Fusion Applications Environment Management IAM Policy Reference

Get operation and permission details to understand how to grant access grant in policies.

Fusion Applications Environment Management environment management uses Identity and Access Management (IAM) for authentication and authorization.

IAM is a policy-based identity service. The tenancy administrator for your organization needs to set up compartments, groups, and policies that control which users can access which resources and how. For an overview of this process, see Learn Best Practices for Setting Up Your Tenancy.

You create policies using the Oracle Cloud Infrastructure Console. For detailed information, see Managing Policies.

This topic contains details about the resource types and permissions used in Fusion Applications Environment Management. For a quick start policy, see Managing Access with IAM Policies.

Resource Types

Resource types are the resources that a policy grants access to. The resource types can be an individual resource, such as environment, or a resource family that grants access to multiple, related resources.

Individual Resource-Types

fusion-environment

fusion-environment-group

fusion-refresh-activity

fusion-scheduled-activity

fusion-work-request

Aggregate Resource Types

fusion-family

The fusion-family resource-type includes all of the individual resource-types listed above. The aggregate resource-type provides a simpler method to grant a user all the permissions needed to work with all the resource-types that comprise Fusion Applications Environment Management environment management . For example, a policy statement that uses manage fusion-family is equivalent to a policy with managestatements for each of the individual fusion- resource-types.

Details for Verb + Resource-Type Combinations

The level of access is cumulative as you go from inspect to read to use to manage.

A plus sign (+) in a table cell indicates incremental access when compared to the preceding cell, whereas no extra indicates no incremental access.

For example, the read verb for the fusion-environment resource-type includes the same permissions and API operations as the inspect verb, but also adds the GetFusionEnvironment API operation. Likewise, the manage verb for the fusion-environment resource-type allows even more permissions when compared to the use permission. For the fusion-environment resource-type, the manage verb includes the same permissions and API operations as the use verb, plus the FUSION_ENVIRONMENT_CREATE, FUSION_ENVIRONMENT_DELETE, and FUSION_ENVIRONMENT_MOVE permissions and a number of API operations (CreateFusionEnvironment, DeleteFusionEnvironment, and ChangeFusionEnvironmentCompartment).

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type. For more information about permissions, see Permissions.

API Operation Permissions Required to Use the Operation
ListFusionEnvironments FUSION_ENVIRONMENT_INSPECT
GetFusionEnvironment FUSION_ENVIRONMENT_READ
CreateFusionEnvironment FUSION_ENVIRONMENT_CREATE
UpdateFusionEnvironment FUSION_ENVIRONMENT_UPDATE
DeleteFusionEnvironment FUSION_ENVIRONMENT_DELETE
ChangeFusionEnvironmentCompartment FUSION_ENVIRONMENT_MOVE
ListFusionEnvironmentFamilies FUSION_ENVIRONMENT_FAMILY_INSPECT
GetFusionEnvironmentFamily FUSION_ENVIRONMENT_FAMILY_READ
CreateFusionEnvironmentFamily FUSION_ENVIRONMENT_FAMILY_CREATE
UpdateFusionEnvironmentFamily FUSION_ENVIRONMENT_FAMILY_UPDATE
DeleteFusionEnvironmentFamily FUSION_ENVIRONMENT_FAMILY_DELETE
ChangeFusionEnvironmentFamilyCompartment FUSION_ENVIRONMENT_FAMILY_MOVE
RefreshFusionEnvironmentFamily FUSION_ENVIRONMENT_FAMILY_REFRESH
GetWorkRequest FUSION_WORK_REQUEST_READ
ListWorkRequests FUSION_WORK_REQUEST_INSPECT
ListWorkRequestErrors FUSION_WORK_REQUEST_INSPECT
ListWorkRequestLogs FUSION_WORK_REQUEST_INSPECT