Oracle Cloud Infrastructure Documentation

Create Policies for Oracle Integration

Create policies in Oracle Cloud Infrastructure Identity and Access Management (IAM) to provide a group of users permission to manage the lifecycle for Oracle Integration instances in Oracle Cloud Infrastructure Console.

For more information about IAM policies, see IAM Policies Overview in the Oracle Cloud Infrastructure documentation.

To learn about IAM policies for Oracle Integration, including the verbs to use when writing an IAM policy, see IAM Policies for Oracle Integration.

Note

Each IAM policy governs only a single instance. Your organization might have multiple instances of Oracle Integration. For example, you might have a development instance, as well as testing and production instances.
  1. In the Oracle Cloud Infrastructure Console, open the navigation menu and click Identity & Security, then, under Identity, click Policies.
  2. Click Create Policy.
  3. In the Create Policy window, enter a name (for example, IntegrationGroupPolicy) and a description.
  4. Make sure you've selected the compartment in which you want to create the policy. See the tips in IAM Policies for Oracle Integration.
  5. Under Policy Builder, select Show manual editor and enter the required policy statements.
    Syntax:
    • allow group domain-name/group_name to verb resource-type in compartment compartment-name

    • allow group domain-name/group_name to verb resource-type in tenancy

    Example:
    • allow group admin/oci-integration-admins to manage integration-instance in compartment OICCompartment

    This policy statement allows the oci-integration-admins group in the admin domain to manage instance integration-instance in compartment OICCompartment.

    Note

    • If you omit the domain name, the default domain is assumed.
    • When defining policy statements, you can specify either verbs (as used in these steps) or permissions (typically used by power users).
    • You can create separate groups for different permissions, such as a group with read permission only.
    • The read and manage verbs are most applicable to Oracle Integration. The manage verb has the most permissions (create, delete, edit, move, and view).
      Verb Access

      read

      Includes permission to view Oracle Integration instances and their details.

      manage

      Includes all permissions for Oracle Integration instances.

  6. If desired, you can add a policy to allow members of the group to view message metrics, as described in View Message Metrics and Billable Messages.

    Example:

    • allow group oci-integration-admins to read metrics in compartment OICPMCompartment
  7. Click Create.
    The policy statements are validated and any syntax errors are displayed.