Oracle Cloud Infrastructure Documentation

Block Volume Permissions for Roving Edge Infrastructure

Describes the details for writing user IAM policies that control access to rules for the Block Volume service for a Roving Edge Infrastructure device.

Resource-Types

backup-policies

volumes

volume-backups

volume-groups

backup-policy-assignments

volume-group-backups

boot-volume-backups

volume-attachments

boot-volumes

volume-family

Details for Verb + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage.

backup-policies

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

BACKUP_POLICIES_INSPECT

ListVolumeBackupPolicies

GetVolumeBackupPolicy

CreateVolumeBackupPolicyAssignment (also need manage backup-policy-assignments)

read

BACKUP_POLICIES_INSPECT

ListVolumeBackupPolicies

GetVolumeBackupPolicy

None

use

BACKUP_POLICIES_INSPECT

ListVolumeBackupPolicies

GetVolumeBackupPolicy

None

manage

BACKUP_POLICIES_CREATE

BACKUP_POLICIES_DELETE

BACKUP_POLICIES_INSPECT

BACKUP_POLICIES_UPDATE

ListVolumeBackupPolicies

GetVolumeBackupPolicy

CreateVolumeBackupPolicy

DeleteVolumeBackupPolicy

UpdateVolumeBackupPolicy

None

volumes

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

VOLUME_INSPECT

GetVolume

ListVolumes

GetVolumeGroup

ListVolumeGroups

GetBootVolume

GetVolumeHealth

ListVolumesHealth

GetVolumeKmsKey

GetBootVolumeKmsKey

ListVolumeBackups (also need inspect volume-backups)

GetVolumeBackup (also need inspect volume-backups)

UpdateVolumeBackup (also need use volume-backups)

DeleteVolumeBackup (also need delete volume-backups)

GetBootVolumeBackup (also need inspect volume-backups)

UpdateBootVolumeBackup (also need use volume-backups)

ListBootVolumeBackups (also need inspect boot volume-backups)

DeleteBootVolumeBackup (also need manage volume-backups)

GetVolumeGroupBackup (also need inspect volume-backups)

ListVolumeGroupBackups (also need inspect volume-backups)

UpdateVolumeGroupBackup (also need use volume-backups)

DeleteVolumeGroupBackup (also need manage volume-backups)

GetVolumeBackupPolicyAssetAssignment (also need inspect backup-policy-assignments)

read

VOLUME_INSPECT

GetVolume

ListVolumes

GetVolumeGroup

ListVolumeGroups

GetBootVolume

GetVolumeHealth

ListVolumesHealth

GetVolumeKmsKey

GetBootVolumeKmsKey

None

use

VOLUME_INSPECT

VOLUME_UPDATE

VOLUME_WRITE

GetVolume

ListVolumes

GetVolumeGroup

ListVolumeGroups

GetBootVolume

GetVolumeHealth

ListVolumesHealth

GetVolumeKmsKey

GetBootVolumeKmsKey

UpdateVolume

UpdateVolumeGroup

UpdateBootVolume

UpdateVolumeKmsKey

DeleteVolumeKmsKey

UpdateBootVolumeKmsKey

DeleteBootVolumeKmsKey

ValidateVolumeCreate

CreateVolumeBackup (also need manage volumes and manage volume-backups)

CreateBootVolumeBackup (also need manage volumes and manage volume-backups)

CreateVolumeGroupBackup (also need manage volumes and manage volume-backups)

ValidateVolumeAttachability (also need manage volumes and manage volume-attachments)

GetVolumeAttachability (also need manage volumes and manage volume-attachments)

