Oracle Cloud Infrastructure Documentation

Create an IAM Policy in an Identity Domain

Create a policy to grant permissions to users in a domain group to work with Oracle Integration instances within a specified tenancy or compartment.

Uses identity domains This topic applies only to tenancies that use identity domains. See Differences Between Tenancies With and Without Identity Domains.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Policies.
  2. Click Create Policy.
  3. In the Create Policy window, enter a name (for example, IntegrationGroupPolicy) and a description.
  4. In the Policy Builder, select Show manual editor and enter the required policy statements.

    Syntax:

    • allow group domain-name/group_name to verb resource-type in compartment compartment-name

    • allow group domain-name/group_name to verb resource-type in tenancy

    Example: allow group admin/oci-integration-admins to manage integration-instance in compartment OICCompartment

    This policy statement allows the oci-integration-admins group in the admin domain to manage instance integration-instance in compartment OICCompartment.

    Note

    • If you omit the domain name, the default domain is assumed.

    • When defining policy statements, you can specify either verbs (as used in these steps) or permissions (typically used by power users).

    • You can create separate groups for different permissions, such as a group with read permission only.

    • The read and manage verbs are most applicable to Oracle Integration. The manage verb has the most permissions (create, delete, edit, move, and view).

      Verb Access

      read

      Includes permission to view Oracle Integration instances and their details.

      manage

      Includes all permissions for Oracle Integration instances.

    To learn more about policies, see:

  5. If desired, you can add a policy to allow members of the group to view message metrics, as described in View Message Metrics and Billable Messages.

    For example:

    allow group oci-integration-admins to read metrics in compartment OICPMCompartment

  6. Click Create.
    The policy statements are validated and syntax errors are displayed.