allow any-user to use metrics in compartment id <target_metric_compartment_OCID>
where all {
request.principal.type='serviceconnector',
target.metrics.namespace='<metric_namespace>',
request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
Define tenancy DestinationTenancy as <destination_tenancy_OCID>
Admit any-user of tenancy DestinationTenancy to <permissions_for_resource_kind> in compartment id <compartment_OCID_in_source_tenancy>
where all
{
request.principal.type='serviceconnector',
request.principal.compartment.id=<compartment_OCID_in_destination_tenancy>'
}
Define tenancy SourceTenancy as <source_tenancy_OCID>
Endorse any-user to <permissions_for_resource_kind> in tenancy SourceTenancy
where all
{
request.principal.type='serviceconnector'
}
Define tenancy SourceTenancy as <source_tenancy_OCID>
Define group <group_name> as <group_OCID>
Admit group <group_name> of tenancy SourceTenancy to manage serviceconnectors
in tenancy
Define tenancy SourceTenancy as <source_tenancy_OCID>
Define group <group_name> as <group_OCID>
Admit group <group_name> of tenancy SourceTenancy to read serviceconnectors
in compartment SharedConnectors
Define tenancy SourceTenancy as <source_tenancy_OCID>
Define dynamic-group <dynamic_group_name> as <group_OCID>
Admit dynamic-group <dynamic_group_name> of tenancy SourceTenancy to read serviceconnectors
in compartment SharedConnectors
Define tenancy ConnectorTenancy as <tenancy_b_OCID>
Admit any-user of tenancy ConnectorTenancy to {STREAM_READ, STREAM_CONSUME} in compartment id <compartment_OCID_in_tenancy_a>
where all
{
request.principal.type='serviceconnector',
request.principal.compartment.id=<compartment_OCID_in_tenancy_b>'
}
テナンシB
テナンシAのストリームにアクセスするために、このテナンシ内のすべてのコネクタを承認します。
Define tenancy StreamTenancy as <tenancy_a_OCID>
Endorse any-user to {STREAM_READ, STREAM_CONSUME} in tenancy StreamTenancy
where all
{
request.principal.type='serviceconnector'
}
Allow any-user to manage objects in compartment id <target_bucket_compartment_OCID>
where all {
request.principal.type='serviceconnector',
target.bucket.name='<bucket_name>',
request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
Define tenancy ConnectorTenancy as <tenancy_b_OCID>
Admit any-user of tenancy ConnectorTenancy to read log-content in compartment id <compartment_OCID_in_tenancy_a>
where all
{
request.principal.type='serviceconnector',
request.principal.compartment.id=<compartment_OCID_in_tenancy_b>'
}
Define tenancy LogTenancy as <tenancy_a_OCID>
Endorse any-user to read log-content in tenancy LogTenancy
where all
{
request.principal.type='serviceconnector'
}
Allow any-user to use loganalytics-log-group in compartment id <target_log_group_compartment_OCID>
where all {
request.principal.type='serviceconnector',
target.loganalytics-log-group.id=<log_group_OCID>,
request.principal.compartment.id=<serviceconnector_compartment_OCID>
}
Define tenancy FunctionTenancy as <tenancy_b_OCID>
Endorse any-user to use fn-function in tenancy FunctionTenancy
where all
{
request.principal.type='serviceconnector'
}
Define tenancy FunctionTenancy as <tenancy_b_OCID>
Endorse any-user to use fn-invocation in tenancy FunctionTenancy
where all
{
request.principal.type='serviceconnector'
}
Allow any-user to read log-content in compartment id <source_log_compartment_OCID>
where all {
request.principal.type='serviceconnector',
request.principal.compartment.id='<serviceconnector_compartment_OCID>'
}
テナンシB
テナンシAのすべてのコネクタを許可して、このテナンシの任意の機能にアクセスします。
Define tenancy ConnectorTenancy as <tenancy_a_OCID>
Admit any-user to use fn-function in tenancy ConnectorTenancy
where all
{
request.principal.type='serviceconnector'
}
Define tenancy ConnectorTenancy as <tenancy_a_OCID>
Admit any-user to use fn-invocation in tenancy ConnectorTenancy
where all
{
request.principal.type='serviceconnector'
}
Define tenancy ConnectorTenancy as <tenancy_b_OCID>
Admit any-user of tenancy ConnectorTenancy to read metrics in compartment id <compartment_OCID_in_tenancy_a>
where all
{
request.principal.type='serviceconnector',
request.principal.compartment.id=<compartment_OCID_in_tenancy_b>'
}
テナンシB
テナンシAのメトリックにアクセスするために、このテナンシ内のすべてのコネクターを承認すること。
Define tenancy MetricTenancy as <tenancy_a_OCID>
Endorse any-user to read metrics in tenancy MetricTenancy
where all
{
request.principal.type='serviceconnector'
}
テナンシCの任意のバケットにアクセスするために、このテナンシ内のすべてのコネクターを承認すること。
Define tenancy BucketTenancy as <tenancy_c_OCID>
Endorse any-user to manage objects in tenancy BucketTenancy
where all
{
request.principal.type='serviceconnector'
}
Define tenancy ConnectorTenancy as <tenancy_b_OCID>
Admit any-user of tenancy ConnectorTenancy to manage objects in compartment id <compartment_OCID_in_tenancy_c>
where all
{
request.principal.type='serviceconnector',
request.principal.compartment.id=<compartment_OCID_in_tenancy_b>'
}