Language Policies
Learn about the resource policies including API permissions.
To control who has access to Language and the type of access for each group of users, you must create policies. By default, only the users in the Administrators group have access to all Language resources. For everyone else who's using the service, you must create new policies that assign them proper rights to Language resources. For a complete list of OCI policies, see Policy Reference.
Resource Types
Language offers both aggregate and individual
resource-types for writing policies. You can use aggregate resource types to write
fewer policies. For example, instead of allowing a group to manage all of the
individual resource types, you can have a policy that allows the group to manage
the aggregate resource type, ai-service-language-family
.
- Individual Resource Types
-
ai-service-language-entities ai-service-dominant-language ai-service-language-sentiments ai-service-language-keyphrases ai-service-language-text-classification ai-service-language-pii-entities ai-service-language-translation
- Aggregate Resource Type
-
ai-service-language-family
- Example Policies
-
allow group <language-group> to use ai-service-language-family in tenancy <tenancy-name>
allow group <group-name> to manage ai-service-language-family in compartment <compartment-name>
Required IAM Policy
To work with Language, an administrator must grant you access in an IAM policy.
If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have.
Create a policy with one of the following policies:
allow <subject> to manage ai-service-language-family in tenancy, where subject can be:
group <group-name> | group id <group-ocid> | dynamic-group <dynamic-group-name> | dynamic-group id <dynamic-group-ocid> | any-user
Example Policies
Allow users to manage all Language resources using the aggregate resource:
allow any-user to manage ai-service-language-family in tenancy
These policies control user access by theLanguage resources:
allow any-user to manage ai-service-language-project in tenancy
allow any-user to manage ai-service-language-model in tenancy
allow any-user to manage ai-service-language-data-asset in tenancy
allow any-user to manage ai-service-language-endpoint in tenancy
Resource Types and Permissions
Resource Family | Resource Kind | Permissions |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
||
|
||
|
||
|
||
|
|
|
|
|
|
|
|
|
|
|
Permissions Required for Each API Operation
You can use the individual resource types with API calls to interact with the service.
The following table lists the API operations for the Language service in a logical order, grouped by resource type, and the permissions required for resource types:
API Operation | Permissions |
---|---|
BatchDetectDominantLanguage | AI_SERVICE_DOMINANT_LANGUAGE_USE |
BatchDetectLanguageEntities | AI_SERVICE_LANGUAGE_ENTITIES_USE |
BatchDetectLanguageKeyPhrases | AI_SERVICE_LANGUAGE_KEYPHRASES_USE |
BatchDetectLanguageSentiments | AI_SERVICE_LANGUAGE_SENTIMENTS_USE |
BatchLanguageTranslation | AI_SERVICE_LANGUAGE_TRANSLATION_USE |
https://docs.oracle.com/iaas/api/#/en/language/20221001/BatchDetectLanguagePiiEntities/BatchDetectLanguagePiiEntities | AI_SERVICE_LANGUAGE_PII_ENTITIES_USE |
DetectLanguageEntities | AI_SERVICE_LANGUAGE_ENTITIES_USE |
BatchDetectLanguageTextClassification | AI_SERVICE_LANGUAGE_TEXT_CLASSIFICATION_USE |
DetectDominantLanguage | AI_SERVICE_DOMINANT_LANGUAGE_USE |
DetectLanguageEntities | AI_SERVICE_LANGUAGE_ENTITIES_USE |
DetectLanguageKeyPhrases | AI_SERVICE_LANGUAGE_KEYPHRASES_USE |
DetectLanguageSentiments | AI_SERVICE_LANGUAGE_SENTIMENTS_USE |
DetectLanguageTextClassification | AI_SERVICE_LANGUAGE_TEXT_CLASSIFICATION_USE |
ChangeProjectCompartment | AI_SERVICE_LANGUAGE_PROJECT_MOVE |
CreateProject | AI_SERVICE_LANGUAGE_PROJECT_CREATE |
ListProjects | AI_SERVICE_LANGUAGE_PROJECT_INSPECT |
GetProject | AI_SERVICE_LANGUAGE_PROJECT_READ |
UpdateProject | AI_SERVICE_LANGUAGE_PROJECT_UPDATE |
DeleteProject | AI_SERVICE_LANGUAGE_PROJECT_DELETE |
ChangeModelCompartment | AI_SERVICE_LANGUAGE_MODEL_MOVE |
CreateModel | AI_SERVICE_LANGUAGE_MODEL_CREATE |
ListModels | AI_SERVICE_LANGUAGE_MODEL_INSPECT |
GetModel | AI_SERVICE_LANGUAGE_MODEL_READ |
UpdateModel | AI_SERVICE_LANGUAGE_MODEL_UPDATE |
DeleteModel | AI_SERVICE_LANGUAGE_MODEL_DELETE |
ChangeEndpointCompartment | AI_SERVICE_LANGUAGE_ENDPOINT_MOVE |
CreateEndpoint | AI_SERVICE_LANGUAGE_ENDPOINT_CREATE |
ListEndpoint | AI_SERVICE_LANGUAGE_ENDPOINT_INSPECT |
GetEndpoint | AI_SERVICE_LANGUAGE_ENDPOINT_READ |
UpdateEndpoint | AI_SERVICE_LANGUAGE_ENDPOINT_UPDATE |
ChangeEndpoint | AI_SERVICE_LANGUAGE_ENDPOINT_MOVE |
ListWorkRequests |
|
GetWorkRequest | AI_SERVICE_LANGUAGE_WORK_REQUEST_READ |
ListWorkRequestErrors | AI_SERVICE_LANGUAGE_WORK_REQUEST_READ |
ListWorkRequestLogs | AI_SERVICE_LANGUAGE_WORK_REQUEST_READ |