About Speech Policies

Learn about the resource policies including API permissions.

To control who has access to Speech, and the type of access for each group of users, you must create policies. By default, only the users in the Administrators group have access to all Speech resources.

For everyone else who's using the service, you must create policies that assign them proper rights to Speech resources. For a complete list of OCI policies, see Policy Reference.

Resource Types

Speech offers both aggregate and individual resource types for writing policies. You can use aggregate resource types to write fewer policies. For example, instead of allowing a group to manage all individual resource types, you can have a policy that allows the group to manage the aggregate resource type, ai-service-speech-family.

Individual Resource Types

ai-service-speech-transcription-job

ai-service-speech-synthesize-voice

ai-service-speech-synthesize

Aggregate Resource Type

ai-service-speech-family

Required IAM Policies

To work with Speech, an administrator must grant you access in an IAM policy.

If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have.

You must provide access to Object Storage to read media files and generate transcriptions to a bucket by creating policies.

Create a policy with one of the following policies to manage objects:

allow <group-name> SpeechUsers to manage object-family in tenancy

Create a policy with one of the following policies to manage transcription jobs:

allow <subject> to
          manage ai-service-speech-family in tenancy
          group <group-name> | group
          id <group-ocid> |
          dynamic-group <dynamic-group-name> |
        dynamic-group id <dynamic-group-ocid> |
        any-user

Example Policies

These policies allow users in the SpeechUsers group to manage Speech transcription jobs:

allow group SpeechUsers to manage ai-service-speech-family in tenancy
allow group SpeechUsers to manage object-family in tenancy
allow group SpeechUsers to read tag-namespaces in tenancy
allow group SpeechUsers to inspect tag-namespaces in tenancy

If you want to limit access to a specific compartment, then create a group, and set these policies in that compartment:

allow group SpeechUsers to manage ai-service-speech-family in compartment <compartment-name>
allow group SpeechUsers to manage object-family in compartment <compartment-name>
allow group SpeechUsers to read tag-namespaces in compartment <compartment-name>
allow group SpeechUsers to inspect tag-namespaces in compartment <compartment-name>

Allow all users to manage all Speech resources using the aggregate resource:

allow any-user to manage ai-service-speech-family in tenancy

To have access to all Speech resources:

allow group <SpeechUsers> to manage ai-service-speech-family in tenancy
or
allow group <SpeechUsers> to manage ai-service-speech-synthesize in tenancy

To have access to all Text to Speech resources only:

allow group <SpeechUsers> to manage ai-service-speech-synthesize-voice in tenancy
allow group <SpeechUsers> to manage ai-service-speech-synthesize in tenancy

Resource Types and Permissions


Resource	Permissions
`ai-service-speech-transcription-job`	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_INSPECT`
	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_CREATE`
	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_READ`
	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_UPDATE`
	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_CANCEL`
	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_DELETE`
	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_MOVE`

Permissions Required for Each API Operation

You can use the individual resource types with API calls to interact with the service.

The following table lists the API operations for the Speech service in a logical order, grouped by resource type, and the permissions required for resource types:


API Operation	Permission
CreateTranscriptionJob	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_CREATE`
ListTranscriptionJobs	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_INSPECT`
GetTranscriptionJob	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_READ`
UpdateTranscriptionJob	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_UPDATE`
CancelTranscriptionJob	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_CANCEL`
DeleteTranscriptionJob	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_READAI_SERVICE_SPEECH_TRANSCRIPTION_JOB_DELETE`
ChangeTranscriptionJobCompartment	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_MOVE`
ListTranscriptionTasks	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_READ`
GetTranscriptionTask	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_READ`
CancelTranscriptionTask	`AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_READ` `AI_SERVICE_SPEECH_TRANSCRIPTION_JOB_CANCEL`

Oracle Cloud Infrastructure Documentation Try Free Tier

About Speech Policies

Resource Types 🔗

Required IAM Policies 🔗

Example Policies 🔗

Resource Types and Permissions 🔗

Permissions Required for Each API Operation 🔗

Oracle Cloud Infrastructure Documentation
Try Free Tier

Resource Types

Required IAM Policies

Example Policies

Resource Types and Permissions

Permissions Required for Each API Operation