Required IAM Policy for Vulnerability Reports

To use Oracle Cloud Infrastructure, you must be granted the required type of access in a policy (IAM)  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool.

Tip

If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you were granted and which compartment  you’re supposed to work in.

For example, to allow users in the group SecurityAdmins to create, update, and delete all Vulnerability Scanning resources in the compartment SalesApps:

Allow group SecurityAdmins to manage vss-family in compartment SalesApps

See Vulnerability Scanning IAM Policies.