CreateVolume (also need read volume-backups and manage volumes)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CreateBootVolume (also need manage volumes and read boot-volume-backups)

manage

VOLUME_CREATE

VOLUME_DELETE

VOLUME_INSPECT

VOLUME_MOVE

VOLUME_QUERY

VOLUME_UPDATE

VOLUME_WRITE

GetVolume

ListVolumes

GetVolumeGroup

ListVolumeGroups

GetBootVolume

GetVolumeHealth

ListVolumesHealth

GetVolumeKmsKey

GetBootVolumeKmsKey

UpdateVolume

UpdateVolumeGroup

UpdateBootVolume

UpdateVolumeKmsKey

DeleteVolumeKmsKey

UpdateBootVolumeKmsKey

DeleteBootVolumeKmsKey

ValidateVolumeCreate

DeleteVolume

BatchDeleteVolumes

DeleteVolumeGroup

DeleteBootVolume

ChangeVolumeCompartment

ChangeBootVolumeCompartment

CreateVolumeBackup (also need manage volumes and manage volume-backups)

CreateBootVolumeBackup (also need manage volumes and manage volume-backups)

CreateVolumeGroupBackup (also need manage volumes and manage volume-backups)

ValidateVolumeAttachability (also need manage volumes and manage volume-attachments)

GetVolumeAttachability (also need manage volumes and manage volume-attachments)

CreateVolume (also need read volume-backups and manage volumes)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CreateBootVolume (also need manage volumes and read boot-volume-backups)

ListVolumeBackups (also need inspect volumes and volume-backups)

GetVolumeBackup (also need inspect volumes and volume-backups)

UpdateVolumeBackup (also need inspect volumes and use volume-backups)

DeleteVolumeBackup (also need inspect volumes and manage volume-backups)

GetBootVolumeBackup (also need inspect volumes and volume-backups)

UpdateBootVolumeBackup (also need inspect volumes and use volume-backups)

ListBootVolumeBackups (also need inspect volumes and boot-volume-backups)

DeleteBootVolumeBackup (also need inspect volumes and manage volume-backups)

GetVolumeGroupBackup (also need inspect volumes and volume-backups)

ListVolumeGroupBackups (also need inspect volumes and volume-backups)

UpdateVolumeGroupBackup (also need inspect volumes and manage volume-backups)

DeleteVolumeGroupBackup (also need inspect volumes and manage volume-backups)

GetVolumeBackupPolicyAssetAssignment (also need inspect volumes and backup-policy-assignments)

volume-backups

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

VOLUME_BACKUP_INSPECT

None

GetVolumeGroupBackup (also need inspect volumes and volume-backups)

ListVolumeGroupBackups (also need inspect volumes and volume-backups)

ListVolumeBackups (also need inspect volumes and volume-backups)

GetVolumeBackup (also need inspect volumes and volume- backups)

GetBootVolumeBackup (also need inspect volumes and volume-backups)

read

VOLUME_BACKUP_INSPECT

VOLUME_BACKUP_READ

None

GetVolumeGroupBackup (also need inspect volumes and volume-backups)

ListVolumeGroupBackups (also need inspect volumes and volume-backups)

ListVolumeBackups (also need inspect volumes and volume-backups)

GetVolumeBackup (also need inspect volumes and volume- backups)

GetBootVolumeBackup (also need inspect volumes and volume-backups)

CreateVolume (also need manage volumes and read volume-backups)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CopyVolumeBackup (also need use volume-backups)

use

VOLUME_BACKUP_INSPECT

VOLUME_BACKUP_READ

VOLUME_BACKUP_UPDATE

VOLUME_BACKUP_COPY

None

GetVolumeGroupBackup (also need inspect volumes and volume-backups)

ListVolumeGroupBackups (also need inspect volumes and volume-backups)

ListVolumeBackups (also need inspect volumes and volume-backups)

GetVolumeBackup (also need inspect volumes and volume- backups)

GetBootVolumeBackup (also need inspect volumes and volume-backups)

CreateVolume (also need manage volumes and read volume- backups)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CopyVolumeBackup (also need use volume-backups)

UpdateVolumeBackup (also need inspect volume and use volume-backups)

