To enable users to perform operations for Oracle Cloud Infrastructure, create policies that allow users or user groups to perform the required actions that are part of operations such as backup and recovery or VM conversion.
In Oracle Cloud Infrastructure, create policies for each compartment level, and then create user groups with the same names as the policies.
To each user group, add the user who is used to create the Oracle Cloud Infrastructure hypervisor in Command Center.
At tenant level:
Resource |
Level |
Backup |
Recovery |
VM Conversion |
---|---|---|---|---|
compartments |
inspect |
Yes |
Yes |
Yes |
subnets |
use |
-- |
Yes |
-- |
vcns |
inspect |
-- |
Yes |
-- |
vnics |
use |
-- |
Yes |
-- |
Note
If the source instance is created using the marketplace image, allow group [group_name] to read app-catalog-listing in tenancy.
At compartment level for each source instance and for each future restored instance target compartments:
Resource |
Level |
Backup |
Recovery |
VM Conversion |
BYOS Object Storage |
---|---|---|---|---|---|
boot-volume-backups |
manage |
Yes |
Yes |
-- |
-- |
buckets |
create |
Yes |
Yes |
Yes |
Yes |
buckets |
PAR_MANAGE for Preauthenticated Requests |
-- |
-- |
Yes |
Yes |
buckets |
inspect |
Yes |
Yes |
-- |
Yes |
instance-images |
manage |
Yes |
Yes |
Yes |
-- |
instances |
manage |
Yes |
Yes |
Yes |
-- |
objects |
manage |
Yes |
Yes |
Yes |
Yes |
subnets |
use |
Yes |
Yes |
Yes |
-- |
vcns |
inspect |
Yes |
Yes |
Yes |
-- |
vnic-attachments |
inspect |
Yes |
Yes |
Yes |
-- |
vnics |
use |
Yes |
Yes |
Yes |
-- |
volume-attachments |
manage |
Yes |
Yes |
Yes |
-- |
volume-backups |
manage |
Yes |
Yes |
-- |
-- |
volumes |
manage |
Yes |
Yes |
Yes |
-- |
At the access node compartment level:
Resource |
Level |
Backup |
Recovery |
VM Conversion |
---|---|---|---|---|
instances |
use |
Yes |
Yes |
Yes |
volume-attachments |
manage |
Yes |
Yes |
Yes |
volumes |
use |
Yes |
Yes |
Yes |
Related Topics
For more information about Oracle Cloud Infrastructure Identity and Access Management (IAM) policies, see the following: