About Speech Policies

Resource Types

Speech offers both aggregate and individual resource types for writing policies. You can use aggregate resource types to write fewer policies. For example, instead of allowing a group to manage all individual resource types, you can have a policy that allows the group to manage the aggregate resource type, ai-service-speech-family.

Individual Resource Types

ai-service-speech-transcription-job

ai-service-speech-synthesize-voice

ai-service-speech-synthesize

Aggregate Resource Type

ai-service-speech-family

Required IAM Policies

To work with Speech, an administrator must grant you access in an IAM policy.

If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have.

You must provide access to Object Storage to read media files and generate transcriptions to a bucket by creating policies.

Create a policy with one of the following policies to manage objects:

allow <group-name> SpeechUsers to manage object-family in tenancy

Create a policy with one of the following policies to manage transcription jobs:

allow <subject> to
          manage ai-service-speech-family in tenancy
          group <group-name> | group
          id <group-ocid> |
          dynamic-group <dynamic-group-name> |
        dynamic-group id <dynamic-group-ocid> |
        any-user

Example Policies

These policies allow users in the SpeechUsers group to manage Speech transcription jobs:

allow group SpeechUsers to manage ai-service-speech-family in tenancy
allow group SpeechUsers to manage object-family in tenancy
allow group SpeechUsers to read tag-namespaces in tenancy
allow group SpeechUsers to inspect tag-namespaces in tenancy

If you want to limit access to a specific compartment, then create a group, and set these policies in that compartment:

allow group SpeechUsers to manage ai-service-speech-family in compartment <compartment-name>
allow group SpeechUsers to manage object-family in compartment <compartment-name>
allow group SpeechUsers to read tag-namespaces in compartment <compartment-name>
allow group SpeechUsers to inspect tag-namespaces in compartment <compartment-name>

Allow all users to manage all Speech resources using the aggregate resource:

allow any-user to manage ai-service-speech-family in tenancy

Resource Types and Permissions

Permissions Required for Each API Operation

You can use the individual resource types with API calls to interact with the service.

The following table lists the API operations for the Speech service in a logical order, grouped by resource type, and the permissions required for resource types: