Applications Environment Management IAM Policy Reference

Set up advanced access policies.

Applications environment management uses Identity and Access Management (IAM) as its base service for authentication and authorization.

IAM is a policy-based identity service. The tenancy administrator for your organization needs to set up compartments, groups, and policies that control which users can access which resources and how. For an overview of this process, see Learn Best Practices for Setting Up Your Tenancy.

You create policies using the Oracle Cloud Infrastructure Console. For detailed information, see Managing Policies.

This topic contains details about the resource types and permissions used in applications environment management. For a quick start policy, see Managing User Access to Applications Environments.

Resource Types

Resource types are the resources that a policy grants access to. The resource types can be an individual resource, such as environment, or a resource family that grants access to multiple, related resources.

Application or Application Suite Individual Resource-Types Aggregate Resource Type
Commerce Cloud

commercecloud-environment

commercecloud-compliancedocs

commercecloud-environment-family

EPM Planning

epm-planning-environment

epm-planning-compliancedocs

epm-planning-environment-family
Financial Services Accounting Standards for Banking Cloud Service

FSGBUASCS-environment

FSGBUASCS-compliancedocs

FSGBUASCS-environment-family

Financial Services Analytical Applications Cloud Service

FSGBUERF-environment

FSGBUERF-compliancedocs

FSGBUERF-environment-family

Financial Services Climate Change Analytics Cloud Service

FSGBUCCA-environment

FSGBUCCA-compliancedocs

FSGBUCCA-environment-family

Financial Services Crime and Compliance Management Anti Money Laundering Cloud Service FSGBUFCCMAMLCS-environment

FSGBUFCCMAMLCS-compliancedocs

FSGBUCCMAMLCS-environment-family

Financial Services Insurance Cloud FSGBUINS-environment

FSGBUINS-compliancedocs

FSGBUINS-environment-family
Financial Services Profitability and Balance Sheet Management Service

FSGBUPBSM-environment

FSGBUPBSM-compliancedocs

FSGBUPBSM-environment-family

Maxymiser Testing and Optimization

maxymiser-environment

maxymiser-compliancedocs

maxymiser-environment-family

Student Financial Planning Cloud Service

OSFPCS-environment

OSFPCS-compliancedocs

OSFPCS-environment-family
Transportation and Global Trade Management Cloud

OTMGTM-environment

OTMGTM-compliancedocs

OTMGTM-environment-family

Utilities Work and Asset Cloud Service

UGBUWACS-environment

UGBUWACS-compliancedocs

UGBUWACS-environment-family
Warehouse Management Cloud Service

LOOGFIRE-environment

LOGFIRE-compliancedocs

LOGFIRE-environment-family

The <application>-environment-family resource-type is an umbrella for the individual resource types. Use the aggregate resource-type to grant permissions to all the individual resource-types in a single policy statement.

See the table in Details for Verb + Resource-Type Combinations for a detailed breakout of the API operations covered by each verb, for each individual resource-type.

Supported Variables

Applications environment management supports all the general variables, plus the ones listed here. For more information about general variables supported by Oracle Cloud Infrastructure services, see General Variables for All Requests.

Variable Variable Type Comments
target.environment.id Entity (OCID) Use this variable to control whether to allow operations against a specific environment in response to a request to read, update, delete, or move an environment.

Details for Verb + Resource-Type Combinations

The level of access is cumulative as you go from inspect to read to use to manage.

A plus sign (+) in a table cell indicates incremental access when compared to the preceding cell, whereas no extra indicates no incremental access.

For example, the read verb for the <Application>-environment resource-type includes the same permissions and API operations as the inspect verb, but also adds the GetEnvironment API operation. Likewise, the manage verb for the <Application>-environment resource-type allows even more permissions when compared to the use permission.

Commerce Details

commercecloud-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

COMMERCECLOUD_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

COMMERCECLOUD_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

COMMERCECLOUD_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

COMMERCECLOUD_ENVIRONMENT_CREATE

COMMERCECLOUD_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

commercecloud-compliancedoc
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

COMMERCECLOUD_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

COMMERCECLOUD_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

EPM Planning Details

epm-planning-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

EPM_PLANNING_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

EPM_PLANNING_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

EPM_PLANNING_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

EPM_PLANNING_ENVIRONMENT_CREATE

EPM_PLANNING_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

epm-planning-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

EPM_PLANNING_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

EPM_PLANNING_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Financial Services Accounting Standards for Banking Cloud Service Details

FSGBUASCS-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUASCS_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

FSGBUASCS_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

FSGBUASCS_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

FSGBUASCS_ENVIRONMENT_CREATE

FSGBUASCS_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

FSGBUASCS-compliancedoc
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUASCS_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

FSGBUASCS_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Financial Services Analytical Applications Cloud Service Details

FSGBUERF-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUERF_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

FSGBUERF_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

FSGBUERF_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

FSGBUERF_ENVIRONMENT_CREATE

FSGBUERF_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

FSGBUERF-compliancedoc
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUERF_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

FSGBUERF_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Financial Services Climate Change Analytics Cloud Service Details

FSGBUCCA-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUCCA_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

FSGBUCCA_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

FSGBUCCA_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

FSGBUCCA_ENVIRONMENT_CREATE

FSGBUCCA_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

FSGBUCCA-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUCCA_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

FSGBUCCA_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Financial Services Crime and Compliance Management Anti Money Laundering Cloud Service Details

FSGBUFCCMAMLCS-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUFCCMAMLCS_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

FSGBUFCCMAMLCS_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

FSGBUFCCMAMLCS_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

FSGBUFCCMAMLCS_ENVIRONMENT_CREATE

FSGBUFCCMAMLCS_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

FSGBUFCCMAMLCS-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUFCCMAMLCS_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

FSGBUFCCMAMLCS_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Financial Services Insurance Cloud Services Details

FSGBUINS-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUINS_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

FSGBUINS_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

FSGBUINS_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

FSGBUINS_ENVIRONMENT_CREATE

FSGBUINS_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

FSGBUINS-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUINS_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

FSGBUINS_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Financial Services Profitability and Balance Sheet Management Cloud Service Details

FSGBUPBSM-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUPBSM_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

FSGBUPBSM_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

FSGBUPBSM_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

FSGBUPBSM_ENVIRONMENT_CREATE

FSGBUPBSM_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

FSGBUPBSM-compliancedoc
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

FSGBUPBSM_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

FSGBUPBSM_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Maxymiser Details

maxymiser-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

MAXYMISER_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

MAXYMISER_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

MAXYMISER_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

MAXYMISER_ENVIRONMENT_CREATE

MAXYMISER_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

maxymiser-compliancedoc
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

MAXYMISER_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

MAXYMISER_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Student Financial Planning Cloud Service Details

OSFPCS-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

OSFPCS_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

OSFPCS_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

OSFPCS_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

OSFPCS_ENVIRONMENT_CREATE

OSFPCS_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

OSFPCS-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

OSFPCS_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

OSFPCS_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Transportation and Global Trade Management Cloud Details

OTMGTM-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

OTMGTM_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

OTMGTM_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

OTMGTM_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

OTMGTM_ENVIRONMENT_CREATE

OTMGTM_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

OTMGTM-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

OTMGTM_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

OTMGTM_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Utilities Work and Asset Cloud Service Details

UGBUWACS-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

UGBUWACS_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

UGBUWACS_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

UGBUWACS_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

UGBUWACS_ENVIRONMENT_CREATE

UGBUWACS_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

UGBUWACS-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

UGBUWACS_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

UGBUWACS_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none

Warehouse Management Cloud Service Details

LOGFIRE-environment
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

LOGFIRE_ENVIRONMENT_INSPECT

ListEnvironments

none

read

INSPECT +

LOGFIRE_ENVIRONMENT_READ

INSPECT +

GetEnvironment

none

use

READ +

LOGFIRE_ENVIRONMENT_UPDATE

READ +

UpdateEnvironment

none

manage

USE +

LOGFIRE_ENVIRONMENT_CREATE

LOGFIRE_ENVIRONMENT_DELETE

USE +

CreateEnvironment

DeleteEnvironment

none

LOGFIRE-compliancedocs
Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

LOGFIRE_COMPLIANCEDOC_INSPECT

ListComplianceDocuments

none

read

INSPECT +

LOGFIRE_COMPLIANCEDOC_READ

INSPECT +

GetComplianceDocumentContent

none