OS Management Hub Policies

Use policies to control access to OS Management Hub.

For policy management, define groups of users and dynamic groups of resources. Then create policies that apply to the groups instead of individual users or resources.

Recommended User Group

Create a user group to administer the OS Management Hub service in the tenancy. Any user that belongs to the group automatically inherits the policies and permissions with that specific group.

Required Dynamic Group

Create a dynamic group to include the Management Agents within the tenancy. As new stations and instances register with the OS Management Hub, the dynamic group will include them based on its rule statements. Either create one rule statement for each compartment or a single rule for all compartments that will contain managed instances.

Note

The rule builder provides flexibility for creating rules that might reference multiple resources. Be aware of the differences when using ALL and ANY conditions with rule builder. For more information, see Managing Dynamic Groups .

ANY {resource.type='managementagent', resource.compartment.id='<compartment_ocid>'}

Required Policies

You must have a policy that allows instances to register with OS Management Hub and allows users to manage and operate the service. Before creating the policy, create a dynamic group and the recommended user group. The following is a broad policy, granting full privileges to OS Management Hub resources in all compartments in the tenancy.

Note

The policy statement uses the default identity domain unless you define the identity domain before the group or dynamic group name (for example, <identity_domain_name>/<dynamic_group_name>). For more information, see Policy Syntax.

allow dynamic-group <dynamic_group> to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id
allow group <user_group> to manage management-agents in tenancy
allow group <user_group> to manage management-agent-install-keys in tenancy
allow group <user_group> to manage osmh-family in tenancy

The first line allows the Management Agents on the managed instances to interact with OS Management Hub. This includes actions such as updating patch levels and reporting status and inventory to the service.

The remaining lines grant permission to a user group to create, update, and delete Management Agents and install keys; and manage and operate the OS Management Hub service.

Resource-Types

OS Management Hub offers both aggregate and individual resource-types for writing policies.


Aggregate Resource Type	Individual Resource Types
`osmh-family`	`osmh-lifecycle-environments` `osmh-lifecycle-stages` `osmh-managed-instances` `osmh-managed-instance-group` `osmh-profiles` `osmh-management-station` `osmh-scheduled-jobs` `osmh-work-requests` `osmh-software-sources` `osmh-entitlements`

Details for Verb and Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

osmh-lifecycle-environments


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_LIFECYCLE_ENVIRONMENT_INSPECT`	`ListLifecycleEnvironments`	none
read	INSPECT + `OSMH_LIFECYCLE_ENVIRONMENT_READ`	`GetLifecycleEnvironment`	none
use	READ + `OSMH_LIFECYCLE_ENVIRONMENT_UPDATE`	`UpdateLifecycleEnvironment`	none
manage	USE + `OSMH_LIFECYCLE_ENVIRONMENT_CREATE` `OSMH_LIFECYCLE_ENVIRONMENT_DELETE`	`CreateLifecycleEnvironment` `DeleteLifecycleEnvironment`	none

osmh-lifecycle-stages


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_LIFECYCLE_STAGE_INSPECT`	`ListLifecycleStages`	none
read	INSPECT + `OSMH_LIFECYCLE_STAGE_READ`	`GetLifecycleStage`	`ListLifecycleStageInstalledPackages` (also needs `read osmh-managed-instances`)
use	READ + `OSMH_LIFECYCLE_STAGE_ATTACH_INSTANCE` `OSMH_LIFECYCLE_STAGE_DETACH_INSTANCE` `OSMH_LIFECYCLE_STAGE_PROMOTE_SOFTWARE_SOURCE`	none	`AttachManagedInstanceToLifecycleStage` (also needs `use osmh-managed-instances`) `DetachManagedInstanceFromLifecycleStage` (also needs `use osmh-managed-instances`) `PromoteSoftwareSourceToLifecycleStage` (also needs `read osmh-software-sources`) `CreateScheduledJob` (also needs `manage osmh-scheduled-jobs`)

