Required IAM Policy for Image Scanning Targets
To use Oracle Cloud Infrastructure, you must be granted the required type of access in a policy (IAM) written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool.
If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you were granted and which compartment you’re supposed to work in.
For example, to allow users in the group SecurityAdmins
to create, update, and delete all Vulnerability Scanning resources in the compartment SalesApps
:
Allow group SecurityAdmins to manage vss-family in compartment SalesApps
Grant Permissions to Pull Images From the Container Registry
Grant the Vulnerability Scanning service permission to pull images from Container Registry.
To grant this permission for all images in the entire tenancy:
allow service vulnerability-scanning-service to read repos in tenancy
allow service vulnerability-scanning-service to read compartments in tenancy
To grant this permission for all images in a specific compartment:
allow service vulnerability-scanning-service to read repos in compartment <compartment-name>
allow service vulnerability-scanning-service to read compartments in compartment <compartment_name>
For more information and examples, see: