Oracle Cloud Infrastructure Documentation

IAM Policy Details for Visual Builder

This topic covers details for writing policies to control access to Visual Builder.

Note

Use the following resources for more information on how IAM policies work and how to create them. To make sure you're using the correct resources, you'll need to know if you're using IAM with an Identity Domain or without an Identity Domain. If you're not sure if you're using an Identity Domain, see About Setting Up Users and Groups.

If you're using IAM with an Identity Domain:

If you're using IAM without an Identity Domain:

Resource Types

These are the resources available for Visual Builder:

  • visualbuilder-instance

Supported Variables

The visualbuilder-instance resource type can use the following variables.

Supported Variables Variable Variable Type Description

Required Variables Supplied by the Service for Every Request

 target.compartment.id ENTITY The OCID of the primary resource for the request.
request.operation STRING The operation id (for example 'GetUser') for the request.
target.resource.kind STRING The resource kind name of the primary resource for the request.

Automatic Variables Supplied by the SDK for Every Request

 request.user.id ENTITY For user-initiated requests. The OCID of the calling user.
request.groups.id LIST(ENTITY) For user-initiated requests. The OCIDs of the groups of request.user.id.
target.compartment.name STRING The name of the compartment specified in target.compartment.id.
target.tenant.id ENTITY The OCID of the target tenant id.
Additional Variables for Visual Builder target.visualbuilderinstance.id ENTITY The OCID of the Visual Builder instance that was created.

Details for Verb + Resource-Type Combinations

The following table shows the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage.

Verb Permissions APIs Fully Covered APIs Partially Covered
INSPECT
  • VISUALBUILDER_INSTANCE_INSPECT
  • ListVbInstances
  • ListWorkRequests
 None
READ
  • Inherits from INSPECT:
    • VISUALBUILDER_INSTANCE_INSPECT
  • VISUALBUILDER_INSTANCE_READ
  • GetVbInstance
  • GetWorkRequest
 None
USE
  • Inherits from READ:
    • VISUALBUILDER_INSTANCE_INSPECT
    • VISUALBUILDER_INSTANCE_READ
  • VISUALBUILDER_INSTANCE_UPDATE
  • UpdateVbInstance
  • StartVbInstance
  • StopVbInstance
 None
MANAGE
  • Inherits from USE:
    • VISUALBUILDER_INSTANCE_INSPECT
    • VISUALBUILDER_INSTANCE_READ
    • VISUALBUILDER_INSTANCE_UPDATE
  • VISUALBUILDER_INSTANCE_CREATE
  • VISUALBUILDER_INSTANCE_DELETE
  • VISUALBUILDER_INSTANCE_MOVE
  • CreateVbInstance
  • DeleteVbInstance
  • ChangeVbInstanceCompartment
 None

Permissions Required for Each API Operation

API Operation Permissions Required to Use the Operation

ListVbInstances

 VISUALBUILDER_INSTANCE_INSPECT

GetVbInstance

 VISUALBUILDER_INSTANCE_READ

CreateVbInstance

 VISUALBUILDER_INSTANCE_CREATE

DeleteVbInstance

 VISUALBUILDER_INSTANCE_DELETE

UpdateVbInstance

 VISUALBUILDER_INSTANCE_UPDATE

StartVbInstance

 VISUALBUILDER_INSTANCE_UPDATE

StopVbInstance

 VISUALBUILDER_INSTANCE_UPDATE

ListWorkRequests

 VISUALBUILDER_INSTANCE_INSPECT

GetWorkRequest

 VISUALBUILDER_INSTANCE_READ

ChangeVbInstanceCompartment

 VISUALBUILDER_INSTANCE_MOVE