Detalhes do Gerenciamento da Organização

Este tópico abrange detalhes de gravação de políticas para controlar o acesso ao Organization Management.

Tipos de Recursos

organizations-family
organizations-link
organizations-recipient-invitation
organizations-sender-invitation
organizations-invitation
organizations-domain
organizations-domain-governance
organizations-entity
organizations-tenancy
organizations-order
organizations-subscription
organizations-subscription-mapping
organizations-assigned-subscription
organizations-subscription-region
organizations-governance-rules
organizations-enforced-governance-rules

Variáveis Suportadas

O Gerenciamento da Organização suporta todas as variáveis gerais (consulte Variáveis Gerais para Todas as Solicitações), além de outras listadas aqui:

Variáveis obrigatórias (fornecidas pelo serviço para cada solicitação):


Variável	Tipo de variável	Comentários
`target.resource.kind`	String	O nome do tipo do recurso principal da solicitação.

Variáveis Automáticas (fornecidas pelo SDK para cada solicitação):


Variável	Tipo de variável	Comentários
`target.tenant.id`	Entidade (OCID)	O OCID do ID do tenant de destino.

Detalhes para Combinações de Verbo + Tipo de Recurso

As tabelas a seguir mostram as permissões e operações de API abrangidas por cada verbo. O nível de acesso é cumulativo à medida que você vai de inspect > read > use > manage. Por exemplo, um grupo que pode usar um recurso também pode inspecionar e ler esse recurso. Um sinal de mais (+) em uma célula da tabela indica o acesso incremental comparado à célula diretamente acima dela, enquanto "sem extra" indica acesso incremental.

organizations-family


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_LINK_INSPECT ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT ORGANIZATIONS_DOMAIN_INSPECT ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT ORGANIZATIONS_TENANCY_INSPECT ORGANIZATIONS_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT GOVERNANCE_RULE_INSPECT ORGANIZATIONS_ENTITY_INSPECT ORGANIZATIONS_TENANCY_INSPECT	`ListLinks` `ListRecipientInvitations` `ListSenderInvitations` `ListDomains` `ListDomainGovernances` `ListOrganizationTenancies` `ListSubscriptions` `ListSubscriptionMappings` `ListAssignedSubscriptions` `ListAvailableRegions` `ListGovernanceRules` `ListOrganizations`	none
READ	INSPECT + ORGANIZATIONS_LINK_READ ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ ORGANIZATIONS_DOMAIN_READ ORGANIZATIONS_DOMAIN_GOVERNANCE_READ ORGANIZATIONS_ENTITY_READ ORGANIZATIONS_TENANCY_READ ORGANIZATIONS_SUBSCRIPTION_READ ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ GOVERNANCE_RULE_READ	INSPECT + `GetLink` `GetRecipientInvitation` `GetSenderInvitation` `GetDomain` `GetDomainGovernance` `GetOrganizationTenancy` `GetSubscriptionMapping` `GetAssignedSubscription` `GetGovernanceRule` `ListTenancyAttachments` `GetTenancyAttachment`	none
USE	LEIA + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE ORGANIZATIONS_DOMAIN_UPDATE ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY	READ + `AcceptRecipientInvitation` `IgnoreRecipientInvitation` `CancelSenderInvitation` `UpdateSenderInvitation` `UpdateDomain` `UpdateDomainGovernance` `UpdateOrganization` `GetGovernanceRule` `DeleteInclusionCriterion` `RetryGovernanceRule` `RetryTenancyAttachment`	none
MANAGE	USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE ORGANIZATIONS_SENDER_INVITATION_CREATE ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE ORGANIZATIONS_ORDER_ACTIVATE ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE	USE + `DeleteLink` `CreateSenderInvitation` `CreateDomain` `DeleteDomain` `ActivateOrder` `CreateDomainGovernance` `DeleteDomainGovernance` `UpdateOrganization` `CreateChildTenancy` `DeleteSubscriptionMapping` `DeleteOrganizationTenancy` `RestoreOrganizationTenancy` `CreateSubscriptionMapping` `CreateGovernanceRule` `DeleteGovernanceRule`	none

organizations-link


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_LINK_INSPECT	`ListLinks`	none
LEITURA, USO	INSPECT + ORGANIZATIONS_LINK_READ	INSPECT + `GetLink`	none
MANAGE	USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE	USE + `DeleteLink`	none

organizations-recipient-invitation


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT	`ListRecipientInvitations`	none
READ	INSPECT + ORGANIZATIONS_RECIPIENT_INVITATION_READ	INSPECT + `GetRecipientInvitation`	none
USAR, GERENCIAR	LEIA + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE	READ + `AcceptRecipientInvitation` `IgnoreRecipientInvitation` `UpdateRecipientInvitation`	none