UpdateVolumeGroupBackup (also need inspect volume and use volume-backups)

UpdateBootVolumeBackup (also need inspect volume and use volume-backups)

manage

VOLUME_BACKUP_INSPECT

VOLUME_BACKUP_QUERY

VOLUME_BACKUP_READ

VOLUME_BACKUP_UPDATE

VOLUME_BACKUP_COPY

VOLUME_BACKUP_CREATE

VOLUME_BACKUP_DELETE

VOLUME_BACKUP_MOVE

DeleteVolumeBackupChange

VolumeBackupCompartment

GetVolumeGroupBackup (also need inspect volumes and volume-backups)

ListVolumeGroupBackups (also need inspect volumes and volume-backups)

ListVolumeBackups (also need inspect volumes and volume-backups)

GetVolumeBackup (also need inspect volumes and volume- backups)

GetBootVolumeBackup (also need inspect volumes and volume-backups)

CreateVolume (also need manage volumes and read volume-backups)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CopyVolumeBackup (also need use volume-backups)

UpdateVolumeBackup (also need inspect volume and use volume-backups)

UpdateVolumeGroupBackup (also need inspect volume and use volume-backups)

UpdateBootVolumeBackup (also need inspect volume and use volume-backups)

CreateCrossRegionBackup (manage volume-backups and manage boot-volume-backups)

CreateVolumeBackup (also need manage volume-backups and manage-volumes)

CreateVolumeGroupBackup (also need manage volume-backups and manage-volumes)

CreateBootVolumeBackup (also need manage volume-backups and manage-volumes)

DeleteVolumeGroupBackup (also need manage volume-backups and inspect volumes)

DeleteBootVolumeBackup (also need manage volume-backups and inspect volumes)

volume-groups

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

VOLUME_GROUP_INSPECT

None

None

read

VOLUME_GROUP_INSPECT

None

None

use

VOLUME_GROUP_INSPECT

None

None

manage

VOLUME_GROUP_CREATE

VOLUME_GROUP_DELETE

VOLUME_GROUP_INSPECT

VOLUME_GROUP_MOVE

VOLUME_GROUP_UPDATE

DeleteVolumeGroup

ChangeVolumeGroupCompartment

None

backup-policy-assignments

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

BACKUP_POLICY_ASSIGNMENT_INSPECT

GetVolumeBackupPolicyAssignment

GetVolumeBackupPolicyAssetAssignment (also need inspect volumes and inspect backup-policy-assignments)

read

BACKUP_POLICY_ASSIGNMENT_INSPECT

GetVolumeBackupPolicyAssignment

None

use

BACKUP_POLICY_ASSIGNMENT_INSPECT

GetVolumeBackupPolicyAssignment

None

manage

BACKUP_POLICY_ASSIGNMENT_INSPECT

BACKUP_POLICY_ASSIGNMENT_CREATE

BACKUP_POLICY_ASSIGNMENT_DELETE

GetVolumeBackupPolicyAssignment

DeleteVolumeBackupPolicyAssignment

CreateVolumeBackupPolicyAssignment (also need inspect backup-policies)

volume-group-backups

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

VOLUME_GROUP_BACKUP_INSPECT

None

None

read

VOLUME_GROUP_BACKUP_INSPECT

None

None

use

VOLUME_GROUP_BACKUP_INSPECT

None

None

manage

VOLUME_GROUP_BACKUP_INSPECT

VOLUME_GROUP_BACKUP_MOVE

VOLUME_GROUP_BACKUP_UPDATE

VOLUME_GROUP_BACKUP_CREATE

VOLUME_GROUP_BACKUP_DELETE

ChangeVolumeGroupBackupCompartment

DeleteVolumeGroupBackup

None

boot-volume-backups

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

BOOT_VOLUME_BACKUP_INSPECT

None

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

read

BOOT_VOLUME_BACKUP_INSPECT

BOOT_VOLUME_BACKUP_READ

None

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

CreateBootVolume (also need manage volumes)

