Permissions for Oracle Cloud Infrastructure

To enable users to perform operations for Oracle Cloud Infrastructure, create policies that allow users or user groups to perform the required actions that are part of operations such as backup and recovery or VM conversion.

In Oracle Cloud Infrastructure, create policies for each compartment level, and then create user groups with the same names as the policies.

To each user group, add the user who is used to create the Oracle Cloud Infrastructure hypervisor in Command Center.

At tenant level:

Resource

Level

Backup

Recovery

VM Conversion

compartments

inspect

Yes

Yes

Yes

subnets

use

--

Yes

--

vcns

inspect

--

Yes

--

vnics

use

--

Yes

--

Note

If the source instance is created using the marketplace image, allow group [group_name] to read app-catalog-listing in tenancy.

At compartment level for each source instance and for each future restored instance target compartments:

Resource

Level

Backup

Recovery

VM Conversion

BYOS Object Storage

boot-volume-backups

manage

Yes

Yes

--

--

buckets

create

Yes

Yes

Yes

Yes

buckets

PAR_MANAGE for Preauthenticated Requests

--

--

Yes

Yes

buckets

inspect

Yes

Yes

--

Yes

instance-images

manage

Yes

Yes

Yes

--

instances

manage

Yes

Yes

Yes

--

objects

manage

Yes

Yes

Yes

Yes

subnets

use

Yes

Yes

Yes

--

vcns

inspect

Yes

Yes

Yes

--

vnic-attachments

inspect

Yes

Yes

Yes

--

vnics

use

Yes

Yes

Yes

--

volume-attachments

manage

Yes

Yes

Yes

--

volume-backups

manage

Yes

Yes

--

--

volumes

manage

Yes

Yes

Yes

--

At the access node compartment level:

Resource

Level

Backup

Recovery

VM Conversion

instances

use

Yes

Yes

Yes

volume-attachments

manage

Yes

Yes

Yes

volumes

use

Yes

Yes

Yes

For more information about Oracle Cloud Infrastructure Identity and Access Management (IAM) policies, see the following:

Loading...