osmh-managed-instances


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_MANAGED_INSTANCE_INSPECT`	`ListManagedInstances`	none
read	INSPECT + `OSMH_MANAGED_INSTANCE_READ`	`GetManagedInstance` `ListInstalledPackagesOnManagedInstance` `ListAvailablePackagesForManagedInstance` `ListUpdatablePackagesForManagedInstance` `ListErrataOnManagedInstance` `ListModuleStreamsOnManagedInstance` `SummarizeManagedInstanceAnalytics` `GetManagedInstanceAnalyticContent` `GetManagedInstanceContent`	`ListLifecycleStageInstalledPackages`(also needs `read osmh-lifecycle-stages`) `ListAvailableSoftwareSourcesForManagedInstance` (also needs `read osmh-software-sources`)
use	READ + `OSMH_MANAGED_INSTANCE_UPDATE` `OSMH_MANAGED_INSTANCE_INSTALL_PACKAGE` `OSMH_MANAGED_INSTANCE_REMOVE_PACKAGE` `OSMH_MANAGED_INSTANCE_INSTALL_UPDATE` `OSMH_MANAGED_INSTANCE_ADD_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_REMOVE_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_MANAGE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_ENABLE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_DISABLE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_SWITCH_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_INSTALL_MODULE_STREAM_PROFILE` `OSMH_MANAGED_INSTANCE_REMOVE_MODULE_STREAM_PROFILE`	`UpdateManagedInstance` `InstallPackagesOnManagedInstance` `RemovePackagesFromManagedInstance` `UpdatePackagesOnManagedInstance` `UpdateAllPackagesOnManagedInstance` `RefreshSoftwareOnManagedInstance` `DetachSoftwareSourcesFromManagedInstance` `ManageModuleStreamsOnManagedInstance` `EnableModuleStreamOnManagedInstance` `DisableModuleStreamOnManagedInstance` `SwitchModuleStreamOnManagedInstance` `InstallModuleStreamProfileOnManagedInstance` `RemoveModuleStreamProfileFromManagedInstance` `UpdateAllPackagesOnManagedInstancesInCompartment`	`AttachManagedInstanceToLifecycleStage` (also needs `use osmh-lifecycle-stages`) `DetachManagedInstanceFromLifecycleStage` (also needs `use osmh-lifecycle-stages`) `AttachSoftwareSourcesToManagedInstance` (also needs `read osmh-software-sources`) `AttachManagedInstancesToManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `AttachSoftwareSourcesToManagedInstanceGroup` (also needs `use osmh-managed-instance-groups` and `read osmh-software-sources`) `DetachSoftwareSourcesFromManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `InstallPackagesOnManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `RemovePackagesFromManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `ManageModuleStreamsOnManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `EnableModuleStreamOnManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `DisableModuleStreamOnManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `InstallModuleStreamProfileOnManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `RemoveModuleStreamProfileFromManagedInstanceGroup` (also needs `use osmh-managed-instance-groups`) `CreateScheduledJob` (also needs `manage osmh-scheduled-jobs`)

