Fusion Applications Environment Management
IAM Policy Reference
Get operation and permission details to understand how to grant access grant in
policies.
Fusion Applications Environment Management environment management
uses Identity and Access
Management (IAM) for authentication and authorization.
IAM is a policy-based identity service. The tenancy administrator for your organization needs to set up compartments, groups, and policies that control which users can access which resources and how. For an overview of this process, see Learn Best Practices for Setting Up Your Tenancy.
You create policies using the Oracle Cloud Infrastructure
Console. For detailed information, see Managing Policies.
This topic contains details about the resource types and permissions used in Fusion Applications Environment Management. For a quick start
policy, see Managing Access with IAM Policies.
Resource Types
Resource types are the resources that a policy grants access to. The resource types can
be an individual resource, such as environment, or a resource family that grants access
to multiple, related resources.
Individual Resource-Types 🔗
fusion-environment
fusion-environment-group
fusion-refresh-activity
fusion-scheduled-activity
fusion-work-request
Aggregate Resource Types 🔗
fusion-family
The fusion-family resource-type includes all of the individual
resource-types listed above. The aggregate resource-type provides a simpler method
to grant a user all the permissions needed to work with all the resource-types that
comprise Fusion Applications Environment Management
environment management . For example, a policy statement that uses manage
fusion-family is equivalent to a policy with
managestatements for each of the individual
fusion- resource-types.
Details for Verb + Resource-Type Combinations 🔗
The level of access is cumulative as you go from inspect to
read to use to manage.
A plus sign (+) in a table cell indicates incremental access when
compared to the preceding cell, whereas no extra indicates no
incremental access.
For example, the read verb for the fusion-environment
resource-type includes the same permissions and API operations as the
inspect verb, but also adds the
GetFusionEnvironment API operation. Likewise, the
manage verb for the fusion-environment
resource-type allows even more permissions when compared to the use
permission. For the fusion-environment resource-type, the
manage verb includes the same permissions and API operations as the
use verb, plus the FUSION_ENVIRONMENT_CREATE,
FUSION_ENVIRONMENT_DELETE, and
FUSION_ENVIRONMENT_MOVE permissions and a number of API operations
(CreateFusionEnvironment, DeleteFusionEnvironment,
and ChangeFusionEnvironmentCompartment).