Events and IAM Policies

Write policies for the Events service, including authorizations for non-administrator users and the Events service itself.

If you're new to policies, see Getting Started with Policies and Common Policies. For more details about how to write IAM policy for Events, see Details for the Events Service.

Allow Users to Work with Rules

These IAM policies allow users to manage or list rules.

Let Users List Rules in a Compartment

Type of access: Ability to list Events rules.

Where to create the policy: In the tenancy.

Allow group RuleReaders to read cloudevents-rules in tenancy

The preceding policy allows RuleReaders to list rules in the tenancy.

Let Admins Manage Rules in a Compartment

Type of access: Ability to manage Events rules, including creating, deleting, updating or moving rules to a different compartment.

Where to create the policy: In the tenancy.

This line gives the user inspect access to resources in compartments to select actions.

allow group <RuleAdmins> to inspect compartments in tenancy

This line gives the user access to defined tags to apply filter tags to rules.

allow group <RuleAdmins> to use tag-namespaces in tenancy

These lines give the user access to Streaming resources for actions

allow group <RuleAdmins> to inspect streams in tenancy
allow group <RuleAdmins> to use stream-push in tenancy
allow group <RuleAdmins> to use stream-pull in tenancy

These lines give the user access to Functions resources for actions.

allow group <RuleAdmins> to use virtual-network-family in tenancy
allow group <RuleAdmins> to manage function-family in tenancy

This line give the user access to Notifications topics for actions.

allow group <RuleAdmins> to use ons-topic in tenancy

This line gives the user manage access to rules for Events.

allow group <RuleAdmins> to manage cloudevents-rules in tenancy