Anomaly Detection Policies
Learn about the resource policies including API permissions.
To control who has access to Anomaly Detection, and the type of access for each group of users, you must create policies. By default, only the users in the Administrators group have access to all Anomaly Detection resources.
For everyone else who's using the service, you must create policies that assign them proper rights to Anomaly Detection resources. For a complete list of OCI policies, see the Policy Reference.
Resource Types
Anomaly Detection offers both aggregate and individual
resource-types for writing policies. You can use aggregate resource types to write
fewer policies. For example, instead of allowing a group to manage all individual
resource types, you can have a policy that allows the group to manage the aggregate
resource type, ai-service-anomaly-detection-family.
- Individual Resource Types
-
ai-service-anomaly-detection-model ai-service-anomaly-detection-project ai-service-anomaly-detection-data-asset ai-service-anomaly-detection-private-endpoint ai-service-anomaly-detection-job - Aggregate Resource Type
-
ai-service-anomaly-detection-family
Required IAM Policy
To work with Anomaly Detection, an administrator must grant you access in an IAM policy.
If you get a message that you don’t have permission or are unauthorized, verify with an administrator what type of access you have.
Create a policy with one of the following policies:
allow <subject> to manage ai-service-anomaly-detection-family in tenancy, where subject can be:
group <group-name> | group id <group-ocid> | dynamic-group <dynamic-group-name> | dynamic-group id <dynamic-group-ocid> | any-userExample Policies
Allow users to manage all Anomaly Detection resources using the aggregate resource:
allow any-user to manage ai-service-anomaly-detection-family in tenancyThese policies control user access by theAnomaly Detection resources:
allow any-user to manage ai-service-anomaly-detection-project in tenancy
allow any-user to manage ai-service-anomaly-detection-model in tenancy
allow any-user to manage ai-service-anomaly-detection-data-asset in tenancy
allow any-user to manage ai-service-anomaly-detection-private-endpoint in tenancy
allow any-user to manage ai-service-anomaly-detection-job in tenancyResource Types and Permissions
| Resource | Permissions |
|---|---|
ai-service-anomaly-detection-model |
AI_SERVICE_ANOMALY_DETECTION_MODEL_INSPECT |
AI_SERVICE_ANOMALY_DETECTION_MODEL_CREATE |
|
AI_SERVICE_ANOMALY_DETECTION_MODEL_READ |
|
AI_SERVICE_ANOMALY_DETECTION_MODEL_UPDATE |
|
AI_SERVICE_ANOMALY_DETECTION_MODEL_DELETE |
|
AI_SERVICE_ANOMALY_DETECTION_MODEL_MOVE |
|
AI_SERVICE_ANOMALY_DETECTION_MODEL_INFER |
|
ai-service-anomaly-detection-project |
AI_SERVICE_ANOMALY_DETECTION_PROJECT_INSPECT |
AI_SERVICE_ANOMALY_DETECTION_PROJECT_CREATE |
|
AI_SERVICE_ANOMALY_DETECTION_PROJECT_READ |
|
AI_SERVICE_ANOMALY_DETECTION_PROJECT_UPDATE |
|
AI_SERVICE_ANOMALY_DETECTION_PROJECT_DELETE |
|
AI_SERVICE_ANOMALY_DETECTION_PROJECT_MOVE |
|
ai-service-anomaly-detection-data-asset |
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_INSPECT |
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_CREATE |
|
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_READ |
|
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_UPDATE |
|
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_DELETE |
|
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_MOVE |
|
ai-service-anomaly-detection-private-endpoint |
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_INSPECT |
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_CREATE |
|
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_READ |
|
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_UPDATE |
|
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_DELETE |
|
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_MOVE |
|
ai-service-anomaly-detection-job |
AI_SERVICE_ANOMALY_DETECTION_JOB_INSPECT |
AI_SERVICE_ANOMALY_DETECTION_JOB_CREATE |
|
AI_SERVICE_ANOMALY_DETECTION_JOB_READ |
|
AI_SERVICE_ANOMALY_DETECTION_JOB_UPDATE |
|
AI_SERVICE_ANOMALY_DETECTION_JOB_CANCEL |
|
AI_SERVICE_ANOMALY_DETECTION_JOB_MOVE |
Permissions Required for Each API Operation
You can use the individual resource types with API calls to interact with the service.
The following table lists the API operations for the Anomaly Detection service in a logical order, grouped by resource type, and the permissions required for resource types:
| API Operation | Permission |
|---|---|
AI_SERVICE_ANOMALY_DETECTION_PROJECT_CREATE |
|
| GetProject | AI_SERVICE_ANOMALY_DETECTION_PROJECT_READ |
| UpdateProject | AI_SERVICE_ANOMALY_DETECTION_PROJECT_UPDATE |
| DeleteProject | AI_SERVICE_ANOMALY_DETECTION_PROJECT_DELETE |
| ChangeProjectCompartment | AI_SERVICE_ANOMALY_DETECTION_PROJECT_MOVE |
| CreateDataAsset | AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_CREATE |
| ListDataAssets | AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_LIST |
| GetDataAsset | AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_READ |
| UpdateDataAsset | AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_UPDATE |
| DeleteDataAsset | AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_DELETE |
| ChangeDataAssetCompartment | AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_MOVE |
| CreateModel | AI_SERVICE__ANOMALY_DETECTION_MODEL_CREATE |
| ListModels | AI_SERVICE_ANOMALY_DETECTION_MODEL_INSPECT |
| GetModel | AI_SERVICE__ANOMALY_DETECTION_MODEL_READ |
| UpdateModel | AI_SERVICE__ANOMALY_DETECTION_MODEL_UPDATE |
| DeleteModel | AI_SERVICE__ANOMALY_DETECTION_MODEL_DELETE |
| ChangeModelCompartment | AI_SERVICE__ANOMALY_DETECTION_MODEL_MOVE |
| DetectAnomalies | AI_SERVICE_ANOMALY_DETECTION_MODEL_INFER |
| ChangeAiPrivateEndpointCompartment | AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_MOVE |
| CreateAiPrivateEndpoint | AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_CREATE |
| DeleteAiPrivateEndpoint | AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_DELETE |
| GetAiPrivateEndpoint | AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_READ |
| UpdateAiPrivateEndpoint | AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_UPDATE |
| ListAiPrivateEndpoints | AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_INSPECT |
| ListDetectAnomalyJobs | AI_SERVICE_ANOMALY_DETECTION_JOB_INSPECT |
| CreateDetectAnomalyJob | AI_SERVICE_ANOMALY_DETECTION_JOB_CREATE |
| GetDetectAnomalyJob | AI_SERVICE_ANOMALY_DETECTION_JOB_READ |
| UpdateDetectAnomalyJob | AI_SERVICE_ANOMALY_DETECTION_JOB_UPDATE |
| DeleteDetectAnomalyJob | AI_SERVICE_ANOMALY_DETECTION_JOB_CANCEL |
| ChangeDetectAnomalyJobCompartment | AI_SERVICE_ANOMALY_DETECTION_JOB_MOVE |