Storage Mount Policies
The policies required to use storage mounts.
- Create a dynamic group if one isn't available, or add the following rule to an existing
dynamic
group:
ALL {resource.type = 'datasciencenotebooksession'} - Add a policy to let data science service use a custom subnet, if one doesn't
exist:
allow service datascience to use virtual-network-family in compartment id '<COMPARMENT_ID>' - (Optional) Let notebooks access object storage, if using object
storage:
allow dynamic-group <DYNAMIC_GROUP> to use object-family in compartment id <COMPARTMENT_ID> where all {target.bucket.name='<BUCKET_NAME>'} allow dynamic-group <DYNAMIC_GROUP> to manage objects in compartment id <COMPARTMENT_ID> where all {target.bucket.name='<BUCKET_NAME>'} - (Optional) Let notebooks access file storage, if using file
storage:
allow dynamic-group <DYNAMIC_GROUP> to manage file-family in compartment <COMPARTMENT_ID>