Informations détaillées sur le service de gestion de l'organisation
Cette rubrique présente des informations détaillées sur l'écriture de politiques permettant de contrôler l'accès au service de gestion de l'organisation.
Types de ressource
organizations-family
organizations-link
organizations-recipient-invitation
organizations-sender-invitation
organizations-invitation
organizations-domain
organizations-domain-governance
organizations-entity
organizations-tenancy
organizations-order
organizations-subscription
organizations-subscription-mapping
organizations-assigned-subscription
organizations-subscription-region
organizations-governance-rules
organizations-enforced-governance-rules
Variables prises en charge
Le service Gestion de l'organisation prend en charge toutes les variables générales (voir Variables générales pour toutes les demandes), plus les variables répertoriées ici :
Variables requises (fournies par le service pour chaque demande) :
Variable | Type de variable | Commentaires |
---|---|---|
target.resource.kind |
Chaîne | Nom du type de ressource de la ressource principale de la demande. |
Variables automatiques (fournies par la trousse SDK pour chaque demande) :
Variable | Type de variable | Commentaires |
---|---|---|
target.tenant.id |
Entité (OCID) | OCID de l'ID locataire cible. |
Informations détaillées sur les combinaisons Verbe + Type de ressource
Les tableaux suivants présentent les autorisations et les opérations d'API couvertes par chaque verbe. Le niveau d'accès est cumulatif depuis inspect
> read
> use
> manage
. Par exemple, un groupe qui peut utiliser une ressource peut également inspecter et lire cette ressource. Un signe plus (+) dans une cellule de tableau indique un accès incrémentiel comparé à la cellule directement au-dessus, alors que "aucun accès supplémentaire" indique qu'il n'y a aucun accès incrémentiel.
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_LINK_INSPECT ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT ORGANIZATIONS_DOMAIN_INSPECT ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT ORGANIZATIONS_TENANCY_INSPECT ORGANIZATIONS_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT GOVERNANCE_RULE_INSPECT ORGANIZATIONS_ENTITY_INSPECT ORGANIZATIONS_TENANCY_INSPECT |
ListLinks
|
aucune |
READ | INSPECTER + ORGANIZATIONS_LINK_READ ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ ORGANIZATIONS_DOMAIN_READ ORGANIZATIONS_DOMAIN_GOVERNANCE_READ ORGANIZATIONS_ENTITY_READ ORGANIZATIONS_TENANCY_READ ORGANIZATIONS_SUBSCRIPTION_READ ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ GOVERNANCE_RULE_READ |
INSPECTER + GetLink
|
aucune |
USE | LIRE + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY |
LIRE + AcceptRecipientInvitation
GetGovernanceRule
|
aucune |
MANAGE | USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE ORGANIZATIONS_SENDER_INVITATION_CREATE ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE ORGANIZATIONS_ORDER_ACTIVATE ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE |
USE + DeleteLink
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_LINK_INSPECT | ListLinks
|
aucune |
LIRE, UTILISER | INSPECTER + ORGANIZATIONS_LINK_READ | INSPECTER + GetLink |
aucune |
MANAGE | USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE |
USE + DeleteLink |
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT | ListRecipientInvitations
|
aucune |
READ | INSPECTER + ORGANIZATIONS_RECIPIENT_INVITATION_READ | INSPECTER + GetRecipientInvitation |
aucune |
UTILISER, GÉRER | LIRE + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE | LIRE + AcceptRecipientInvitation
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_SENDER_INVITATION_INSPECT | ListRecipientInvitations
|
aucune |
READ | INSPECTER + ORGANIZATIONS_SENDER_INVITATION_READ | INSPECTER + GetSenderInvitation |
aucune |
USE | LIRE + ORGANIZATIONS_SENDER_INVITATION_UPDATE | LIRE + UpdateSenderInvitation
|
aucune |
MANAGE | USE + ORGANIZATIONS_SENDER_INVITATION_CREATE | USE + CreateSenderInvitation |