CopyBootVolumeBackup (also need copy boot-volume-backups)

use

BOOT_VOLUME_BACKUP_INSPECT

BOOT_VOLUME_BACKUP_READ

BOOT_VOLUME_BACKUP_COPY

BOOT_VOLUME_BACKUP_UPDATE

None

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

CreateBootVolume (also need manage volumes)

CopyBootVolumeBackup (also need copy boot-volume-backups)

UpdateBootVolumeBackup (also need inspect volumes)

manage

BOOT_VOLUME_BACKUP_INSPECT

BOOT_VOLUME_BACKUP_READ

BOOT_VOLUME_BACKUP_COPY

BOOT_VOLUME_BACKUP_UPDATE

BOOT_VOLUME_BACKUP_CREATE

BOOT_VOLUME_BACKUP_DELETE

BOOT_VOLUME_BACKUP_MOVE

ChangeBootVolumeBackupCompartment

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

CreateBootVolume (also need manage volumes)

CopyBootVolumeBackup (also need copy boot-volume-backups)

UpdateBootVolumeBackup (also need inspect volumes)

CreateCrossRegionBackup (also need manage volume-backups)

CreateBootVolumeBackup (also need use volumes)

DeleteBootVolumeBackup (also need inspect volumes)

volume-attachments

Verbs Permissions APIs Fully Covered APIs Partially Covered

manage

VOLUME_ATTACHMENT_CREATE

None

getVolumeAttachability (also need manage volumes)

ValidateVolumeAttachability (also need manage volumes)

boot-volumes

Verbs Permissions APIs Fully Covered APIs Partially Covered

manage

ListVolumeBackupPolicies

ChangeBootVolumeCompartment

None

volume-family

Verbs Permissions APIs Fully Covered APIs Partially Covered

inspect

BACKUP_POLICIES_INSPECT

BACKUP_POLICY_ASSIGNMENT_INSPECT

BOOT_VOLUME_BACKUP_INSPECT

VOLUME_BACKUP_INSPECT

VOLUME_GROUP_BACKUP_INSPECT

VOLUME_GROUP_INSPECT

VOLUME_INSPECT

ListVolumeBackupPolicies

GetVolumeBackupPolicy

GetVolumeBackupPolicyAssignment

GetBootVolumeKmsKey

ListVolumesGetVolume

GetVolumeGroup

ListVolumeGroups

GetBootVolume

ListBootVolumes

ListVolumesHealth

GetVolumeHealth

GetVolumeKmsKey

CreateVolumeBackupPolicyAssignment (also need manage backup-policy-assignments)

GetVolumeBackupPolicyAssetAssignment (also need inspect volumes)

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

GetVolumeGroupBackup (also need inspect volumes)

ListVolumeGroupBackups (also need inspect volumes)

ListVolumeBackups (also need inspect volumes)

GetVolumeBackup (also need inspect volumes)

DeleteVolumeBackup (also need manage volume-backups)

UpdateVolumeGroupBackup (also need use volume-backups)

DeleteVolumeGroupBackup (also need manage volume-backups)

UpdateVolumeBackup (also need use volume-backups)

DeleteBootVolumeBackup (also need manage volumes)

UpdateBootVolumeBackup (also need use volume-backups)
read

BACKUP_POLICIES_INSPECT

BACKUP_POLICY_ASSIGNMENT_INSPECT

BOOT_VOLUME_BACKUP_INSPECT

BOOT_VOLUME_BACKUP_READ

VOLUME_BACKUP_READ

VOLUME_GROUP_BACKUP_INSPECT

VOLUME_GROUP_INSPECT

VOLUME_INSPECT

CreateVolumeBackupPolicyAssignment (also need manage backup-policy-assignments)

GetVolumeBackupPolicyAssetAssignment (also need inspect volumes)

