These IAM policies allow users to manage or list rules.
Let Users List Rules in a Compartment 🔗
Type of access: Ability to list Events rules.
Where to create the policy: In the tenancy.
Copy
Allow group RuleReaders to read cloudevents-rules in tenancy
The preceding policy allows RuleReaders to list rules in the tenancy.
Let Admins Manage Rules in a Compartment 🔗
Type of access: Ability to manage Events rules, including creating, deleting, updating or moving rules to a different compartment.
Where to create the policy: In the tenancy.
This line gives the user inspect access to resources in compartments to select actions.
Copy
allow group <RuleAdmins> to inspect compartments in tenancy
This line gives the user access to defined tags to apply filter tags to rules.
Copy
allow group <RuleAdmins> to use tag-namespaces in tenancy
These lines give the user access to Streaming resources for actions
Copy
allow group <RuleAdmins> to inspect streams in tenancy
allow group <RuleAdmins> to use stream-push in tenancy
allow group <RuleAdmins> to use stream-pull in tenancy
These lines give the user access to Functions resources for actions.
Copy
allow group <RuleAdmins> to use virtual-network-family in tenancy
allow group <RuleAdmins> to manage function-family in tenancy
This line give the user access to Notifications topics for actions.
Copy
allow group <RuleAdmins> to use ons-topic in tenancy
This line gives the user manage access to rules for Events.
Copy
allow group <RuleAdmins> to manage cloudevents-rules in tenancy
Allow Cross-tenancy Deliveries 🔗
Cross-tenancy delivery lets you to trigger an action in a different tenancy from the Events rules. Adjust the permissions on the action use case as needed. Use the following policies to enable cross-tenancy delivery.
Type of access: Ability to trigger actions that are in a different tenancy from the Events rules.
Where to create the policy: In the rule tenancy.
define tenancy action_tenancy as <action_tenancy_ocid>
endorse any-user to {ONS_TOPIC_PUBLISH, FN_INVOCATION, STREAM_READ, STREAM_PRODUCE} in tenancy stream_tenancy where request.principal.type = 'eventrule'
Where to create the policy: In the action tenancy.
define tenancy rule_tenancy as <rule_tenancy_ocid>
admit any-user of tenancy rule_tenancy to {ONS_TOPIC_PUBLISH, FN_INVOCATION, STREAM_READ, STREAM_PRODUCE} in tenancy where request.principal.type = 'eventrule'