Details for License Manager
This topic covers details for writing policies to control access to the License Manager.
Resource-Types
Individual Resource-Types
licensemanager-recordlicensemanager-settings
Supported Variables
License Manager supports all the general variables (see General Variables for All Requests), plus additional ones listed here:
Required variables (supplied by service for every request):
| Variable | Variable Type | Comments |
|---|---|---|
target.resource.kind |
String | The resource kind name of the primary resource for the request. |
Automatic Variables (supplied by the SDK for every request):
| Variable | Variable Type | Comments |
|---|---|---|
target.tenant.id |
Entity (OCID) | The OCID of the target tenant ID. |
Details for Verb + Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. For example, a group that can use a resource can also inspect and read that resource. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
licensemanager-settings
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
| INSPECT | LICENSE_MANAGER_SETTINGS_INSPECT | ListSettings |
none |
| READ |
INSPECT + LICENSE_MANAGER_SETTINGS_READ |
INSPECT + |
none |
| USE |
READ + LICENSE_MANAGER_SETTINGS_UPDATE |
READ + |
none |
| MANAGE |
USE + LICENSE_MANAGER_SETTINGS_CREATE LICENSE_MANAGER_SETTINGS_DELETE |
USE +
|
none |
licensemanager-record
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
| INSPECT | LICENSE_MANAGER_RECORD_INSPECT | ListLicenses |
none |
| READ |
INSPECT + LICENSE_MANAGER_RECORD_READ |
INSPECT + |
none |
| USE |
READ + LICENSE_MANAGER_RECORD_UPDATE |
READ + |
none |
| MANAGE |
USE + LICENSE_MANAGER_RECORD_CREATE LICENSE_MANAGER_RECORD_DELETE LICENSE_MANAGER_RECORD_MOVE |
USE +
|
none |
Permissions Required for Each API Operation
The following table lists the API operations in a logical order, grouped by resource type. For information about permissions, see Permissions.
| API Operation | Permissions Required to Use the Operation |
|---|---|
| CreateLicense | LICENSE_MANAGER_RECORD_CREATE |
| ListLicenses | LICENSE_MANAGER_RECORD_INSPECT |
| GetLicense | LICENSE_MANAGER_RECORD_READ |
| UpdateLicense | LICENSE_MANAGER_RECORD_UPDATE |
| MoveLicense | LICENSE_MANAGER_RECORD_MOVE |
| DeleteLicense | LICENSE_MANAGER_RECORD_DELETE |
| CreateSettings | LICENSE_MANAGER_SETTINGS_CREATE |
| UpdateSettings | LICENSE_MANAGER_SETTINGS_UPDATE |
| ListSettings | LICENSE_MANAGER_SETTINGS_INSPECT |
| GetSettings | LICENSE_MANAGER_SETTINGS_READ |
| DeleteSettings | LICENSE_MANAGER_SETTINGS_DELETE |