Oracle Cloud Infrastructure Documentation

Overview of Service Catalog

A Service Catalog enables your organization to create and manage catalogs of applications that are approved for use in your tenancy.

These applications are offered through marketplace in the form of image and stack listings. Applications can be a public application available on marketplace or a private application offered within the organization. Service Catalog allows organizations to centrally manage applications and helps achieve consistent governance and compliance requirements. Approved or restricted sets of applications can reduce risks of misuse or overspending by end users, giving administrators peace of mind. End users can quickly deploy only approved applications that follow constraints set by the organization.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator.

This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.

If you're new to policies, see Getting Started with Policies and Common Policies.

For administrators, the following policies enable the creation of applications in a Service Catalogand provide access to those applications to users. For any policies, if you want to reduce the scope of access to a particular compartment, specify the compartment instead of the tenancy.

  • The following policy gives the specified example group the ability to list, view, create, update, delete, or move private applications in all compartments.

    allow group CatalogAdmins to manage private-applications in tenancy

  • The following policy gives the specified example group the ability to list, view, create, update, delete, or move Service Catalogs in all compartments.

    allow group CatalogAdmins to manage service-catalogs in tenancy
  • The following policy gives the specified example group the ability to browse and launch Service Catalog applications in all compartments:
    allow group CatalogUsers to inspect service-catalog-contents in tenancy
  • The following policy gives the specified example group the ability to browse and launch applications only from within a specific service catalog:
    allow group CatalogUsers to inspect service-catalog-contents in tenancy where service-catalog.id='ocid1.servicecatalog.oc1.iad.aaaaaaaaexampleocid'
  • The following policy gives the specified example group the ability to browse and launch applications only from within those service catalogs which are hosted in the compartment Project-A:
    allow group CatalogUsers to inspect service-catalog-contents in compartment Project-A

If you need to write more restrictive policies, see the policy reference on which these policies were based: Details for the Marketplace Service and Details for the Core Services, as needed.

Resource Identifiers

Most types of Oracle Cloud Infrastructure resources have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID).

For information about the OCID format and other ways to identify your resources, see Resource Identifiers. While the resources created from Marketplace images and stacks have an OCID to identify them, the listings themselves have a listing ID and a package version ID for every package version in the listing. Listing IDs are numeric values. Package version IDs are string values. These identifiers are unique to Marketplace and unrelated to OCIDs.

Ways to Access Oracle Cloud Infrastructure

You can access Oracle Cloud Infrastructure using the Console (a browser-based interface) or the REST API. Instructions for the Console and API are included in topics throughout this guide.

For a list of available SDKs, see Software Development Kits and Command Line Interface.

To access the Console, you must use a supported browser. You can use the Console link at the top of this page to go to the sign-in page. You are prompted to enter your cloud tenant, your user name, and your password.

Authentication and Authorization

Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

An administrator in your organization needs to set up groups, compartments, and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.

If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.

For the actual policy statements required to perform tasks related to Marketplace, see the topic specific to the task.