Details for License Manager
This topic covers details for writing policies to control access to the License Manager.
Resource-Types
Individual Resource-Types
licensemanager-record
licensemanager-settings
Supported Variables
License Manager supports all the general variables (see General Variables for All Requests), plus additional ones listed here:
Required variables (supplied by service for every request):
Variable | Variable Type | Comments |
---|---|---|
target.resource.kind |
String | The resource kind name of the primary resource for the request. |
Automatic Variables (supplied by the SDK for every request):
Variable | Variable Type | Comments |
---|---|---|
target.tenant.id |
Entity (OCID) | The OCID of the target tenant ID. |
Details for Verb + Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect
> read
> use
> manage
. For example, a group that can use a resource can also inspect and read that resource. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
licensemanager-settings
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
INSPECT | LICENSE_MANAGER_SETTINGS_INSPECT | ListSettings |
none |
READ |
INSPECT + LICENSE_MANAGER_SETTINGS_READ |
INSPECT + |
none |
USE |
READ + LICENSE_MANAGER_SETTINGS_UPDATE |
READ + |
none |
MANAGE |
USE + LICENSE_MANAGER_SETTINGS_CREATE LICENSE_MANAGER_SETTINGS_DELETE |
USE +
|
none |
licensemanager-record
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
INSPECT | LICENSE_MANAGER_RECORD_INSPECT | ListLicenses |
none |
READ |
INSPECT + LICENSE_MANAGER_RECORD_READ |
INSPECT + |
none |
USE |
READ + LICENSE_MANAGER_RECORD_UPDATE |
READ + |
none |
MANAGE |
USE + LICENSE_MANAGER_RECORD_CREATE LICENSE_MANAGER_RECORD_DELETE LICENSE_MANAGER_RECORD_MOVE |
USE +
|
none |
Permissions Required for Each API Operation
The following table lists the API operations in a logical order, grouped by resource type. For information about permissions, see Permissions.
API Operation | Permissions Required to Use the Operation |
---|---|
CreateLicense | LICENSE_MANAGER_RECORD_CREATE |
ListLicenses | LICENSE_MANAGER_RECORD_INSPECT |
GetLicense | LICENSE_MANAGER_RECORD_READ |
UpdateLicense | LICENSE_MANAGER_RECORD_UPDATE |
MoveLicense | LICENSE_MANAGER_RECORD_MOVE |
DeleteLicense | LICENSE_MANAGER_RECORD_DELETE |
CreateSettings | LICENSE_MANAGER_SETTINGS_CREATE |
UpdateSettings | LICENSE_MANAGER_SETTINGS_UPDATE |
ListSettings | LICENSE_MANAGER_SETTINGS_INSPECT |
GetSettings | LICENSE_MANAGER_SETTINGS_READ |
DeleteSettings | LICENSE_MANAGER_SETTINGS_DELETE |