osmh-managed-instance-groups


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_MANAGED_INSTANCE_GROUP_INSPECT`	`ListManagedInstanceGroups`	none
read	INSPECT + `OSMH_MANAGED_INSTANCE_GROUP_READ`	`ListInstalledPackagesOnManagedInstanceGroup` `ListAvailablePackagesForManagedInstanceGroup` `ListModuleStreamsOnManagedInstanceGroup` `ListAvailableModuleStreamsForManagedInstanceGroup`	`GetManagedInstanceGroup` (also needs `read osmh-software-sources`) `ListAvailableSoftwareSourcesForManagedInstanceGroup` (also needs `inspect osmh-software-sources`)
use	READ + `OSMH_MANAGED_INSTANCE_GROUP_UPDATE` `OSMH_MANAGED_INSTANCE_GROUP_INSTALL_PACKAGE` `OSMH_MANAGED_INSTANCE_GROUP_REMOVE_PACKAGE` `OSMH_MANAGED_INSTANCE_GROUP_INSTALL_UPDATE` `OSMH_MANAGED_INSTANCE_GROUP_ADD_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_GROUP_REMOVE_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_GROUP_ATTACH_INSTANCE` `OSMH_MANAGED_INSTANCE_GROUP_DETACH_INSTANCE` `OSMH_MANAGED_INSTANCE_GROUP_MANAGE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_GROUP_ENABLE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_GROUP_INSTALL_MODULE_STREAM_PROFILE` `OSMH_MANAGED_INSTANCE_GROUP_REMOVE_MODULE_STREAM_PROFILE`	`UpdateManagedInstanceGroup` `DetachManagedInstancesFromManagedInstanceGroup`	`AttachManagedInstancesToManagedInstanceGroup` (also needs `use osmh-managed-instances`) `AttachSoftwareSourcesToManagedInstanceGroup` (also needs `use osmh-managed-instances` and `read osmh-software-sources`) `DetachSoftwareSourcesFromManagedInstanceGroup` (also needs `use osmh-managed-instances`) `InstallPackagesOnManagedInstanceGroup` (also needs `use osmh-managed-instances`) `RemovePackagesFromManagedInstanceGroup` (also needs `use osmh-managed-instances`) `ManageModuleStreamsOnManagedInstanceGroup` (also needs `use osmh-managed-instances`) `EnableModuleStreamOnManagedInstanceGroup` (also needs `use osmh-managed-instances`) `DisableModuleStreamOnManagedInstanceGroup` (also needs `use osmh-managed-instances`) `InstallModuleStreamProfileOnManagedInstanceGroup` (also needs `use osmh-managed-instances`) `RemoveModuleStreamProfileFromManagedInstanceGroup` (also needs `use osmh-managed-instances`) `CreateScheduledJob` (also needs `manage osmh-scheduled-jobs`)
manage	USE + `OSMH_MANAGED_INSTANCE_GROUP_CREATE` `OSMH_MANAGED_INSTANCE_GROUP_DELETE`	`CreateManagedInstanceGroup` `DeleteManagedInstanceGroup`	none

osmh-profiles


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_PROFILE_INSPECT`	`ListProfiles`	none
read	INSPECT + `OSMH_PROFILE_READ`	`GetProfile`	none
use	READ + `OSMH_PROFILE_UPDATE`	`UpdateProfile`	none
manage	USE + `OSMH_PROFILE_CREATE` `OSMH_PROFILE_DELETE`	`DeleteProfile`	`CreateProfile` (also requires `read osmh-management-station` and at most one of the following: `read osmh-managed-instances`, `read osmh-lifecycle-stages`, or `read osmh-software-source`)

osmh-management-station


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_MANAGEMENT_STATION_INSPECT`	`ListManagementStations`	none
read	INSPECT + `OSMH_MANAGEMENT_STATION_READ`	`GetManagementStation` `ListMirrors`	`CreateProfile` (also needs `manage osmh-profiles` and at most one of the following: `read osmh-managed-instances`, `read osmh-lifecycle-stages`, or `read osmh-software-source`)
use	READ + `OSMH_MANAGEMENT_STATION_UPDATE`	`UpdateManagementStation` `SynchronizeMirrors` `SynchronizeSingleMirrors`	`CreateScheduledJob` (also needs `manage osmh-scheduled-jobs`)
manage	USE + `OSMH_MANAGEMENT_STATION_CREATE` `OSMH_MANAGEMENT_STATION_DELETE`	`CreateManagementStation` `DeleteManagementStation`	none

