Oracle Cloud Migrations User Policies

Oracle Cloud Migrations user policies are required for users to access the Oracle Cloud Migrations resources.

A policy syntax is as follows:

allow <subject> to <verb> <resource-type> in <location> where <conditions>

For complete details, see Policy Syntax. For more information on creating policies, see how policies work, Policy Reference, and policy details for Object Storage.

See the instructions for creating policies using the Console.

Create policies for specific users or groups to give permission for a user group to manage migration resources in a compartment. The policies can be defined for specific users or groups as indicated in the following examples.

For applying the permissions at a tenancy level, replace compartment <compartment name> with the tenancy. If you use more than one compartment, add multiple policies, one for each compartment.

Migration Policy Examples

Create policy to allow user groups to access the Oracle Cloud Migrations migration resources:

Allow group <USER-GROUP> to manage ocm-migration-family in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage orm-stacks in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to read metrics in compartment <COMPARTMENT-NAME> where target.metrics.namespace='ocb_asset'
Allow group <USER-GROUP> to {COMPARTMENT_INSPECT, COMPARTMENT_READ} in tenancy

The ocm-migration-family includes all migration entities such as migrations, plans, assets, replication schedules, replication tasks, and so on. You can create user policies specific to these entities, as follows:

Allow group <USER-GROUP> to manage ocm-migration in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocm-migration-asset in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocm-migration-plan in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocm-target-asset in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocm-replication-task in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocm-connector in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocm-replication-schedule in compartment <COMPARTMENT-NAME>

Remote Agent Appliance Policy Examples

Create policy to allow user groups to access remote agent appliance:

Allow group <USER-GROUP> to manage ocb-inventory in tenancy
Allow group <USER-GROUP> to manage ocb-inventory-asset in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocb-agent in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to manage ocb-environments in compartment <COMPARTMENT-NAME>
Allow group <USER-GROUP> to {OCB_INVENTORY_ASSET_READ} in tenancy