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT |
ListRecipientInvitations
|
aucune |
READ | INSPECTER + ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ |
INSPECTER + GetRecipientInvitation
|
aucune |
USE | LIRE + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE |
LIRE + AcceptRecipientInvitation
|
aucune |
MANAGE | USE + ORGANIZATIONS_SENDER_INVITATION_CREATE | USE + CreateSenderInvitation |
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_DOMAIN_INSPECT | ListDomains
|
aucune |
READ | INSPECTER + ORGANIZATIONS_DOMAIN_READ | INSPECTER + GetDomain |
aucune |
USE | LIRE + ORGANIZATIONS_DOMAIN_UPDATE | LIRE + UpdateDomain |
aucune |
MANAGE | USE + ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE |
USE + CreateDomain
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT | ListDomainGovernances
|
aucune |
READ | INSPECTER + ORGANIZATIONS_DOMAIN_GOVERNANCE_READ | INSPECTER + GetDomainGovernance |
aucune |
USE | LIRE + ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE | LIRE + UpdateDomainGovernance |
aucune |
MANAGE | USE + ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE |
USE + CreateDomainGovernance
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_ENTITY_INSPECT | ListOrganizations
|
aucune |
READ | INSPECTER + ORGANIZATIONS_ENTITY_READ | INSPECTER + GetOrganization |
aucune |
USE | LIRE + ORGANIZATIONS_ENTITY_UPDATE | LIRE + UpdateOrganization |
aucune |
MANAGE | - | - | aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_TENANCY_INSPECT | ListOrganizationTenancies
|
aucune |
LIRE, UTILISER | INSPECTER + ORGANIZATIONS_TENANCY_READ | INSPECTER + GetOrganizationTenancy |
aucune |
MANAGE | USE + ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE |
USE + CreateChildTenancy
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | - | - | aucune |
READ | - | - | aucune |
USE | - | - | aucune |
MANAGE | ORGANIZATIONS_ORDER_ACTIVATE | ActivateOrder |
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_SUBSCRIPTION_INSPECT | ListSubscriptions
|
aucune |
READ | INSPECTER + ORGANIZATIONS_SUBSCRIPTION_READ | INSPECTER + GetSubscription |
aucune |
UTILISER, GÉRER | USE + ORGANIZATIONS_SUBSCRIPTION_ASSIGN ORGANIZATIONS_SUBSCRIPTION_DELETE |
USE + AssignTenancySubscription
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT | ListSubscriptionMappings
|
aucune |
READ | INSPECTER + ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ | INSPECTER + GetSubscriptionMapping |
aucune |
UTILISER, GÉRER | USE + ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE |
USE + DeleteSubscriptionMapping
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT | ListAssignedSubscriptions
|
aucune |
READ | INSPECTER + ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ | INSPECTER + GetAssignedSubscription |
aucune |
USE | - | - | aucune |
MANAGE | - | - | aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT | ListAvailableRegions
|
aucune |
READ | - | - | aucune |
USE | - | - | aucune |
MANAGE | - | - | aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | GOVERNANCE_RULE_INSPECT | ListGovernanceRules
|
aucune |
READ | INSPECTER + GOVERNANCE_RULE_READ | INSPECTER + GetGovernanceRule
|
aucune |
USE | LIRE + GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY |
LIRE + GetGovernanceRule
|
aucune |
MANAGE | USE + GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE |
USE + CreateGovernanceRule
|
aucune |
Verbes | Autorisations | API entièrement couvertes | API partiellement couvertes |
---|---|---|---|
INSPECT | GOVERNANCE_RULE_ENFORCED_INSPECT | ListEnforcedGovernanceRules
|
aucune |
READ | INSPECTER + GOVERNANCE_RULE_ENFORCED_READ | INSPECTER + GetEnforcedGovernanceRule |
aucune |
USE | - | - | aucune |
MANAGE | - | - | aucune |
Autorisations requises pour chaque opération d'API
Le tableau suivant répertorie les opérations d'API dans un ordre logique, regroupées par type de ressource. Pour plus d'informations sur les autorisations, voir Autorisations.
