Compute Cloud@Customer Policy Reference
Use policies to control access to Compute Cloud@Customer infrastructure and upgrade schedule operations.
Information in these sections provide policy information specifically for Compute Cloud@Customer infrastructures and upgrade schedules. For detailed information about Oracle Cloud Infrastructure IAM and policies, see the following topics:
Creating a policy requires proper privileges. Work with your tenancy administrator to either obtain the privileges or have the policies created for you.
Resource-Types
Compute Cloud@Customer introduces additional resource-types that enable you to manage the Compute Cloud@Customer infrastructures and upgrade schedules.
Aggregate Resource-Type
An aggregate resource-type covers the list of individual resource-types that directly
follow. For example, writing one policy to allow a group to have access to the
ccc-family
is equivalent to writing separate policies for the
group that would grant access to the ccc-infrastructure
, and
ccc-upgrade-schedule
. For more information, see
Family Name | Member Resources |
---|---|
ccc-family |
ccc-infrastructure ccc-upgrade-schedule |
Individual Resource-Types
Resource Types |
Permissions |
---|---|
ccc-infrastructure |
CCC_INFRASTRUCTURE_INSPECT (list with summaries) CCC_INFRASTRUCTURE_READ (view resource) CCC_INFRASTRUCTURE_UPDATE (modify settings) CCC_INFRASTRUCTURE_CREATE (provision new CCC infrastructure) CCC_INFRASTRUCTURE_DELETE (delete CCC infrastructure) CCC_INFRASTRUCTURE_MOVE (move the infrastructure) |
ccc-upgrade-schedule |
CCC_UPGRADE_SCHEDULE_INSPECT CCC_UPGRADE_SCHEDULE_READ CCC_UPGRADE_SCHEDULE_UPDATE CCC_UPGRADE_SCHEDULE_CREATE CCC_UPGRADE_SCHEDULE_DELETE CCC_UPGRADE_SCHEDULE_MOVE |
Supported Variables
Compute Cloud@Customer, supports the Oracle Cloud Infrastructure general variables.
Details for Verb+Resource-Type Combinations
You use permissions and verbs to write policies to give a group access to a particular resource-type. Compute Cloud@Customer provides resource-types and permissions that are unique to Compute Cloud@Customer, but use the Oracle Cloud Infrastructure verbs.
The following tables show the Permissions and API operations covered by each verb, using the following notations:
- The level of access is cumulative as you go from
inspect
>read
>use
>manage
. - A plus sign (+) indicates incremental access compared to the cell directly above it.
- "no extra" indicates no incremental access.
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
CCC_INFRASTRUCTURE_INSPECT |
ListCccInfrastructures |
none |
read |
INSPECT + CCC_INFRASTRUCTURE_READ |
GetCccInfrastructure |
none |
use |
READ + CCC_INFRASTRUCTURE_UPDATE |
UpdateCccInfrastructure |
none |
manage |
USE + CCC_INFRASTRUCTURE_CREATE CCC_INFRASTRUCTURE_DELETE CCC_INFRASTRUCTURE_MOVE |
no extra | CreateCccInfrastructure (also needs use subnets)DeleteCccInfrastructure (also needs use subnets) ChangeCccInfrastructureCompartment |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
CCC_UPGRADE_SCHEDULE_INSPECT |
ListCccUpgradeSchedules |
none |
read |
INSPECT + CCC_UPGRADE_SCHEDULE_READ |
GetCccUpgradeSchedule |
none |
use |
READ + CCC_UPGRADE_SCHEDULE_UPDATE |
UpdateCccUpgradeSchedule |
none |
manage |
USE + CCC_UPGRADE_SCHEDULE_CREATE CCC_UPGRADE_SCHEDULE_DELETE CCC_UPGRADE_SCHEDULE_MOVE |
CreateCccUpgradeSchedule DeleteCccUpgradeSchedule ChangeCccUpgradeScheduleCompartment |
none |
Permissions Required for Each API Operation
The following tables list the API operations and which permissions are required to use the operation.
Compute Cloud@Customer Infrastructure Operations
API Operation |
Permissions Required to Use the Operation |
---|---|
ListCccInfrastructures | CCC_INFRASTRUCTURE_INSPECT |
CreateCccInfrastructure | CCC_INFRASTRUCTURE_CREATE and CLIENT_SUBNET_UPDATE |
GetCccInfrastructure | CCC_INFRASTRUCTURE_READ |
UpdateCccInfrastructure | CCC_INFRASTRUCTURE_UPDATE |
DeleteCccInfrastructure | CCC_INFRASTRUCTURE_DELETE and CLIENT_SUBNET_UPDATE |
ChangeCccInfrastructureCompartment | CCC_INFRASTRUCTURE_MOVE |
Upgrade Schedule Operations
API Operation |
Permissions Required to Use the Operation |
---|---|
ListCccUpgradeSchedules | CCC_UPGRADE_SCHEDULE_INSPECT |
CreateCccUpgradeSchedule | CCC_UPGRADE_SCHEDULE_CREATE |
GetCccUpgradeSchedule | CCC_UPGRADE_SCHEDULE_READ |
UpdateCccUpgradeSchedule | CCC_UPGRADE_SCHEDULE_UPDATE |
DeleteCccUpgradeSchedule | CCC_UPGRADE_SCHEDULE_DELETE |
ChangeCccUpgradeScheduleCompartment | CCC_UPGRADE_SCHEDULE_MOVE |
Sample Policies
Allow Full Administration Anywhere in a Tenancy
Allow group CCCAdministrators to manage ccc-infrastructure in tenancy
Allow group CCCAdministrators to manage ccc-upgrade-schedule in tenancy
Allow a Compartment Administrator to View Infrastructures in a Compartment
Allow group CCCMonitors to read ccc-infrastructure in compartment SampleCompartment
Allow a Compute Cloud@Customer Administrator Access to Manage the Upgrade Schedules in a Compartment
Allow group CCCEngineeringAdministrators to manage ccc-upgrade-schedule in compartment Engineering