osmh-scheduled-jobs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_SCHEDULED_JOB_INSPECT`	`ListScheduledJobs`	none
read	INSPECT + `OSMH_SCHEDULED_JOB_READ`	`GetScheduledJob`	none
use	READ + `OSMH_SCHEDULED_JOB_UPDATE`	`UpdateScheduledJob` `RunScheduledJobNow`	none
manage	USE + `OSMH_SCHEDULED_JOB_CREATE` `OSMH_SCHEDULED_JOB_DELETE`	`DeleteScheduledJob`	`CreateScheduledJob` (also needs at least one of the following: `read osmh-software-sources`, `use osmh-managed-instances`, `use osmh-managed-instance-groups`, `use osmh-lifecycle-stages`, or `use osmh-management-station`)

osmh-work-requests


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_WORK_REQUEST_INSPECT`	`ListWorkRequests`	none
read	INSPECT + `OSMH_WORK_REQUEST_READ`	`GetWorkRequest` `ListWorkRequestErrors` `ListWorkRequestLogs`	none

osmh-software-sources


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_SOFTWARE_SOURCE_INSPECT`	`ListSoftwareSources` `ListSoftwareSourceVendors`	`ListAvailableSoftwareSourcesForManagedInstanceGroup` (also needs `read osmh-managed-instance-groups`)
read	INSPECT + `OSMH_SOFTWARE_SOURCE_READ`	`GetSoftwareSource` `ListSoftwarePackages` `GetSoftwarePackage` `ListModuleStreams` `ListModuleStreamProfiles` `QueryModuleStreamProfilesInSoftwareSources` `GetModuleStream` `GetModuleStreamProfile` `ListPackageGroups` `GetPackageGroup` `QueryPackageGroupsInSoftwareSources`	`PromoteSoftwareSourceToLifecycleStage` (also needs `use osmh-lifecycle-stages`) `ListAvailableSoftwareSourcesForManagedInstance` (also needs `read osmh-managed-instances`) `AttachSoftwareSourcesToManagedInstance` (also needs `use osmh-managed-instances`) `GetManagedInstanceGroup` (also needs `read osmh-managed-instance-groups`) `AttachSoftwareSourcesToManagedInstanceGroup` (also needs `use osmh-managed-instances` and `use osmh-managed-instance-groups`) `CreateScheduledJob` (also needs `manage osmh-scheduled-jobs`)
use	READ + `OSMH_SOFTWARE_SOURCE_UPDATE`	`UpdateSoftwareSource` `ChangeAvailabilityOfSoftwareSources`	none
manage	USE + `OSMH_SOFTWARE_SOURCE_CREATE` `OSMH_SOFTWARE_SOURCE_DELETE`	`CreateSoftwareSource` `DeleteSoftwareSource`	none

osmh-entitlements


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	`OSMH_ENTITLEMENTS_INSPECT`	`ListEntitlements`	none
manage	INSPECT + `OSMH_ENTITLEMENTS_CREATE`	`CreateEntitlement`	none

