Oracle Cloud Infrastructure Documentation

Create and Manage Policies With Policy Advisor

Use Policy Advisor to quickly establish OCI permissions on resources that allow them to be enabled for Ops Insights. Policy Advisor is a centralized location where you can view, create, update, and delete policies required for Ops Insights.

Policy Advisor automates creating following policies:
  • Policies needed by users of Ops Insights (both administrators and read-only users).
  • Policies needed by Ops Insights service to function properly.
  • Policies to set up demo mode (optional).

Setup Prerequisite Policies for Ops Insights

As an administrator with the ability to create policies in the root compartment, follow these steps to set up the required prerequisite policies with Policy Advisor:
  1. From the Ops Insights Overview page, on the upper right hand click on Policy Advisor. This will launch the Policy Advisor wizard.
  2. Under the Resource access click the Configure button for Ops Insights. These policies will provide the prerequisites needed to use the Ops Insights service.
  3. In the Ops Insights service prerequisites window select the user groups that need to access to the prerequisite policies click on + Add user group. Check mark all groups required and check mark whether Administrator access or User access is required. When complete click Select.
  4. In the Ops Insights service prerequisites window you will now see the user groups and access level that you configured. To the right of this table select the Compartments that the user group may access. When all compartments have been added click Preview and apply changes.
  5. The Complete Prerequisites window allows you to preview the policy statements that will be applied, click Next to apply them.
  6. Once the prerequisite policies have been applied a green check mark will appear, to finish click Close. The prerequisite policies have been applied.

Setup and Manage Policies for Ops Insights Services

With Policy Advisor you can grant and modify the necessary policies for specific telemetry type and resource types that need to be analyzed with Ops Insights from your environment, both for the user group which will be performing this action and for the service itself.

The following is a list of telemetry and resource types whose policies can be managed from Policy Advisor:
  • Databases:
    • Autonomous databases on OCI
    • Bare metal, VM and Exa-DB databases on OCI
    • External Databases (via telemetry):
      • Enterprise Manager managed databases
      • OCI Management Agent managed databases
  • Compute instances and hosts
    • Computes instances on OCI
    • External hosts (via telemetry):
      • Enterprise Manager managed hosts
      • OCI Management Agent managed hosts
  • Exadata
    • Exadata systems (telemetry via Enterprise Manager)
    • Exadata Database Service on Dedicated Infrastructure (ExaDB-D)
  • News reports
To set up the specific policies first ensure that the necessary buckets have been created in the compartments to be used, and follow these steps:
  1. From the Ops Insights Overview page, on the upper right hand click on Policy Advisor. This will launch the Policy Advisor wizard.
  2. Under the Resource access tab you will see the names of the services that require policies to be applied for Ops Insights to work. Select the service you wish to edit and click the Configure button.
  3. In the Ops Insights service prerequisites window select the user groups that need to have their policy access modified
    1. To add user groups click on + Add user group. Check mark all groups required and check mark whether Administrator access or User access is required. When complete click Select.
    2. To remove user groups select the three dots to the right of a user group that has access and select Remove, this will remove it from the table.
  4. In the selected service prerequisites window you will now see the user groups and access level that you configured. To the right of this table select the Compartments that the user groups may access is visible.
    1. To add compartments click on the text box and select the appropriate compartments.
    2. To remove compartments click on the X to the right of each compartment.
    When all compartments have been modified click Preview and apply changes.
  5. The Complete Prerequisites window allows you to preview the policy statements that will be applied, showing first statements to be deleted and the policy statements that will be applied. Click Next to apply them.
  6. Once the prerequisite policies have been applied a green check mark will appear, to finish click Close. The prerequisite policies have been applied.