Policy Details for Exadata Fleet Update
Learn to write policies to control access to Exadata Fleet Update resources.
Note:
For more information on Policies, see How Policies Work.
- About Resource-Types and Fleet Update Policies
Learn about resource types that you can use in your policies. - Resource-Types for Fleet Update
Review the list of resource-types specific to Fleet Update. - Supported Variables for Fleet Update
Use variables when adding conditions to a policy. - Details for Verb + Resource-Type Combinations
Review the list of permissions and API operations covered by each verb for Fleet Update.
Parent topic: References
About Resource-Types and Fleet Update Policies
Learn about resource types that you can use in your policies.
An aggregate resource type covers the list of individual resource types that
directly follow. For example, writing one policy to allow a group to have access to
thefleet-software-update-family is equivalent to writing separate
policies for the group that would grant access to the
fleet-software-update-discoveries,
fleet-software-update-collections,
fleet-software-update-cycles, and the rest of the individual
resource types. For more information, see Resource-Types.
Example Policies
- Allow tenancyAdmins group to manage everything in Fleet Software Update
service:
Allow group tenancyAdmin to manage fleet-software-update-family in tenancy - Allow hrAdmin group to manage Fleet Software Update resources in a
specific
compartment:
Allow group hrAdmin to manage fleet-software-update-family in compartment hr-resoures - Allow opsTeam to see action and job details and output for triaging in
the HR
compartment:
Allow group hrOps to read fleet-software-update-actions in compartment hr-resouresAllow group hrOps to read fleet-software-update-jobs in compartment hr-resoures - Allow a specific user access to an action result output in hr-resources
for
triaging:
Allow user triageUser to {FSU_ACTION_READ_OUTPUT} in compartment hr-resources - Allow the on-call group to use jobs and actions to retry, resume or
cancel operations during a patching
cycle:
Allow group onCallDev to use fleet-software-update-actions in tenancyAllow group onCallDev to use fleet-software-update-jobs in tenancy
Parent topic: Policy Details for Exadata Fleet Update
Resource-Types for Fleet Update
Review the list of resource-types specific to Fleet Update.
Aggregate Resource-Type
fleet-software-update-family
fleet-software-update-discoveriesfleet-software-update-collectionsfleet-software-update-cyclesfleet-software-update-actionsfleet-software-update-jobsfleet-software-update-work-requestsfleet-software-update-imagesfleet-software-update-homes
Parent topic: Policy Details for Exadata Fleet Update
Supported Variables for Fleet Update
Use variables when adding conditions to a policy.
Fleet Update supports only the general variables. For more information, see General Variables for All Requests.
Parent topic: Policy Details for Exadata Fleet Update
Details for Verb + Resource-Type Combinations
Review the list of permissions and API operations covered by each verb for Fleet Update.
For more information, see Permissions, Verbs, and Resource-Types.
- Fleet Update Family Resource Types
Each Fleet Update resource-type verb grants different levels of access. - fleet-software-update-discoveries
Review the list of permissions and API operations forfleet-software-update-discoveriesresource-type. - fleet-software-update-collections
Review the list of permissions and API operations forfleet-software-update-collectionsresource-type. - fleet-software-update-cycles
Review the list of permissions and API operations forfleet-software-update-cyclesresource-type. - fleet-software-update-actions
Review the list of permissions and API operations forfleet-software-update-actionsresource-type. - fleet-software-update-jobs
Review the list of permissions and API operations forfleet-software-update-jobsresource-type. - fleet-software-update-work-requests
Review the list of permissions and API operations forfleet-software-update-work-requestsresource-type.
Parent topic: Policy Details for Exadata Fleet Update
Fleet Update Family Resource Types
Each Fleet Update resource-type verb grants different levels of access.
The level of access is cumulative as you go from inspect to read, to use, and to manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
For example, the read verb for the
fleet-software-update-discoveries resource-type covers no extra
permissions or API operations compared to the inspect verb. However,
the use verb includes one more permission, fully covers one more
operation, and partially covers another additional operation.
Parent topic: Details for Verb + Resource-Type Combinations
fleet-software-update-discoveries
Review the list of permissions and API operations for
fleet-software-update-discoveries resource-type.
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
none |
|
use |
READ +
|
|
none |
|
manage |
USE+
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
fleet-software-update-collections
Review the list of permissions and API operations for
fleet-software-update-collections resource-type.
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
|
|
use |
READ +
no extra |
|
none |
|
manage |
USE+
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
fleet-software-update-cycles
Review the list of permissions and API operations for
fleet-software-update-cycles resource-type.
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
none |
|
use |
READ +
no extra |
|
none |
|
manage |
USE+
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
fleet-software-update-actions
Review the list of permissions and API operations for
fleet-software-update-actions resource-type.
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
none |
|
use |
READ +
|
|
none |
|
manage |
USE+
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
fleet-software-update-jobs
Review the list of permissions and API operations for
fleet-software-update-jobs resource-type.
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
|
|
use |
READ +
|
|
none |
|
manage |
USE+
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
fleet-software-update-work-requests
Review the list of permissions and API operations for
fleet-software-update-work-requests resource-type.
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
none |
|
use |
READ +
no extra |
|
none |
|
manage |
USE+
no extra |
|
none |
Parent topic: Details for Verb + Resource-Type Combinations