Permissions Required for Each API Operation


API Operation	Permissions Required to Use the Operation
`CreateLifecycleEnvironment`	`OSMH_LIFECYCLE_ENVIRONMENT_CREATE`
`ListLifecycleEnvironments`	`OSMH_LIFECYCLE_ENVIRONMENT_INSPECT`
`GetLifecycleEnvironment`	`OSMH_LIFECYCLE_ENVIRONMENT_READ`
`UpdateLifecycleEnvironment`	`OSMH_LIFECYCLE_ENVIRONMENT_UPDATE`
`DeleteLifecycleEnvironment`	`OSMH_LIFECYCLE_ENVIRONMENT_DELETE`
`ListLifecycleStages`	`OSMH_LIFECYCLE_STAGE_INSPECT`
`GetLifecycleStage`	`OSMH_LIFECYCLE_STAGE_READ`
`AttachManagedInstanceToLifecycleStage`	`OSMH_LIFECYCLE_STAGE_ATTACH_INSTANCE` `OSMH_MANAGED_INSTANCE_UPDATE`
`DetachManagedInstanceFromLifecycleStage`	`OSMH_LIFECYCLE_STAGE_DETACH_INSTANCE` `OSMH_MANAGED_INSTANCE_UPDATE`
`PromoteSoftwareSourceToLifecycleStage`	`OSMH_LIFECYCLE_STAGE_PROMOTE_SOFTWARE_SOURCE` `OSMH_SOFTWARE_SOURCE_READ`
`ListLifecycleStageInstalledPackages`	`OSMH_MANAGED_INSTANCE_READ` `OSMH_LIFECYCLE_STAGE_READ`
`ListManagedInstances`	`OSMH_MANAGED_INSTANCE_INSPECT`
`GetManagedInstance`	`OSMH_MANAGED_INSTANCE_READ`
`UpdateManagedInstance`	`OSMH_MANAGED_INSTANCE_UPDATE`
`ListInstalledPackagesOnManagedInstance`	`OSMH_MANAGED_INSTANCE_READ`
`ListAvailablePackagesForManagedInstance`	`OSMH_MANAGED_INSTANCE_READ`
`ListUpdatablePackagesForManagedInstance`	`OSMH_MANAGED_INSTANCE_READ`
`ListErrataOnManagedInstance`	`OSMH_MANAGED_INSTANCE_READ`
`ListAvailableSoftwareSourcesForManagedInstance`	`OSMH_MANAGED_INSTANCE_READ` `OSMH_SOFTWARE_SOURCE_READ`
`InstallPackagesOnManagedInstance`	`OSMH_MANAGED_INSTANCE_INSTALL_PACKAGE`
`RemovePackagesFromManagedInstance`	`OSMH_MANAGED_INSTANCE_REMOVE_PACKAGE`
`UpdatePackagesOnManagedInstance`	`OSMH_MANAGED_INSTANCE_INSTALL_UPDATE`
`UpdateAllPackagesOnManagedInstance`	`OSMH_MANAGED_INSTANCE_INSTALL_UPDATE`
`RefreshSoftwareOnManagedInstance`	`OSMH_MANAGED_INSTANCE_UPDATE`
`AttachSoftwareSourcesToManagedInstance`	`OSMH_MANAGED_INSTANCE_ADD_SOFTWARE_SOURCE` `OSMH_SOFTWARE_SOURCE_READ`
`DetachSoftwareSourcesFromManagedInstance`	`OSMH_MANAGED_INSTANCE_REMOVE_SOFTWARE_SOURCE`
`ManageModuleStreamsOnManagedInstance`	`OSMH_MANAGED_INSTANCE_MANAGE_MODULE_STREAM`
`EnableModuleStreamOnManagedInstance`	`OSMH_MANAGED_INSTANCE_ENABLE_MODULE_STREAM`
`DisableModuleStreamOnManagedInstance`	`OSMH_MANAGED_INSTANCE_DISABLE_MODULE_STREAM`
`SwitchModuleStreamOnManagedInstance`	`OSMH_MANAGED_INSTANCE_SWITCH_MODULE_STREAM`
`InstallModuleStreamProfileOnManagedInstance`	`OSMH_MANAGED_INSTANCE_INSTALL_MODULE_STREAM_PROFILE`
`RemoveModuleStreamProfileFromManagedInstance`	`OSMH_MANAGED_INSTANCE_REMOVE_MODULE_STREAM_PROFILE`
`ListModuleStreamsOnManagedInstance`	`OSMH_MANAGED_INSTANCE_READ`
`UpdateAllPackagesOnManagedInstancesInCompartment`	`OSMH_MANAGED_INSTANCE_INSTALL_UPDATE`
`SummarizeManagedInstanceAnalytics`	`OSMH_MANAGED_INSTANCE_READ`
`GetManagedInstanceAnalyticContent`	`OSMH_MANAGED_INSTANCE_READ`
`GetManagedInstanceContent`	`OSMH_MANAGED_INSTANCE_READ`
`CreateManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_CREATE` `OSMH_MANAGED_INSTANCE_GROUP_ADD_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_GROUP_ATTACH_INSTANCE`
