Details for the Events Service
This topic covers details for writing user IAM policies that control access to rules for the Events service.
Resource-Types
cloudevents-rules
Supported Variables
Only the general variables are supported (see General Variables for All Requests).
Details for Verb + Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. For example, a group that can use a resource can also inspect and read that resource. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
For example, the read verb for cloudevents-rules includes the same permissions and API
operations as the inspect verb, plus the EVENTRULE_READ permissions and
the corresponding API operation GetEventRule. The use
verb adds no extra permissions or API operations compared to read.
However, manage adds more permissions and operations compared to
use.
cloudevents-rules
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
| inspect | EVENTRULE_LIST |
ListRules
|
none |
| read | INSPECT + EVENTRULE_READ |
INSPECT +
|
none |
| use | no extra |
no extra |
none |
| manage | USE + EVENTRULE_CREATE EVENTRULE_DELETE EVENTRULE_MODIFY |
USE +
|
none |
Permissions Required for Each API Operation
The following table lists the API operations in a logical order, grouped by resource type.
For information about permissions, see Permissions.
| API Operation | Permissions Required to Use the Operation |
|---|---|
ListRules
|
EVENTRULE_LIST |
CreateRule
|
EVENTRULE_CREATE |
GetRule
|
EVENTRULE_READ |
DeleteRule
|
EVENTRULE_DELETE |
UpdateRule
|
EVENTRULE_MODIFY |
ChangeRuleCompartment
|
EVENTRULE_MODIFY |