organizations-sender-invitation


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_SENDER_INVITATION_INSPECT	`ListRecipientInvitations`	none
READ	INSPECT + ORGANIZATIONS_SENDER_INVITATION_READ	INSPECT + `GetSenderInvitation`	none
USE	LEIA + ORGANIZATIONS_SENDER_INVITATION_UPDATE	READ + `UpdateSenderInvitation` `CancelSenderInvitation`	none
MANAGE	USE + ORGANIZATIONS_SENDER_INVITATION_CREATE	USE + `CreateSenderInvitation`	none

organizations-invitation


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT	`ListRecipientInvitations` `ListSenderInvitations`	none
READ	INSPECT + ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ	INSPECT + `GetRecipientInvitation` `GetSenderInvitation`	none
USE	LEIA + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE	READ + `AcceptRecipientInvitation` `UpdateRecipientInvitation` `UpdateSenderInvitation` `CancelSenderInvitation`	none
MANAGE	USE + ORGANIZATIONS_SENDER_INVITATION_CREATE	USE + `CreateSenderInvitation`	none

organizations-domain


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_DOMAIN_INSPECT	`ListDomains`	none
READ	INSPECT + ORGANIZATIONS_DOMAIN_READ	INSPECT + `GetDomain`	none
USE	LEIA + ORGANIZATIONS_DOMAIN_UPDATE	READ + `UpdateDomain`	none
MANAGE	USE + ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE	USE + `CreateDomain` `DeleteDomain`	none

organizations-domain-governance


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT	`ListDomainGovernances`	none
READ	INSPECT + ORGANIZATIONS_DOMAIN_GOVERNANCE_READ	INSPECT + `GetDomainGovernance`	none
USE	LEIA + ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE	READ + `UpdateDomainGovernance`	none
MANAGE	USE + ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE	USE + `CreateDomainGovernance` `DeleteDomainGovernance`	none

organizations-entity


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_ENTITY_INSPECT	`ListOrganizations`	none
READ	INSPECT + ORGANIZATIONS_ENTITY_READ	INSPECT + `GetOrganization`	none
USE	LEIA + ORGANIZATIONS_ENTITY_UPDATE	READ + `UpdateOrganization`	none
MANAGE	-	-	none

organizations-tenancy


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_TENANCY_INSPECT	`ListOrganizationTenancies`	none
LEITURA, USO	INSPECT + ORGANIZATIONS_TENANCY_READ	INSPECT + `GetOrganizationTenancy`	none
MANAGE	USE + ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE	USE + `CreateChildTenancy` `DeleteOrganizationTenancy` `RestoreOrganizationTenancy`	none

organizations-order


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	-	-	none
READ	-	-	none
USE	-	-	none
MANAGE	ORGANIZATIONS_ORDER_ACTIVATE	`ActivateOrder`	none

organizations-subscription


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_SUBSCRIPTION_INSPECT	`ListSubscriptions`	none
READ	INSPECIONAR + ORGANIZATIONS_SUBSCRIPTION_READ	INSPECT + `GetSubscription`	none
USAR, GERENCIAR	USE + ORGANIZATIONS_SUBSCRIPTION_ASSIGN ORGANIZATIONS_SUBSCRIPTION_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE	USE + `AssignTenancySubscription` `AssignDefaultSubscription` `CreateSubscriptionMapping`	none

organizations-subscription-mapping


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT	`ListSubscriptionMappings`	none
READ	INSPECIONAR + ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ	INSPECT + `GetSubscriptionMapping`	none
USAR, GERENCIAR	USE + ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE	USE + `DeleteSubscriptionMapping` `CreateSubscriptionMapping`	none

organizations-assigned-subscription


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT	`ListAssignedSubscriptions`	none
READ	INSPECIONAR + ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ	INSPECT + `GetAssignedSubscription`	none
USE	-	-	none
MANAGE	-	-	none

organizations-subscription-region


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT	`ListAvailableRegions`	none
READ	-	-	none
USE	-	-	none
MANAGE	-	-	none

organizations-governance-rules


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	GOVERNANCE_RULE_INSPECT	`ListGovernanceRules` `ListOrganizations` `ListOrganizationTenancies`	none
READ	INSPECIONAR + GOVERNANCE_RULE_READ	INSPECT + `GetGovernanceRule` `ListTenancyAttachments` `GetTenancyAttachment`	none
USE	LEIA + GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY	READ + `GetGovernanceRule` `DeleteInclusionCriterion` `RetryGovernanceRule` `RetryTenancyAttachment`	none
MANAGE	USE + GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE	USE + `CreateGovernanceRule` `DeleteGovernanceRule`	none

organizations-enforced-governance-rules


Verbos	Permissões	APIs Totalmente Abrangidas	APIs Parcialmente Abrangidas
INSPECT	GOVERNANCE_RULE_ENFORCED_INSPECT	`ListEnforcedGovernanceRules` `ListOrganizations` `ListOrganizationTenancies`	none
READ	INSPECT + GOVERNANCE_RULE_ENFORCED_READ	INSPECT + `GetEnforcedGovernanceRule`	none
USE	-	-	none
MANAGE	-	-	none

Permissões Exigidas para Cada Operação de API

A tabela a seguir lista as operações de API em uma ordem lógica, agrupadas por tipo de recurso. Para obter informações sobre permissões, consulte Permissões.


