Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted the required type of access in a policy (IAM) written by an administrator.

If you receive a message that you don't have permission to perform an action, confirm with your administrator the type of access you were granted.

Examples:

Allow users in the group Admins to create, update, and delete all Managed Access resources in the tenancy:
```
Allow group Admins to manage lockbox-family in tenancy
```
Allow users in the group SecurityAdmins to manage approval templates in the tenancy:
```
Allow group SecurityAdmins to manage approval-templates in tenancy
```
Allow users in the group SecurityAdmins to manage approval templates in tenancy except the specified compartment:
```
Allow group SecurityAdmins to manage approval-templates in tenancy target.compartment.id != 'ocid1.compartment.oc1..aaaaaaaaexampleocid'
```


Verbs	Permissions
inspect	`APPROVAL_TEMPLATE_INSPECT` `GROUP_INSPECT`: Use when you specify a group in the approval template. `USER_INSPECT`: Use when you specify a user in the approval template.
read	+ inspect `APPROVAL_TEMPLATE_READ`
use	+ read `APPROVAL_TEMPLATE_ATTACH`
manage	+ use `APPROVAL_TEMPLATE_CREATE` `APPROVAL_TEMPLATE_UPDATE` `APPROVAL_TEMPLATE_DELETE` `APPROVAL_TEMPLATE_MOVE`