Example Policies
You can use these exampleResource Scheduler policies as templates to create your own policies.
To use resource schedules, you must create a policy to give users permission to create a schedule (see Example 1) AND you must create a policy to give a schedule permission to manage resources (see Example 2).
Example 1. This policy gives users permission to manage (create, delete, activate, and others) resource schedules in their tenancy.
General example
Allow group <groupname> to manage resource-schedule-family in tenancy
Specific example
Allow group YourResourceScheduleAdminGroup to manage resource-schedule-family in tenancy
Example 2. This policy gives a resource schedule permission to perform an action on a resource.
When a resource schedule is created, by default, it doesn't have permission to perform the action on target resources,. You dc must give it permission.
This policy gives a schedule permission to manage predefined resources such as instances in a compartment.
General example
Allow any-user to manage <resource_type> in compartment id <compartment_ocid> where all{request.principal.type='resourceschedule',request.principal.id='<ocid_of_resourceschedule>'}
Specific example
Allow any-user to manage instance in compartment id ocid.compartment.oc1...q7fa where all{request.principal.type='resourceschedule',request.principal.id='ocid.resourceschedule.oc1.iad.axgr...dt8zb'}
Example 3. This example policy shows how to grant a resource-schedule permission to perform action as a dynamic group.
First, create a Dynamic Group to identify the resources that you want to authorize access for. The dynamic group requires one or more matching rules, as shown in the following example.
Example: Create a dynamic group for resource-scheduler named resource-scheduler-dynamic-group.
ALL {resource.type='resourceschedule', resource.id='ocid.resourceschedule.oc1.iad.axgr...dt8zb'}
Then, setup proper policies.
Allow dynamic-group resource-scheduler-dynamic-group to manage functions-family in tenancy