Oracle Cloud Infrastructure Lifecycle Operations for the Oracle Integration Instance: Control User Access

Use IAM (identity and access management) policies to secure access to the Oracle Cloud Infrastructure lifecycle operations for the Oracle Integration instance.

Access at a Glance

Area More information

People who need access

Oracle Cloud Infrastructure tenant and domain administrator

Authentication method:

Several methods

One of the following methods:

  • User interface authentication: User logins

    To access the user interface of Oracle Integration or the Oracle Cloud Infrastructure Console, people must sign in. To sign in, a user must be a member of an identity domain. The identity domain authenticates the user.

  • API authentication: Several methods

    An API, rather than the client that accesses it, is the sole determiner of its authentication methods. To learn about the authentication methods, see OCI SDK Authentication Methods in the Oracle Cloud Infrastructure documentation.

    To review your options for accessing the API, see Accessing Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure documentation.

Authorization method:

IAM (identity and access management) policies

Users access the Oracle Cloud Infrastructure Console using its user interface, its APIs, and its CLI. IAM policies govern access to these resources. IAM policies apply to a single tenancy and govern outbound access, which is access from an Oracle Integration instance to another application or resource.

IAM policies determine the types of operations that someone can perform on a resource. For example, a user with a READ policy for a resource cannot update the resource.

IAM policies provide immense flexibility in declaring the individuals or groups who have access to Oracle Cloud Infrastructure resources and the level of access that they have. Every IAM policy contains a verb that describes the actions the group is allowed to do. The following verbs are available and are ordered from the least amount of access to the most amount of access:

  • INSPECT
  • READ
  • USE
  • MANAGE

To learn more about IAM policies in general, see the following pages in the Oracle Cloud Infrastructure documentation:

To learn about IAM policies for Oracle Integration, including the verbs to use when writing an IAM policy, see About IAM Policies for Oracle Integration in Provisioning and Administering Oracle Integration 3.

How to Control Access

Security goal Owner More information

Understand your responsibilities and Oracle's responsibilities for various administrative tasks

Oracle Cloud Infrastructure tenant and domain administrator

The tenancy administrator receives the welcome email from Oracle and is responsible for managing the lifecycle operations on the instance.

See Oracle and Customer Responsibilities in Oracle Integration 3 in Provisioning and Administering Oracle Integration 3.

Determine whether your tenancy uses identity domains

Oracle Cloud Infrastructure tenant and domain administrator

Some tenancies use identity domains, while others don't. You have different requirements, depending on whether your tenancy uses identity domains.

To understand the differences between tenancies with and without identity domains, and to determine whether your tenancy uses identity domains, see Differences Between Tenancies With and Without Identity Domains in Provisioning and Administering Oracle Integration 3.

Configure access to the Oracle Integration instance

Oracle Cloud Infrastructure tenant and domain administrator

If you configure Oracle Integration to send data to Oracle Cloud Infrastructure Logging or Oracle Cloud Infrastructure Monitoring, restrict the people who can look at the data

Oracle Cloud Infrastructure tenant and domain administrator

You can send activity stream data to Oracle Cloud Infrastructure Logging. See Logging in the Oracle Cloud Infrastructure documentation.

You can send message pack data to Oracle Cloud Infrastructure Monitoring. See Monitoring in the Oracle Cloud Infrastructure documentation.

Ensure that you authorize only the correct people to view the logs and other data.

Associate a policy with the log or log group. The policy should allow only select viewers.

Periodically audit users' access to the Oracle Integration instance

Oracle Cloud Infrastructure tenant and domain administrator