In addition to the policies required to provision and manage your instance, some network policies are needed to use private endpoints.

The following table lists the IAM policies required for a cloud user to add a private endpoint. The listed policies are the minimum requirements to add a private endpoint. You can also use a policy rule that is broader. For example, you could set the policy rule like this:

Allow group MyGroupName to manage virtual-network-family in compartment <compartmentName1>
Allow group MyGroupName to manage virtual-network-family in compartment <compartmentName2>

In this policy, <compartmentName1> is the compartment where the VCN and subnet exist, and <compartmentName2> is the compartment where the Visual Builder instance will be created.

This rule also works because it is a superset that contains all the required policies.

Visual Builder relies on the IAM (Identity and Access Management) service to authenticate and authorize cloud users to perform operations that use any of the Oracle Cloud Infrastructure interfaces (the Console, REST API, CLI, SDK, or others).

The IAM service uses groups, compartments and policies to control which cloud users can access which resources. In particular, a policy defines what kind of access a group of users has to a particular kind of resource in a particular compartment. For more information, see Getting Started with Policies.