`ListManagedInstanceGroups`	`OSMH_MANAGED_INSTANCE_GROUP_INSPECT`
`GetManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_READ` `OSMH_SOFTWARE_SOURCE_READ`
`UpdateManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_UPDATE`
`DeleteManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_DELETE`
`AttachManagedInstancesToManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_ATTACH_INSTANCE` And one or more of the following: `OSMH_MANAGED_INSTANCE_ADD_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_REMOVE_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_MANAGE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_INSTALL_PACKAGE`
`DetachManagedInstancesFromManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_DETACH_INSTANCE`
`DetachManagedInstancesFromManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_DETACH_INSTANCE`
`AttachSoftwareSourcesToManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_ADD_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_ADD_SOFTWARE_SOURCE` `OSMH_SOFTWARE_SOURCE_READ`
`DetachSoftwareSourcesFromManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_REMOVE_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_REMOVE_SOFTWARE_SOURCE`
`ListAvailableSoftwareSourcesForManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_READ` `OSMH_SOFTWARE_SOURCE_INSPECT`
`InstallPackagesOnManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_INSTALL_PACKAGE` `OSMH_MANAGED_INSTANCE_INSTALL_PACKAGE`
`RemovePackagesFromManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_REMOVE_PACKAGE` `OSMH_MANAGED_INSTANCE_REMOVE_PACKAGE`
`ListInstalledPackagesOnManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_READ`
`ListAvailablePackagesForManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_READ`
`ManageModuleStreamsOnManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_MANAGE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_MANAGE_MODULE_STREAM`
`EnableModuleStreamOnManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_ENABLE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_ENABLE_MODULE_STREAM`
`DisableModuleStreamOnManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_DISABLE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_DISABLE_MODULE_STREAM`
`InstallModuleStreamProfileOnManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_INSTALL_MODULE_STREAM_PROFILE` `OSMH_MANAGED_INSTANCE_INSTALL_MODULE_STREAM_PROFILE`
`RemoveModuleStreamProfileFromManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_REMOVE_MODULE_STREAM_PROFILE` `OSMH_MANAGED_INSTANCE_REMOVE_MODULE_STREAM_PROFILE`
`ListModuleStreamsOnManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_READ`
`ListAvailableModuleStreamsForManagedInstanceGroup`	`OSMH_MANAGED_INSTANCE_GROUP_READ`
`CreateProfile`	`OSMH_PROFILE_CREATE` `OSMH_MANAGEMENT_STATION_READ` And at most one of the following: `OSMH_MANAGED_INSTANCE_GROUP_READ` `OSMH_LIFECYCLE_STAGE_READ` `OSMH_SOFTWARE_SOURCE_READ`
