Oracle Cloud Infrastructure Documentation

Create IAM Policies

Create policies in Oracle Cloud Infrastructure Identity and Access Management (IAM) to provide service administrators Oracle Cloud Console access to Oracle Integration.

For more information, see:
Note

Each IAM policy governs only a single instance. Your organization might have multiple instances of Oracle Integration. For example, you might have a development instance, as well as testing and production instances.

How to Create an IAM Policy

  1. In the Oracle Cloud Console, open the navigation menu and click Identity & Security, then, under Identity, click Policies.
  2. Click Create Policy.
  3. In the Create Policy window, enter a name (for example, IntegrationGroupPolicy) and a description.
  4. Make sure you've selected the compartment in which you want to create the policy. See Compartment Tips.
  5. Under Policy Builder, select Show manual editor and enter the required policy statements.
    Syntax:
    • allow group domain-name/group-name to verb resource-type in compartment compartment-name

    • allow group domain-name/group-name to verb resource-type in tenancy

    Where:
    • domain-name is the domain that includes the group you're giving access to.

      If you omit the domain name, the default domain is assumed.

    • group-name is the group you're giving access to.

      You'll want to create separate groups for each level of access you want to provide. For example, create one group that will have read access and one that will have manage access.

    • verb is the type of access you're granting.

      You're most likely to grant read access, which allows users to view Oracle Integration instances and their details; or manage access, which allows users full permissions for Oracle Integration instances (create, delete, edit, move, and view).

      Alternatively, you can grant more fine-grained access with permissions (typically used by power users).

      For more information, see IAM Policies for Oracle Integration.

    • resource-type is integration-instance for Oracle Integration.
    • compartment-name is the compartment that includes your Oracle Integration instance.
    Example:
    • allow group admin/oci-integration-admins to manage integration-instance in compartment OICCompartment

    This policy statement allows the oci-integration-admins group in the admin domain to manage all Oracle Integration instances (integration-instance) in compartment OICCompartment.

  6. If desired, you can add a policy to allow members of the group to view message metrics, as described in Stay Within Budget: Track Billing Metrics.

    Example:

    • allow group oci-integration-admins to read metrics in compartment OICPMCompartment
  7. Click Create.
    The policy statements are validated and any syntax errors are displayed.