Detalles de Gestión de organización
En este tema se tratan los detalles de la escritura de políticas para controlar el acceso a Gestión de organización.
Tipos de recursos
organizations-familyorganizations-linkorganizations-recipient-invitationorganizations-sender-invitationorganizations-invitationorganizations-domainorganizations-domain-governanceorganizations-entityorganizations-tenancyorganizations-orderorganizations-subscriptionorganizations-subscription-mappingorganizations-assigned-subscriptionorganizations-subscription-regionorganizations-governance-rulesorganizations-enforced-governance-rules
Variables soportadas
Organization Management soporta todas las variables generales (consulte Variables generales para todas las solicitudes), además de las adicionales que se muestran a continuación:
Variables necesarias (proporcionadas por el servicio para cada solicitud):
| Variable | Tipo de variable | Comentarios |
|---|---|---|
target.resource.kind |
Cadena | Nombre de tipo de recurso del recurso primario de la solicitud. |
Variables automáticas (proporcionadas por el SDK para cada solicitud):
| Variable | Tipo de variable | Comentarios |
|---|---|---|
target.tenant.id |
Entidad (OCID) | OCID del ID de inquilino de destino. |
Detalles de combinaciones de verbo + tipo de recurso
En las siguientes tablas, se muestran los permisos y las operaciones de API que abarca cada verbo. El nivel de acceso es acumulativo al recorrer la progresión inspect > read > use > manage. Por ejemplo, un grupo que puede utilizar un recurso también puede inspeccionar y leer ese recurso. Un signo más (+) en una celda de la tabla indica un acceso incremental en comparación con la celda directamente por encima, mientras que "no extra" indica que no hay acceso incremental.
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_LINK_INSPECT ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT ORGANIZATIONS_DOMAIN_INSPECT ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT ORGANIZATIONS_TENANCY_INSPECT ORGANIZATIONS_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT GOVERNANCE_RULE_INSPECT ORGANIZATIONS_ENTITY_INSPECT ORGANIZATIONS_TENANCY_INSPECT |
ListLinks
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_LINK_READ ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ ORGANIZATIONS_DOMAIN_READ ORGANIZATIONS_DOMAIN_GOVERNANCE_READ ORGANIZATIONS_ENTITY_READ ORGANIZATIONS_TENANCY_READ ORGANIZATIONS_SUBSCRIPTION_READ ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ GOVERNANCE_RULE_READ |
INSPECT + GetLink
|
ninguna |
| USE | LEER + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY |
LEER + AcceptRecipientInvitation
GetGovernanceRule
|
ninguna |
| MANAGE | USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE ORGANIZATIONS_SENDER_INVITATION_CREATE ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE ORGANIZATIONS_ORDER_ACTIVATE ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE |
USE + DeleteLink
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_LINK_INSPECT | ListLinks
|
ninguna |
| LEER, USAR | INSPECCIONAR + ORGANIZATIONS_LINK_READ | INSPECT + GetLink |
ninguna |
| MANAGE | USE + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE |
USE + DeleteLink |
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT | ListRecipientInvitations
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_RECIPIENT_INVITATION_READ | INSPECT + GetRecipientInvitation |
ninguna |
| USE, MANAGE | LEER + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE | LEER + AcceptRecipientInvitation
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_SENDER_INVITATION_INSPECT | ListRecipientInvitations
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_SENDER_INVITATION_READ | INSPECT + GetSenderInvitation |
ninguna |
| USE | LEER + ORGANIZATIONS_SENDER_INVITATION_UPDATE | LEER + UpdateSenderInvitation
|
ninguna |
| MANAGE | USE + ORGANIZATIONS_SENDER_INVITATION_CREATE | USE + CreateSenderInvitation |
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT |
ListRecipientInvitations
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ |
INSPECT + GetRecipientInvitation
|
ninguna |
| USE | LEER + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE |
LEER + AcceptRecipientInvitation
|
ninguna |
| MANAGE | USE + ORGANIZATIONS_SENDER_INVITATION_CREATE | USE + CreateSenderInvitation |
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_DOMAIN_INSPECT | ListDomains
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_DOMAIN_READ | INSPECT + GetDomain |
ninguna |
| USE | LEER + ORGANIZATIONS_DOMAIN_UPDATE | LEER + UpdateDomain |
ninguna |
| MANAGE | USE + ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE |
USE + CreateDomain
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT | ListDomainGovernances
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_DOMAIN_GOVERNANCE_READ | INSPECT + GetDomainGovernance |
ninguna |
| USE | LEER + ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE | LEER + UpdateDomainGovernance |
ninguna |
| MANAGE | USE + ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE |
USE + CreateDomainGovernance
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_ENTITY_INSPECT | ListOrganizations
|
ninguna |
| READ | INSPECT + ORGANIZATIONS_ENTITY_READ | INSPECT + GetOrganization |
ninguna |
| USE | LEER + ORGANIZATIONS_ENTITY_UPDATE | LEER + UpdateOrganization |
ninguna |
| MANAGE | - | - | ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_TENANCY_INSPECT | ListOrganizationTenancies
|
ninguna |
| LEER, USAR | INSPECT + ORGANIZATIONS_TENANCY_READ (INSPECCIÓN) | INSPECT + GetOrganizationTenancy |
ninguna |
| MANAGE | USE + ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE |
USE + CreateChildTenancy
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | - | - | ninguna |