`GetProfile`	`OSMH_PROFILE_READ`
`ListProfiles`	`OSMH_PROFILE_INSPECT`
`UpdateProfile`	`OSMH_PROFILE_UPDATE`
`DeleteProfile`	`OSMH_PROFILE_DELETE`
`CreateManagementStation`	`OSMH_MANAGEMENT_STATION_CREATE`
`ListManagementStations`	`OSMH_MANAGEMENT_STATION_INSPECT`
`GetManagementStation`	`OSMH_MANAGEMENT_STATION_READ`
`UpdateManagementStation`	`OSMH_MANAGEMENT_STATION_UPDATE`
`DeleteManagementStation`	`OSMH_MANAGEMENT_STATION_DELETE`
`ListMirrors`	`OSMH_MANAGEMENT_STATION_READ`
`SynchronizeMirrors`	`OSMH_MANAGEMENT_STATION_UPDATE`
`SynchronizeSingleMirrors`	`OSMH_MANAGEMENT_STATION_UPDATE`
`ListScheduledJobs`	`OSMH_SCHEDULED_JOB_INSPECT`
`CreateScheduledJob`	`OSMH_SCHEDULED_JOB_CREATE` And one or more of the following: `OSMH_SOFTWARE_SOURCE_READ` `OSMH_MANAGED_INSTANCE_INSTALL_PACKAGE` `OSMH_MANAGED_INSTANCE_INSTALL_UPDATE` `OSMH_MANAGED_INSTANCE_REMOVE_PACKAGE` `OSMH_MANAGED_INSTANCE_ADD_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_REMOVE_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_MANAGE_MODULE_STREAM` `OSMH_MANAGED_INSTANCE_GROUP_INSTALL_PACKAGE` `OSMH_MANAGED_INSTANCE_GROUP_INSTALL_UPDATE` `OSMH_MANAGED_INSTANCE_GROUP_REMOVE_PACKAGE` `OSMH_MANAGED_INSTANCE_GROUP_ADD_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_GROUP_REMOVE_SOFTWARE_SOURCE` `OSMH_MANAGED_INSTANCE_GROUP_MANAGE_MODULE_STREAM` `OSMH_LIFECYCLE_STAGE_PROMOTE_SOFTWARE_SOURCE` `OSMH_MANAGEMENT_STATION_UPDATE`
`GetScheduledJob`	`OSMH_SCHEDULED_JOB_READ`
`UpdateScheduledJob`	`OSMH_SCHEDULED_JOB_UPDATE`
`DeleteScheduledJob`	`OSMH_SCHEDULED_JOB_DELETE`
`RunScheduledJobNow`	`OSMH_SCHEDULED_JOB_UPDATE`
`ListWorkRequests`	`OSMH_WORK_REQUEST_INSPECT`
`GetWorkRequest`	`OSMH_WORK_REQUEST_READ`
`ListWorkRequestErrors`	`OSMH_WORK_REQUEST_READ`
`ListWorkRequestLogs`	`OSMH_WORK_REQUEST_READ`
`ListSoftwareSources`	`OSMH_SOFTWARE_SOURCE_INSPECT`
`GetSoftwareSource`	`OSMH_SOFTWARE_SOURCE_READ`
`UpdateSoftwareSource`	`OSMH_SOFTWARE_SOURCE_UPDATE`
`CreateSoftwareSource`	`OSMH_SOFTWARE_SOURCE_CREATE`
`DeleteSoftwareSource`	`OSMH_SOFTWARE_SOURCE_DELETE`
`ListSoftwarePackages`	`OSMH_SOFTWARE_SOURCE_READ`
`GetSoftwarePackage`	`OSMH_SOFTWARE_SOURCE_READ`
`ListErrata`	No authorization needed as it's shared public information. This API will only be authenticated.
`GetErratum`	No authorization needed as it's shared public information. This API will only be authenticated.
`ListModuleStreams`	`OSMH_SOFTWARE_SOURCE_READ`
`ListModuleStreamProfiles`	`OSMH_SOFTWARE_SOURCE_READ`
`QueryModuleStreamProfilesInSoftwareSources`	`OSMH_SOFTWARE_SOURCE_READ`
`GetModuleStream`	`OSMH_SOFTWARE_SOURCE_READ`
`GetModuleStreamProfile`	`OSMH_SOFTWARE_SOURCE_READ`
`ChangeAvailabilityOfSoftwareSources`	`OSMH_SOFTWARE_SOURCE_UPDATE`
`ListPackageGroups`	`OSMH_SOFTWARE_SOURCE_READ`
`GetPackageGroup`	`OSMH_SOFTWARE_SOURCE_READ`
`QueryPackageGroupsInSoftwareSources`	`OSMH_SOFTWARE_SOURCE_READ`
`ListSoftwareSourceVendors`	`OSMH_SOFTWARE_SOURCE_INSPECT`
`ListEntitlements`	`OSMH_ENTITLEMENTS_INSPECT`
`CreateEntitlement`	`OSMH_ENTITLEMENTS_CREATE`