Oracle Cloud Infrastructure Documentation
Try Free Tier

Events and IAM Policies

Write policies for the Events service, including authorizations for non-administrator users and the Events service itself.

If you're new to policies, see Getting Started with Policies and Common Policies. For more details about how to write IAM policy for Events, see Details for the Events Service.

Allow Users to Work with Rules

These IAM policies allow users to manage or list rules.

Let Users List Rules in a Compartment

Type of access: Ability to list Events rules.

Where to create the policy: In the tenancy.

Allow group RuleReaders to read cloudevents-rules in tenancy

The preceding policy allows RuleReaders to list rules in the tenancy.

Let Admins Manage Rules in a Compartment

Type of access: Ability to manage Events rules, including creating, deleting, updating or moving rules to a different compartment.

Where to create the policy: In the tenancy.

This line gives the user inspect access to resources in compartments to select actions. 

allow group <RuleAdmins> to inspect compartments in tenancy

This line gives the user access to defined tags to apply filter tags to rules.

allow group <RuleAdmins> to use tag-namespaces in tenancy

These lines give the user access to Streaming resources for actions

allow group <RuleAdmins> to inspect streams in tenancy
allow group <RuleAdmins> to use stream-push in tenancy
allow group <RuleAdmins> to use stream-pull in tenancy

These lines give the user access to Functions resources for actions. 

allow group <RuleAdmins> to use virtual-network-family in tenancy
allow group <RuleAdmins> to manage function-family in tenancy

This line give the user access to Notifications topics for actions. 

allow group <RuleAdmins> to use ons-topic in tenancy

This line gives the user manage access to rules for Events. 

allow group <RuleAdmins> to manage cloudevents-rules in tenancy

Allow Cross-tenancy Deliveries

Cross-tenancy delivery lets you to trigger an action in a different tenancy from the Events rules. Adjust the permissions on the action use case as needed. Use the following policies to enable cross-tenancy delivery.

Type of access: Ability to trigger actions that are in a different tenancy from the Events rules.

Where to create the policy: In the rule tenancy. 
define tenancy action_tenancy as <action_tenancy_ocid>
endorse any-user to {ONS_TOPIC_PUBLISH, FN_INVOCATION, STREAM_READ, STREAM_PRODUCE} in tenancy stream_tenancy where request.principal.type = 'eventrule'
Where to create the policy: In the action tenancy. 
define tenancy rule_tenancy as <rule_tenancy_ocid>
admit any-user of tenancy rule_tenancy to {ONS_TOPIC_PUBLISH, FN_INVOCATION, STREAM_READ, STREAM_PRODUCE} in tenancy where request.principal.type = 'eventrule'

For more details on cross-tenancy policies, see Cross-tenancy Policies.

Was this article helpful?