `UpdateDomainGovernance` `UpdateOrganization` `GetGovernanceRule` `DeleteInclusionCriterion` `RetryGovernanceRule` `RetryTenancyAttachment`	aucune
MANAGE	USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE ORGANIZATIONS_SENDER_INVITATION_CREATE ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE ORGANIZATIONS_ORDER_ACTIVATE ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE	USE + `DeleteLink` `CreateSenderInvitation` `CreateDomain` `DeleteDomain` `ActivateOrder` `CreateDomainGovernance` `DeleteDomainGovernance` `UpdateOrganization` `CreateChildTenancy` `DeleteSubscriptionMapping` `DeleteOrganizationTenancy` `RestoreOrganizationTenancy` `CreateSubscriptionMapping` `CreateGovernanceRule` `DeleteGovernanceRule`	aucune

organisations-lien


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_LINK_INSPECT	`ListLinks`	aucune
LIRE, UTILISER	INSPECTER + ORGANIZATIONS_LINK_READ	INSPECTER + `GetLink`	aucune
MANAGE	USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE	USE + `DeleteLink`	aucune

organisations-récipiendaire-invitation


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT	`ListRecipientInvitations`	aucune
READ	INSPECTER + ORGANIZATIONS_RECIPIENT_INVITATION_READ	INSPECTER + `GetRecipientInvitation`	aucune
UTILISER, GÉRER	LIRE + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE	LIRE + `AcceptRecipientInvitation` `IgnoreRecipientInvitation` `UpdateRecipientInvitation`	aucune

organisations-expéditeur-invitation


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_SENDER_INVITATION_INSPECT	`ListRecipientInvitations`	aucune
READ	INSPECTER + ORGANIZATIONS_SENDER_INVITATION_READ	INSPECTER + `GetSenderInvitation`	aucune
USE	LIRE + ORGANIZATIONS_SENDER_INVITATION_UPDATE	LIRE + `UpdateSenderInvitation` `CancelSenderInvitation`	aucune
MANAGE	USE + ORGANIZATIONS_SENDER_INVITATION_CREATE	USE + `CreateSenderInvitation`	aucune

des organisations


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT	`ListRecipientInvitations` `ListSenderInvitations`	aucune
READ	INSPECTER + ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ	INSPECTER + `GetRecipientInvitation` `GetSenderInvitation`	aucune
USE	LIRE + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE	LIRE + `AcceptRecipientInvitation` `UpdateRecipientInvitation` `UpdateSenderInvitation` `CancelSenderInvitation`	aucune
MANAGE	USE + ORGANIZATIONS_SENDER_INVITATION_CREATE	USE + `CreateSenderInvitation`	aucune

organisations-domaine


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_DOMAIN_INSPECT	`ListDomains`	aucune
READ	INSPECTER + ORGANIZATIONS_DOMAIN_READ	INSPECTER + `GetDomain`	aucune
USE	LIRE + ORGANIZATIONS_DOMAIN_UPDATE	LIRE + `UpdateDomain`	aucune
MANAGE	USE + ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE	USE + `CreateDomain` `DeleteDomain`	aucune

organisations - domaine - gouvernance


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT	`ListDomainGovernances`	aucune
READ	INSPECTER + ORGANIZATIONS_DOMAIN_GOVERNANCE_READ	INSPECTER + `GetDomainGovernance`	aucune
USE	LIRE + ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE	LIRE + `UpdateDomainGovernance`	aucune
MANAGE	USE + ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE	USE + `CreateDomainGovernance` `DeleteDomainGovernance`	aucune

organisations-entités


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_ENTITY_INSPECT	`ListOrganizations`	aucune
READ	INSPECTER + ORGANIZATIONS_ENTITY_READ	INSPECTER + `GetOrganization`	aucune
USE	LIRE + ORGANIZATIONS_ENTITY_UPDATE	LIRE + `UpdateOrganization`	aucune
MANAGE	-	-	aucune

organisations-location


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_TENANCY_INSPECT	`ListOrganizationTenancies`	aucune
LIRE, UTILISER	INSPECTER + ORGANIZATIONS_TENANCY_READ	INSPECTER + `GetOrganizationTenancy`	aucune
MANAGE	USE + ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE	USE + `CreateChildTenancy` `DeleteOrganizationTenancy` `RestoreOrganizationTenancy`	aucune

organisations-commande


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	-	-	aucune
READ	-	-	aucune
USE	-	-	aucune
MANAGE	ORGANIZATIONS_ORDER_ACTIVATE	`ActivateOrder`	aucune

organisations-abonnement


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_SUBSCRIPTION_INSPECT	`ListSubscriptions`	aucune
READ	INSPECTER + ORGANIZATIONS_SUBSCRIPTION_READ	INSPECTER + `GetSubscription`	aucune
UTILISER, GÉRER	USE + ORGANIZATIONS_SUBSCRIPTION_ASSIGN ORGANIZATIONS_SUBSCRIPTION_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE	USE + `AssignTenancySubscription` `AssignDefaultSubscription` `CreateSubscriptionMapping`	aucune

organisations-abonnement-mapping


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT	`ListSubscriptionMappings`	aucune
READ	INSPECTER + ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ	INSPECTER + `GetSubscriptionMapping`	aucune
UTILISER, GÉRER	USE + ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE	USE + `DeleteSubscriptionMapping` `CreateSubscriptionMapping`	aucune

organisations-assigned-sabonnement


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT	`ListAssignedSubscriptions`	aucune
READ	INSPECTER + ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ	INSPECTER + `GetAssignedSubscription`	aucune
USE	-	-	aucune
MANAGE	-	-	aucune

