Details for the Announcements Service
This topic covers details for writing policies to control access to the Announcements service.
Resource-Types
announcements
announcement-subscriptions
Supported Variables
Announcements supports all the general variables, plus the ones listed here. For more information about general variables supported by Oracle Cloud Infrastructure services, see General Variables for All Requests.
Variable | Variable Type | Comments |
---|---|---|
target.announcement-subscription.id
|
Entity (OCID) | Use this variable to control access to an announcement subscription based on the OCID of the subscription. (You cannot use this variable when creating a subscription, as the subscription does not exist to have an OCID yet.) |
Details for Verb + Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect
> read
> use
> manage
. For example, a group that can use a resource can also inspect and read that resource. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
For example, the read
verb for the announcements
resource-type includes the same permissions and API operations as the inspect
verb, plus the ANNOUNCEMENT_READ permission and an additional API peration, GetAnnouncement
. However, the use
verb and manage
verbs cover no extra permissions or API operations compared to read
.
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect | ANNOUNCEMENT_LIST |
ListAnnouncements
|
none |
read | INSPECT + ANNOUNCEMENT_READ |
INSPECT +
|
none |
use | no extra |
no extra |
none |
manage | no extra |
no extra |
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
ANNOUNCEMENT_SUBSCRIPTION_INSPECT |
ListAnnouncementSubscriptions
|
none |
read |
INSPECT + ANNOUNCEMENT_SUBSCRIPTION_READ |
INSPECT +
|
none |
use |
READ + ANNOUNCEMENT_SUBSCRIPTION_UPDATE |
|
none |
manage |
USE + ANNOUNCEMENT_SUBSCRIPTION_CREATE ANNOUNCEMENT_SUBSCRIPTION_DELETE ANNOUNCEMENT_SUBSCRIPTION_MOVE |
|
none |
Permissions Required for Each API Operation
The following table lists the API operations in a logical order, grouped by resource type.
API Operation | Permissions Required to Use the Operation |
---|---|
ListAnnouncements
|
ANNOUNCEMENT_LIST |
GetAnnouncement
|
ANNOUNCEMENT_READ |
ListAnnouncementSubscriptions |
ANNOUNCEMENT_SUBSCRIPTION_INSPECT |
GetAnnouncementSubscription |
ANNOUNCEMENT_SUBSCRIPTION_READ |
CreateAnnouncementSubscription |
ANNOUNCEMENT_SUBSCRIPTION_CREATE |
UpdateAnnouncementSubscription |
ANNOUNCEMENT_SUBSCRIPTION_UPDATE |
CreateFilterGroup |
ANNOUNCEMENT_SUBSCRIPTION_UPDATE |
UpdateFilterGroup |
ANNOUNCEMENT_SUBSCRIPTION_UPDATE |
DeleteFilterGroup |
ANNOUNCEMENT_SUBSCRIPTION_UPDATE |
ChangeAnnouncementSubscriptionCompartment |
ANNOUNCEMENT_SUBSCRIPTION_MOVE |
DeleteAnnouncementSubscription |
ANNOUNCEMENT_SUBSCRIPTION_DELETE |