Exemplo de Instruções de Política para Gerenciar Instâncias do Analytics Cloud

Aqui estão instruções de política típicas que você pode usar para autorizar o acesso às instâncias do Oracle Analytics Cloud.

Ao criar uma política para sua tenancy, você concede aos usuários acesso a todos os compartimentos por meio da herança da política. Como alternativa, você pode restringir o acesso a instâncias ou compartimentos individuais do Oracle Analytics Cloud.

Permitir que os usuários do grupo Administradores gerenciem totalmente qualquer instância do Analytics

# Full manage permissions (Create, View, Update, Delete, Scale, Start, Stop...)
allow group Administrators to manage analytics-instances in tenancy
allow group Administrators to manage analytics-instance-work-requests in tenancy

Permitir que os usuários do grupo analytics_power_users leiam, iniciem e interrompam todas as instâncias do Analytics no compartimento MyOACProduction

# Use permissions (List, Get, Start, Stop)
allow group analytics_power_users to use analytics-instances in compartment MyOACProduction

Permitir que os usuários do grupo analytics_test_users criem e gerenciem uma única instância do Analytics (myanalytics_1) no compartimento MyOACTest

# Full manage permissions on a single instance
allow group analytics_test_users to manage analytics-instances in compartment MyOACTest where target.analytics-instances.name = 'myanalytics_1'

Permitir que os usuários do grupo do analytics_power_users movam instâncias do Analytics entre dois compartimentos nomeados

# Custom permissions to move instances between two specific compartments.
allow group analytics_power_users to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_MOVE} in tenancy
where all {
        target.analytics-instance.source-compartment.id =
        'ocid1.compartment.oc1..aaa100',
        target.analytics-instance.destination-compartment.id =
        'ocid1.compartment.oc1..aaa200'
  }

Permitir que os usuários do grupo analytics_users inspecionem qualquer instância do Analytics e suas solicitações de trabalho associadas

# Inspect permissions (list analytics instances and work requests) using metaverbs.
allow group analytics_users to inspect analytics-instances in tenancy
allow group analytics_users to inspect analytics-instance-work-requests in tenancy

# Inspect permissions (list analytics instances and work requests) using permission names.
allow group analytics_users to {ANALYTICS_INSTANCE_INSPECT} in tenancy
allow group analytics_users to {ANALYTICS_INSTANCE_WR_INSPECT} in tenancy

Permitir que os usuários no grupo analytics_users2 leiam detalhes sobre qualquer instância do Analytics e suas solicitações de trabalho associadas

# Read permissions (read complete analytics instance and work request metadata) using metaverbs.
allow group analytics_users2 to read analytics-instances in tenancy
allow group analytics_users2 to read analytics-instance-work-requests in tenancy

# Read permissions (read complete analytics instance and work request metadata) using permission names.
allow group analytics_users2 to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ} in tenancy
allow group analytics_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in tenancy

Permitir que os usuários do grupo analytics_users2 exibam métricas de desempenho para qualquer instância do serviço Analytics em um compartimento nomeado

# View performance metrics permissions
allow group analytics_users2 to read metrics in compartment myOACProduction

Permitir que os usuários do grupo analytics_power_users2 leiam, iniciem e interrompam todas as instâncias do Analytics e leiam suas solicitações de trabalho associadas

# Use permissions (read, stop, start on analytics instance, read on work request) using metaverbs.
allow group analytics_power_users2 to use analytics-instances in tenancy
allow group analytics_power_users2 to read analytics-instance-work-requests in tenancy

# Use permissions (read, stop, start on analytics instance, read on work request) using permission names.

allow group
        analytics_power_users2 to {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE} in
        tenancy
allow group
        analytics_power_users2 to {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ} in
        tenancy

Permitir que os usuários do grupo Administrators2 gerenciem qualquer instância do Analytics e suas solicitações de trabalho associadas

# Full manage permissions (use, scale, delete on analytics instance, read and cancel on work request) using metaverbs.
allow group Administrators2 to manage analytics-instances in tenancy
allow group Administrators2 to manage analytics-instance-work-requests in tenancy

# Full manage permissions (use, create, scale, delete on analytics instance, read and cancel on work request) using permission names.

allow group 
        Administrators2 to
        {ANALYTICS_INSTANCE_INSPECT, ANALYTICS_INSTANCE_READ, ANALYTICS_INSTANCE_USE,
        ANALYTICS_INSTANCE_CREATE, ANALYTICS_INSTANCE_DELETE, ANALYTICS_INSTANCE_UPDATE,
        ANALYTICS_INSTANCE_MOVE, ANALYTICS_INSTANCE_MANAGE} in 
        tenancy
allow group
        Administrators2 to 
        {ANALYTICS_INSTANCE_WR_INSPECT, ANALYTICS_INSTANCE_WR_READ, ANALYTICS_INSTANCE_WR_DELETE} in
        tenancy

Documentação do Oracle Cloud Infrastructure

Exemplo de Instruções de Política para Gerenciar Instâncias do Analytics Cloud