OCI Cache IAM Policies

User Permissions 🔗

To create or manage a cluster, users require permissions to access to create and manage the required Networking resources in addition to permissions to create and manage OCI Cache resources. The following policy example grants these permissions to the ClusterAdmins group:

Allow group ClusterAdmins to manage redis-family in compartment <YOUR_COMPARTMENT>
Allow group ClusterAdmins to manage virtual-network-family in compartment <YOUR_COMPARTMENT>

You can configure these permissions with more granularity, see Sample Policies.

Resource Types 🔗

OCI Cache offers both aggregate and individual resource-types for writing policies.

Aggregate Resource Type

Copy

redis-family

Individual Resource Types

Copy

redis-clusters
redis-work-requests

You can use the aggregate resource type to write fewer policies. A policy that uses redis-family is the same as a policy that uses separate statements for each of the individual resource types.

Sample Policies 🔗

The following policy lets the group ClusterAdmins create and manage all OCI Cache resources.

Allow group ClusterAdmins to manage redis-family in compartment <YOUR_COMPARTMENT>

To restrict manage access to a single resource type, use one of the following policies:

Allow group ClusterAdmins to manage redis-clusters in compartment <YOUR_COMPARTMENT>

Allow group ClusterAdmins to manage redis-work-requests in compartment <YOUR_COMPARTMENT>

To let users use clusters, but restrict other access, use the following policy:

Allow group ClusterUsers to use redis-clusters in compartment <YOUR_COMPARTMENT>

If you're new to policies, see Getting Started with Policies and Common Policies.

Permissions Required for API Operations 🔗

The following table lists the API operations in alphabetical order.