Istruzioni criteri di esempio per la gestione delle istanze di Analytics Cloud
Di seguito sono riportate alcune istruzioni criteri standard che possono essere utilizzate per autorizzare l'accesso alle istanze di Oracle Analytics Cloud.
Quando si crea un criterio per la tenancy, si concede agli utenti l'accesso a tutti i compartimenti mediante l'ereditarietà dei criteri. In alternativa, è possibile limitare l'accesso a singole istanze o singoli scomparti di Oracle Analytics Cloud.
Consenti agli utenti del gruppo di amministratori di gestire in modo completo qualsiasi istanza di Analytics
# Full manage permissions (Create, View, Update, Delete, Scale, Start, Stop...)
allow group Administrators to manage analytics-instances in tenancy
allow group Administrators to manage analytics-instance-work-requests in tenancyConsenti agli utenti del gruppo analytics_power_users di leggere, avviare e arrestare tutte le istanze di analitica nel compartimento MyOACProduction
# Use permissions (List, Get, Start, Stop)
allow group analytics_power_users to use analytics-instances in compartment MyOACProductionConsenti agli utenti del gruppo analytics_test_users di creare e gestire una singola istanza di Analytics (myanalytics_1) nel compartimento MyOACTest
# Full manage permissions on a single instance
allow group analytics_test_users to manage analytics-instances in compartment MyOACTest where target.analytics-instances.name = 'myanalytics_1'Consenti agli utenti del gruppo analytics_power_users di spostare le istanze di Analytics tra due compartimenti denominati
# Custom permissions to move instances between two specific compartments.
allow group analytics_power_users to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_MOVE} in tenancy
where all {
target.analytics-instance.source-compartment.id =
'ocid1.compartment.oc1..aaa100',
target.analytics-instance.destination-compartment.id =
'ocid1.compartment.oc1..aaa200'
}Consenti agli utenti del gruppo analytics_users di ispezionare qualsiasi istanza di Analytics e le relative richieste di lavoro associate
# Inspect permissions (list analytics instances and work requests) using metaverbs.
allow group analytics_users to inspect analytics-instances in tenancy
allow group analytics_users to inspect analytics-instance-work-requests in tenancy# Inspect permissions (list analytics instances and work requests) using permission names.
allow group analytics_users to {ANALYTICS_INSTANCE_INSPECT} in tenancy
allow group analytics_users to {ANALYTICS_INSTANCE_WR_INSPECT} in tenancyConsenti agli utenti del gruppo analytics_users2 di leggere i dettagli di qualsiasi istanza di Analytics e delle relative richieste di lavoro associate
# Read permissions (read complete analytics instance and work request metadata) using metaverbs.
allow group analytics_users2 to read analytics-instances in tenancy
allow group analytics_users2 to read analytics-instance-work-requests in tenancy# Read permissions (read complete analytics instance and work request metadata) using permission names.
allow group analytics_users2 to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ} in tenancy
allow group analytics_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in tenancyConsenti agli utenti nel gruppo analytics_users2 di visualizzare le metriche delle prestazioni per qualsiasi istanza di analitica in un compartimento denominato
# View performance metrics permissions
allow group analytics_users2 to read metrics in compartment myOACProduction Consenti agli utenti del gruppo analytics_power_users2 di leggere, avviare e arrestare tutte le istanze di Analytics e leggere le richieste di lavoro associate
# Use permissions (read, stop, start on analytics instance, read on work request) using metaverbs.
allow group analytics_power_users2 to use analytics-instances in tenancy
allow group analytics_power_users2 to read analytics-instance-work-requests in tenancy# Use permissions (read, stop, start on analytics instance, read on work request) using permission names.allow group
analytics_power_users2 to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE} in
tenancy
allow group
analytics_power_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in
tenancyConsenti agli utenti del gruppo Administrators2 di gestire qualsiasi istanza di Analytics e le relative richieste di lavoro associate
# Full manage permissions (use, scale, delete on analytics instance, read and cancel on work request) using metaverbs.
allow group Administrators2 to manage analytics-instances in tenancy
allow group Administrators2 to manage analytics-instance-work-requests in tenancy# Full manage permissions (use, create, scale, delete on analytics instance, read and cancel on work request) using permission names.allow group
Administrators2 to
{ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE,
ANALYTICS_INSTANCE_CREATE, ANALYTICS_INSTANCE_DELETE, ANALYTICS_INSTANCE_UPDATE,
ANALYTICS_INSTANCE_MOVE, ANALYTICS_INSTANCE_MANAGE} in
tenancy
allow group
Administrators2 to
{ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ, ANALYTICS_INSTANCE_WR_DELETE} in
tenancy