organisations-subscription-region


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT	`ListAvailableRegions`	aucune
READ	-	-	aucune
USE	-	-	aucune
MANAGE	-	-	aucune

organisations-gouvernance-rules


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	GOVERNANCE_RULE_INSPECT	`ListGovernanceRules` `ListOrganizations` `ListOrganizationTenancies`	aucune
READ	INSPECTER + GOVERNANCE_RULE_READ	INSPECTER + `GetGovernanceRule` `ListTenancyAttachments` `GetTenancyAttachment`	aucune
USE	LIRE + GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY	LIRE + `GetGovernanceRule` `DeleteInclusionCriterion` `RetryGovernanceRule` `RetryTenancyAttachment`	aucune
MANAGE	USE + GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE	USE + `CreateGovernanceRule` `DeleteGovernanceRule`	aucune

organisations-gouvernance forcée-rules


Verbes	Autorisations	API entièrement couvertes	API partiellement couvertes
INSPECT	GOVERNANCE_RULE_ENFORCED_INSPECT	`ListEnforcedGovernanceRules` `ListOrganizations` `ListOrganizationTenancies`	aucune
READ	INSPECTER + GOVERNANCE_RULE_ENFORCED_READ	INSPECTER + `GetEnforcedGovernanceRule`	aucune
USE	-	-	aucune
MANAGE	-	-	aucune

Autorisations requises pour chaque opération d'API

Le tableau suivant répertorie les opérations d'API dans un ordre logique, regroupées par type de ressource. Pour plus d'informations sur les autorisations, voir Autorisations.


Opération d'API	Autorisations requises pour utiliser l'opération
GetLink	ORGANIZATIONS_LINK_READ
ListLinks	ORGANIZATIONS_LINK_INSPECT
DeleteLink	ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_LINK_PARENT_DELETE
GetRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_READ
AcceptRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
IgnoreRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
UpdateRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
ListRecipientInvitations	ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT
CreateSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_CREATE
GetSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_READ
ListSenderInvitations	ORGANIZATIONS_SENDER_INVITATION_INSPECT
CancelSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_UPDATE
UpdateSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_UPDATE
UpdateSenderInvitation	ORGANIZATIONS_DOMAIN_READ
ListDomains	ORGANIZATIONS_DOMAIN_INSPECT
CreateDomain	ORGANIZATIONS_DOMAIN_CREATE
UpdateDomain	ORGANIZATIONS_DOMAIN_UPDATE
DeleteDomain	ORGANIZATIONS_DOMAIN_DELETE
GetDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_READ
ListDomainGovernances	ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT
CreateDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE
UpdateDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE
DeleteDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE
GetOrganization	ORGANIZATIONS_ENTITY_READ
ListOrganizations	ORGANIZATIONS_ENTITY_INSPECT
UpdateOrganization	ORGANIZATIONS_ENTITY_UPDATE
GetOrganizationTenancy	ORGANIZATIONS_TENANCY_READ
ListOrganizationTenancies	ORGANIZATIONS_TENANCY_INSPECT
approveForTransfer/unapproveForTransfer	ORGANIZATIONS_TENANCY_TRANSFER_APPROVAL_UPDATE
CreateChildTenancy	ORGANIZATIONS_TENANCY_CREATE
DeleteOrganizationTenancy	ORGANIZATIONS_TENANCY_DELETE
RestoreOrganizationTenancy	ORGANIZATIONS_TENANCY_RESTORE
ActivateOrder	ORGANIZATIONS_ORDER_ACTIVATE
ListSubscriptions	ORGANIZATIONS_SUBSCRIPTION_INSPECT
ListSubscriptionMappings	ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT
GetSubscription	ORGANIZATIONS_SUBSCRIPTION_READ
GetSubscriptionMapping	ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ
AssignTenancySubscription	ORGANIZATIONS_SUBSCRIPTION_ASSIGN
AssignDefaultSubscription	ORGANIZATIONS_SUBSCRIPTION_ASSIGN
DeleteSubscriptionMapping	ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE
CreateSubscriptionMapping	ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE
ListAssignedSubscriptions	ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT
GetAssignedSubscription	ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ
ListAvailableRegions	ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT
ListGovernanceRules	GOVERNANCE_RULE_INSPECT
GetGovernanceRule	GOVERNANCE_RULE_READ
CreateGovernanceRule	GOVERNANCE_RULE_CREATE
UpdateGovernanceRule	GOVERNANCE_RULE_UPDATE
DeleteGovernanceRule	GOVERNANCE_RULE_DELETE
RetryGovernanceRule	GOVERNANCE_RULE_RETRY
CreateInclusionCriterion	GOVERNANCE_RULE_UPDATE
DeleteInclusionCriterion	GOVERNANCE_RULE_UPDATE
ListTenancyAttachments	GOVERNANCE_RULE_READ
GetTenancyAttachment	GOVERNANCE_RULE_READ
RetryTenancyAttachment	GOVERNANCE_RULE_RETRY
ListEnforcedGovernanceRules	GOVERNANCE_RULE_ENFORCED_INSPECT
GetEnforcedGovernanceRule	GOVERNANCE_RULE_ENFORCED_READ

Documentation sur Oracle Cloud Infrastructure

Informations détaillées sur le service de gestion de l'organisation

Types de ressource

Variables prises en charge

Informations détaillées sur les combinaisons Verbe + Type de ressource

Autorisations requises pour chaque opération d'API