Oracle Cloud Migrations IAM Policies - VMware
Create Identity and Access Management (IAM) policies to control who has access to Oracle Cloud Migrations (OCM) resources, and to control the type of access for each group of users.
By default, users in the Administrators
group have access to all the Oracle Cloud Migrations resources. If you are new to IAM policies, see
Getting Started with Policies.
For a complete list of all policies in Oracle Cloud Infrastructure, see the Policy Reference and Common Policies.
This section explains the following topics:
Supported Variables
Use variables when adding conditions to a policy.
The Migration service supports the following variables types:
- Entity: Oracle Cloud Identifier (OCID)
- String: Free-form text.
- List: List of Entity, or String
See General Variables for All Requests.
Variables are lowercase and hyphen-separated. For example,
target.tag-namespace.name
, target.display-name
. Here
name
must be unique, and display-name
is the
description.
Required variables are supplied by the Migration service for every request. Automatic variables are supplied by the authorization engine (either service-local with the SDK for a thick client, or on the Identity data plane for a thin client).
Required Variables | Type | Description |
---|---|---|
target.compartment.id |
Entity (OCID) | The OCID of the primary resource for the request. |
request.operation |
String | The operation ID (for example, GetUser ) for the
request. |
target.resource.kind |
String | The resource kind name of the primary resource for the request. |
Automatic Variables | Type | Description |
---|---|---|
request.user.id |
Entity (OCID) | The OCID of the requesting user. |
request.groups.id |
List of entities (OCIDs) | The OCIDs of the groups the requesting user is in. |
target.compartment.name |
String | The name of the compartment specified in
target.compartment.id . |
target.tenant.id |
Entity (OCID) | The OCID of the target tenant ID. |
Dynamic Variables | Type | Description |
---|---|---|
request.principal.group.tag.<tagNS>.<tagKey> |
String | The value of each tag on a group of which the principal is a member. |
request.principal.compartment.tag.<tagNS>.<tagKey> |
String | The value of each tag on the compartment that contains the principal. |
target.resource.tag.<tagNS>.<tagKey> |
String | The value of each tag on the target resource. The variable is computed based on tagSlug supplied by service on each request. |
target.resource.compartment.tag.<tagNS>.<tagKey> |
String | The value of each tag on the compartment that contains the target resource. The variable is computed based on tagSlug supplied by service on each request. |
Creating a Policy
Review the steps required to create a policy.
Here's how you create a policy in the Oracle Cloud Console:
For more information about creating policies, see How Policies Work and Policy Reference.
For users to access the Oracle Cloud Migrations resources, see user policies. For using the Oracle Cloud Migrations service, see service policies.