About Document Understanding Policies
Learn about Document Understanding's resource policies including API permissions.
To control who has access to Document Understanding and the type of access for each group of users, you must create policies. By default, only the users in the Administrators group have access to all Document Understanding resources. For everyone else who's using the service, you must create policies that assign them proper rights to Document Understanding resources. For a complete list of Oracle Cloud Infrastructure policies, see the policy reference for IAM with Identity Domains or IAM without Identity Domains.
Create all the policies at the root compartment level, that is, at the tenancy level. In your tenancy Console, click Identity & Security. Click Policies, and select the root compartment.
Policy to Grant Users Access to Document Understanding APIs
The policies at the root compartment level needed for Document Understanding users.
Apply a policy to grant MANAGE permission
allow group <group_in_tenancy> to manage ai-service-document-family in tenancy
Policy to Access Input Image Files in Object Storage
The policies required to access image files in Object Storage from Document Understanding in the same tenancy or cross-tenancy.
Same-tenancy Object Storage access
allow group <group_in_tenancy> to manage object-family in tenancy
Cross-tenancy Object Storage access
define tenancy <tenancy_B> as <tenancy_B_ocid>
endorse group <group_in_tenancy_A> to read object in tenancy <tenancy_B>
define tenancy <tenancy_A> as <tenancy_A_ocid>
define group <group_in_tenancy_A> as <group_in_tenancy_A_ocid>
admit group <group_in_tenancy_A> of tenancy <tenancy_A> to read object in tenancy
Policy to Store Results in Object Storage
The policy required to store the results in Object Storage from Document Understanding.
Add the following policy in your tenancy at the root compartment level
allow group <group_in_tenancy> to manage object-family in compartment <output_bucket_located_object_storage_compartment>