Operação da API	Permissões Necessárias para Usar a Operação
GetLink	ORGANIZATIONS_LINK_READ
ListLinks	ORGANIZATIONS_LINK_INSPECT
DeleteLink	ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_LINK_PARENT_DELETE
GetRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_READ
AcceptRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
IgnoreRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
UpdateRecipientInvitation	ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
ListRecipientInvitations	ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT
CreateSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_CREATE
GetSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_READ
ListSenderInvitations	ORGANIZATIONS_SENDER_INVITATION_INSPECT
CancelSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_UPDATE
UpdateSenderInvitation	ORGANIZATIONS_SENDER_INVITATION_UPDATE
UpdateSenderInvitation	ORGANIZATIONS_DOMAIN_READ
ListDomains	ORGANIZATIONS_DOMAIN_INSPECT
CreateDomain	ORGANIZATIONS_DOMAIN_CREATE
UpdateDomain	ORGANIZATIONS_DOMAIN_UPDATE
DeleteDomain	ORGANIZATIONS_DOMAIN_DELETE
GetDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_READ
ListDomainGovernances	ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT
CreateDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE
UpdateDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE
DeleteDomainGovernance	ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE
GetOrganization	ORGANIZATIONS_ENTITY_READ
ListOrganizations	ORGANIZATIONS_ENTITY_INSPECT
UpdateOrganization	ORGANIZATIONS_ENTITY_UPDATE
GetOrganizationTenancy	ORGANIZATIONS_TENANCY_READ
ListOrganizationTenancies	ORGANIZATIONS_TENANCY_INSPECT
approForTransfer/unapproveForTransfer	ORGANIZATIONS_TENANCY_TRANSFER_APPROVAL_UPDATE
CreateChildTenancy	ORGANIZATIONS_TENANCY_CREATE Observação: Quando o atributo subscriptionId é especificado para uma tenancy filha criada, ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE também é obrigatório. Para obter mais informações, consulte CreateChildTenancyDetails Reference.
DeleteOrganizationTenancy	ORGANIZATIONS_TENANCY_DELETE
RestoreOrganizationTenancy	ORGANIZATIONS_TENANCY_RESTORE
ActivateOrder	ORGANIZATIONS_ORDER_ACTIVATE
ListSubscriptions	ORGANIZATIONS_SUBSCRIPTION_INSPECT
ListSubscriptionMappings	ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT
GetSubscription	ORGANIZATIONS_SUBSCRIPTION_READ
GetSubscriptionMapping	ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ
AssignTenancySubscription	ORGANIZATIONS_SUBSCRIPTION_ASSIGN
AssignDefaultSubscription	ORGANIZATIONS_SUBSCRIPTION_ASSIGN
DeleteSubscriptionMapping	ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE
CreateSubscriptionMapping	ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE
ListAssignedSubscriptions	ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT
GetAssignedSubscription	ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ
ListAvailableRegions	ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT
ListGovernanceRules	GOVERNANCE_RULE_INSPECT
GetGovernanceRule	GOVERNANCE_RULE_READ
CreateGovernanceRule	GOVERNANCE_RULE_CREATE
UpdateGovernanceRule	GOVERNANCE_RULE_UPDATE
DeleteGovernanceRule	GOVERNANCE_RULE_DELETE
RetryGovernanceRule	GOVERNANCE_RULE_RETRY
CreateInclusionCriterion	GOVERNANCE_RULE_UPDATE
DeleteInclusionCriterion	GOVERNANCE_RULE_UPDATE
ListTenancyAttachments	GOVERNANCE_RULE_READ
GetTenancyAttachment	GOVERNANCE_RULE_READ
RetryTenancyAttachment	GOVERNANCE_RULE_RETRY
ListEnforcedGovernanceRules	GOVERNANCE_RULE_ENFORCED_INSPECT
GetEnforcedGovernanceRule	GOVERNANCE_RULE_ENFORCED_READ

Documentação do Oracle Cloud Infrastructure

Detalhes do Gerenciamento da Organização

Tipos de Recursos

Variáveis Suportadas

Detalhes para Combinações de Verbo + Tipo de Recurso

Permissões Exigidas para Cada Operação de API