Opération d'API | Autorisations requises pour utiliser l'opération |
---|---|
GetLink | ORGANIZATIONS_LINK_READ |
ListLinks | ORGANIZATIONS_LINK_INSPECT |
DeleteLink | ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_LINK_PARENT_DELETE |
GetRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_READ |
AcceptRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
IgnoreRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
UpdateRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
ListRecipientInvitations | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT |
CreateSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_CREATE |
GetSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_READ |
ListSenderInvitations | ORGANIZATIONS_SENDER_INVITATION_INSPECT |
CancelSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_UPDATE |
UpdateSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_UPDATE |
UpdateSenderInvitation | ORGANIZATIONS_DOMAIN_READ |
ListDomains | ORGANIZATIONS_DOMAIN_INSPECT |
CreateDomain | ORGANIZATIONS_DOMAIN_CREATE |
UpdateDomain | ORGANIZATIONS_DOMAIN_UPDATE |
DeleteDomain | ORGANIZATIONS_DOMAIN_DELETE |
GetDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_READ |
ListDomainGovernances | ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT |
CreateDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE |
UpdateDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE |
DeleteDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE |
GetOrganization | ORGANIZATIONS_ENTITY_READ |
ListOrganizations | ORGANIZATIONS_ENTITY_INSPECT |
UpdateOrganization | ORGANIZATIONS_ENTITY_UPDATE |
GetOrganizationTenancy | ORGANIZATIONS_TENANCY_READ |
ListOrganizationTenancies | ORGANIZATIONS_TENANCY_INSPECT |
approveForTransfer/unapproveForTransfer | ORGANIZATIONS_TENANCY_TRANSFER_APPROVAL_UPDATE |
CreateChildTenancy | ORGANIZATIONS_TENANCY_CREATE |
DeleteOrganizationTenancy | ORGANIZATIONS_TENANCY_DELETE |
RestoreOrganizationTenancy | ORGANIZATIONS_TENANCY_RESTORE |
ActivateOrder | ORGANIZATIONS_ORDER_ACTIVATE |
ListSubscriptions | ORGANIZATIONS_SUBSCRIPTION_INSPECT |
ListSubscriptionMappings | ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT |
GetSubscription | ORGANIZATIONS_SUBSCRIPTION_READ |
GetSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ |
AssignTenancySubscription | ORGANIZATIONS_SUBSCRIPTION_ASSIGN |
AssignDefaultSubscription | ORGANIZATIONS_SUBSCRIPTION_ASSIGN |
DeleteSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE |
CreateSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE |
ListAssignedSubscriptions | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT |
GetAssignedSubscription | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ |
ListAvailableRegions | ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT |
ListGovernanceRules | GOVERNANCE_RULE_INSPECT |
GetGovernanceRule | GOVERNANCE_RULE_READ |
CreateGovernanceRule | GOVERNANCE_RULE_CREATE |
UpdateGovernanceRule | GOVERNANCE_RULE_UPDATE |
DeleteGovernanceRule | GOVERNANCE_RULE_DELETE |
RetryGovernanceRule | GOVERNANCE_RULE_RETRY |
CreateInclusionCriterion | GOVERNANCE_RULE_UPDATE |
DeleteInclusionCriterion | GOVERNANCE_RULE_UPDATE |
ListTenancyAttachments | GOVERNANCE_RULE_READ |
GetTenancyAttachment | GOVERNANCE_RULE_READ |
RetryTenancyAttachment | GOVERNANCE_RULE_RETRY |
ListEnforcedGovernanceRules | GOVERNANCE_RULE_ENFORCED_INSPECT |
GetEnforcedGovernanceRule | GOVERNANCE_RULE_ENFORCED_READ |