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

GetVolumeGroupBackup (also need inspect volumes)

ListVolumeGroupBackups (also need inspect volumes)

ListVolumeBackups (also need inspect volumes)

GetVolumeBackup (also need inspect volumes)

DeleteVolumeBackup (also need manage volume-backups)

UpdateVolumeGroupBackup (also need use volume-backups)

DeleteVolumeGroupBackup (also need manage volume-backups)

UpdateVolumeBackup (also need use volume-backups)

DeleteBootVolumeBackup (also need manage volumes)

UpdateBootVolumeBackup (also need use volume-backups)

CreateBootVolume (also need manage volumes and read boot-volume-backups)

CopyBootVolumeBackup (also need manage volumes and use boot-volume-backups)

CreateVolume (also need manage volumes)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CopyVolumeBackup (also need use volume-backups)

use

BACKUP_POLICIES_INSPECT

BACKUP_POLICY_ASSIGNMENT_INSPECT

BOOT_VOLUME_BACKUP_COPY

BOOT_VOLUME_BACKUP_INSPECT

BOOT_VOLUME_BACKUP_READ

BOOT_VOLUME_BACKUP_UPDATE

VOLUME_BACKUP_READ

VOLUME_BACKUP_UPDATE

VOLUME_GROUP_BACKUP_INSPECT

VOLUME_GROUP_INSPECT

VOLUME_INSPECT

UpdateBootVolumeKmsKey

DeleteBootVolumeKmsKey

UpdateVolumeGroup

UpdateVolume

UpdateBootVolume

UpdateVolumeKmsKey

DeleteVolumeKmsKey

CreateVolumeBackupPolicyAssignment (also need manage backup-policy-assignments)

GetVolumeBackupPolicyAssetAssignment (also need inspect volumes)

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

GetVolumeGroupBackup (also need inspect volumes)

ListVolumeGroupBackups (also need inspect volumes)

ListVolumeBackups (also need inspect volumes)

GetVolumeBackup (also need inspect volumes)

DeleteVolumeBackup (also need manage volume-backups)

UpdateVolumeGroupBackup (also need use volume-backups)

DeleteVolumeGroupBackup (also need manage volume-backups)

UpdateVolumeBackup (also need use volume-backups)

DeleteBootVolumeBackup (also need manage volumes)

UpdateBootVolumeBackup (also need use volume-backups)

CreateBootVolume (also need manage volumes and read boot-volume-backups)

CopyBootVolumeBackup (also need manage volumes and use boot-volume-backups)

CreateVolume (also need manage volumes)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CopyVolumeBackup (also need use volume-backups)

UpdateBootVolumeBackup (also need inspect volumes)

CopyBootVolumeBackup (also need read boot-volume-backups)

UpdateVolumeGroupBackup(also need inspect volumes)

UpdateVolumeBackup (also need inspect volumes)

UpdateBootVolumeBackup (also need inspect volumes)

