About IAM Policies for Oracle Integration

Use Oracle Cloud Infrastructure Identity and Access Management (IAM) policies to control access to resources in your tenancy. For example, you can create a policy that authorizes users to create and manage Oracle Integration instances.

You create IAM policies using the Oracle Cloud Infrastructure Console. See Managing Policies with Identity Domains or Managing Policies without Identity Domains in the Oracle Cloud Infrastructure documentation.

You can create a policy in any compartment. However, be aware that you can only view and manage policies one compartment at a time; you can't get a single list of all policies in a tenancy. You might want to set up a strategy to organize your policies so they're easy to find. Here are some things to take into account when creating policies:
  • Policies are inherited from the parent compartment.
  • The compartment in which you create the policy determines who can modify or delete the policy.
  • Use compartments to separate resources between projects or business units.
  • Use a consistent naming format and good descriptions to make it easier to know what policies are used for.

Resource Type

The resource type available for Oracle Integration is:

  • integration-instance

Supported Variables

The integration-instance resource type can use the following variables.

Supported Variables Variable Variable Type Description

Required Variables Supplied by the Service for Every Request

target.compartment.id ENTITY The OCID of the primary resource for the request.
request.operation STRING The operation id (for example GetUser) for the request.
target.resource.kind STRING The resource kind name of the primary resource for the request.

Automatic Variables Supplied by the SDK for Every Request

request.user.id ENTITY For user-initiated requests. The OCID of the calling user.
request.groups.id LIST(ENTITY) For user-initiated requests. The OCIDs of the groups of request.user.id.
target.compartment.name STRING The name of the compartment specified in target.compartment.id.
target.tenant.id ENTITY The OCID of the target.tenant.id.
Additional Variables for Oracle Integration target.integration-instance.id ENTITY The OCID of the Oracle Integration instance that was created.

Details for Verb + Resource-Type Combinations

The following table shows the permissions and API operations covered by each verb. The level of access is cumulative as you go from INSPECT to READ to USE to MANAGE.

Verb Permissions APIs Fully Covered APIs Partially Covered
INSPECT
  • INTEGRATION_INSTANCE_INSPECT
  • ListIntegrationInstances
  • ListWorkRequests
None
READ
  • Inherits from INSPECT:
    • INTEGRATION_INSTANCE_INSPECT
  • INTEGRATION_INSTANCE_READ
  • GetIntegrationInstance
  • GetWorkRequest
None
USE
  • Inherits from READ:
    • INTEGRATION_INSTANCE_INSPECT
    • INTEGRATION_INSTANCE_READ
  • INTEGRATION_INSTANCE_UPDATE
  • UpdateIntegrationInstances
  • StartIntegrationInstance
  • StopIntegrationInstance
None
MANAGE
  • Inherits from USE:
    • INTEGRATION_INSTANCE_INSPECT
    • INTEGRATION_INSTANCE_READ
    • INTEGRATION_INSTANCE_UPDATE
  • INTEGRATION_INSTANCE_CREATE
  • INTEGRATION_INSTANCE_DELETE
  • INTEGRATION_INSTANCE_MOVE
  • CreateIntegrationInstance
  • DeleteIntegrationInstance
  • ChangeIntegrationCompartment
None

Permissions Required for Each API Operation

API Operation Permissions Required to Use the Operation

ListIntegrationInstances

INTEGRATION_INSTANCE_INSPECT

GetIntegrationInstance

INTEGRATION_INSTANCE_READ

CreateIntegrationInstance

INTEGRATION_INSTANCE_CREATE

DeleteIntegrationInstance

INTEGRATION_INSTANCE_DELETE

UpdateIntegrationInstances

INTEGRATION_INSTANCE_UPDATE

StartIntegrationInstance

INTEGRATION_INSTANCE_UPDATE

StopIntegrationInstance

INTEGRATION_INSTANCE_UPDATE

ListWorkRequests

INTEGRATION_INSTANCE_INSPECT

GetWorkRequest

INTEGRATION_INSTANCE_READ

ChangeIntegrationCompartment

INTEGRATION_INSTANCE_MOVE