| READ | - | - | ninguna |
| USE | - | - | ninguna |
| MANAGE | ORGANIZATIONS_ORDER_ACTIVATE | ActivateOrder |
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_SUBSCRIPTION_INSPECT | ListSubscriptions
|
ninguna |
| READ | INSPECT + ORGANIZATIONS_SUBSCRIPTION_READ | INSPECT + GetSubscription |
ninguna |
| USE, MANAGE | USE + ORGANIZATIONS_SUBSCRIPTION_ASSIGN ORGANIZATIONS_SUBSCRIPTION_DELETE |
USE + AssignTenancySubscription
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT | ListSubscriptionMappings
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ | INSPECT + GetSubscriptionMapping |
ninguna |
| USE, MANAGE | USE + ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE |
USE + DeleteSubscriptionMapping
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT | ListAssignedSubscriptions
|
ninguna |
| READ | INSPECCIONAR + ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ | INSPECT + GetAssignedSubscription |
ninguna |
| USE | - | - | ninguna |
| MANAGE | - | - | ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT | ListAvailableRegions
|
ninguna |
| READ | - | - | ninguna |
| USE | - | - | ninguna |
| MANAGE | - | - | ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | GOVERNANCE_RULE_INSPECT | ListGovernanceRules
|
ninguna |
| READ | INSPECT + GOVERNANCE_RULE_READ | INSPECT + GetGovernanceRule
|
ninguna |
| USE | LEER + GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY |
LEER + GetGovernanceRule
|
ninguna |
| MANAGE | USE + GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE |
USE + CreateGovernanceRule
|
ninguna |
| Verbos | Permisos | API totalmente cubiertas | API parcialmente cubiertas |
|---|---|---|---|
| INSPECT | GOVERNANCE_RULE_ENFORCED_INSPECT | ListEnforcedGovernanceRules
|
ninguna |
| READ | INSPECCIONAR + GOVERNANCE_RULE_ENFORCED_READ | INSPECT + GetEnforcedGovernanceRule |
ninguna |
| USE | - | - | ninguna |
| MANAGE | - | - | ninguna |
Permisos requeridos para cada operación de API
En la siguiente tabla, se muestran las operaciones de API en un orden lógico, agrupadas por tipo de recurso. Para obtener más información sobre los permisos, consulte Permisos.
| Operación de API | Permisos necesarios para utilizar la operación |
|---|---|
| GetLink | ORGANIZATIONS_LINK_READ |
| ListLinks | ORGANIZATIONS_LINK_INSPECT |
| DeleteLink | ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_LINK_PARENT_DELETE |
| GetRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_READ |
| AcceptRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
| IgnoreRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
| UpdateRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
| ListRecipientInvitations | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT |
| CreateSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_CREATE |
| GetSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_READ |
| ListSenderInvitations | ORGANIZATIONS_SENDER_INVITATION_INSPECT |
| CancelSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_UPDATE |
| UpdateSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_UPDATE |
| UpdateSenderInvitation | ORGANIZATIONS_DOMAIN_READ |
| ListDomains | ORGANIZATIONS_DOMAIN_INSPECT |
| CreateDomain | ORGANIZATIONS_DOMAIN_CREATE |
| UpdateDomain | ORGANIZATIONS_DOMAIN_UPDATE |
| DeleteDomain | ORGANIZATIONS_DOMAIN_DELETE |
| GetDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_READ |
| ListDomainGovernances | ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT |
| CreateDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE |
| UpdateDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE |
| DeleteDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE |
| GetOrganization | ORGANIZATIONS_ENTITY_READ |
| ListOrganizations | ORGANIZATIONS_ENTITY_INSPECT |
| UpdateOrganization | ORGANIZATIONS_ENTITY_UPDATE |
| GetOrganizationTenancy | ORGANIZATIONS_TENANCY_READ |
| ListOrganizationTenancies | ORGANIZATIONS_TENANCY_INSPECT |
| apruebeForTransfer/unapproveForTransfer | ORGANIZATIONS_TENANCY_TRANSFER_APPROVAL_UPDATE |
| CreateChildTenancy | ORGANIZATIONS_TENANCY_CREATE |
| DeleteOrganizationTenancy | ORGANIZATIONS_TENANCY_DELETE |
| RestoreOrganizationTenancy | ORGANIZATIONS_TENANCY_RESTORE |
| ActivateOrder | ORGANIZATIONS_ORDER_ACTIVATE |
| ListSubscriptions | ORGANIZATIONS_SUBSCRIPTION_INSPECT |
| ListSubscriptionMappings | ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT |
| GetSubscription | ORGANIZATIONS_SUBSCRIPTION_READ |
| GetSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ |
| AssignTenancySubscription | ORGANIZATIONS_SUBSCRIPTION_ASSIGN |
| AssignDefaultSubscription | ORGANIZATIONS_SUBSCRIPTION_ASSIGN |
| DeleteSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE |
| CreateSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE |
| ListAssignedSubscriptions | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT |
| GetAssignedSubscription | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ |
| ListAvailableRegions | ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT |
| ListGovernanceRules | GOVERNANCE_RULE_INSPECT |
| GetGovernanceRule | GOVERNANCE_RULE_READ |
| CreateGovernanceRule | GOVERNANCE_RULE_CREATE |
| UpdateGovernanceRule | GOVERNANCE_RULE_UPDATE |
| DeleteGovernanceRule | GOVERNANCE_RULE_DELETE |
| RetryGovernanceRule | GOVERNANCE_RULE_RETRY |
| CreateInclusionCriterion | GOVERNANCE_RULE_UPDATE |
| DeleteInclusionCriterion | GOVERNANCE_RULE_UPDATE |
| ListTenancyAttachments | GOVERNANCE_RULE_READ |
| GetTenancyAttachment | GOVERNANCE_RULE_READ |
| RetryTenancyAttachment | GOVERNANCE_RULE_RETRY |
| ListEnforcedGovernanceRules | GOVERNANCE_RULE_ENFORCED_INSPECT |
| GetEnforcedGovernanceRule | GOVERNANCE_RULE_ENFORCED_READ |