manage

BACKUP_POLICIES_CREATE

BACKUP_POLICIES_DELETE

BACKUP_POLICIES_INSPECT

BACKUP_POLICIES_UPDATE

BACKUP_POLICY_ASSIGNMENT_CREATE

BACKUP_POLICY_ASSIGNMENT_DELETE

BACKUP_POLICY_ASSIGNMENT_INSPECT

BOOT_VOLUME_BACKUP_COPY

BOOT_VOLUME_BACKUP_CREATE

BOOT_VOLUME_BACKUP_DELETE

BOOT_VOLUME_BACKUP_INSPECT

BOOT_VOLUME_BACKUP_MOVE

BOOT_VOLUME_BACKUP_READ

BOOT_VOLUME_BACKUP_UPDATE

BOOT_VOLUME_CREATE

BOOT_VOLUME_DELETE

BOOT_VOLUME_MOVE

VOLUME_ATTACHMENT_CREATE

VOLUME_ATTACHMENT_DELETE

VOLUME_BACKUP_COPY

VOLUME_BACKUP_CREATE

VOLUME_BACKUP_DELETE

VOLUME_BACKUP_MOVE

VOLUME_BACKUP_READ

VOLUME_BACKUP_UPDATE

VOLUME_CREATE

VOLUME_DELETE

VOLUME_GROUP_BACKUP_CREATE

VOLUME_GROUP_BACKUP_DELETE

VOLUME_GROUP_BACKUP_INSPECT

VOLUME_GROUP_BACKUP_MOVE

VOLUME_GROUP_BACKUP_UPDATE

VOLUME_GROUP_CREATE

VOLUME_GROUP_DELETE

VOLUME_GROUP_INSPECT

VOLUME_GROUP_MOVE

VOLUME_GROUP_UPDATE

VOLUME_INSPECT

VOLUME_MOVE

VOLUME_UPDATE

VOLUME_WRITE

UpdateBootVolumeKmsKey

DeleteBootVolumeKmsKey

UpdateVolumeGroup

UpdateVolume

UpdateBootVolume

UpdateVolumeKmsKey

DeleteVolumeKmsKey

CreateVolumeBackupPolicy

DeleteVolumeBackupPolicy

UpdateVolumeBackupPolicy

DeleteVolumeBackupPolicyAssignment

ChangeBootVolumeBackupCompartment

ChangeBootVolumeCompartment

DeleteVolumeBackup

ChangeVolumeBackupCompartment

DeleteVolumeGroup

DeleteVolume

BatchDeleteVolumes

DeleteBootVolume

DeleteVolumeGroupBackup

ChangeVolumeGroupBackupCompartment

ChangeVolumeGroupCompartment

ChangeVolumeCompartment

CreateVolumeBackupPolicyAssignment (also need manage backup-policy-assignments)

GetVolumeBackupPolicyAssetAssignment (also need inspect volumes)

ListBootVolumeBackups (also need inspect volumes)

GetBootVolumeBackup (also need inspect volumes)

GetVolumeGroupBackup (also need inspect volumes)

ListVolumeGroupBackups (also need inspect volumes)

ListVolumeBackups (also need inspect volumes)

GetVolumeBackup (also need inspect volumes)

DeleteVolumeBackup (also need manage volume-backups)

UpdateVolumeGroupBackup (also need use volume-backups)

DeleteVolumeGroupBackup (also need manage volume-backups)

UpdateVolumeBackup (also need use volume-backups)

DeleteBootVolumeBackup (also need manage volumes)

UpdateBootVolumeBackup (also need use volume-backups)

CreateBootVolume (also need manage volumes and read boot-volume-backups)

CopyBootVolumeBackup (also need manage volumes and use boot-volume-backups)

CreateVolume (also need manage volumes)

CreateVolumeGroup (also need manage volumes and read volume-backups)

CopyVolumeBackup (also need use volume-backups)

UpdateBootVolumeBackup (also need inspect volumes)

CopyBootVolumeBackup (also need read boot-volume-backups)

UpdateVolumeGroupBackup(also need inspect volumes)

UpdateVolumeBackup (also need inspect volumes)

UpdateBootVolumeBackup (also need inspect volumes)

CreateVolumeBackupPolicyAssignment (also need inspect backup-policies)

CreateCrossRegionBackup (also need manage volume-backups)

CreateBootVolumeBackup (also need manage volumes)

DeleteBootVolumeBackup (also need inspect volumes)

GetVolumeAttachability (also need manage volumes)

ValidateVolumeAttachability (also need manage volumes)

CopyVolumeBackup (also need read volume-backups)

CreateVolumeGroupBackup (also need manage volumes)

CreateVolumeBackup (also need manage volumes)

CreateVolume (also need manage volumes and read volume-backups)

CreateVolumeGroup (also need manage volumes and read volume-backups)