Cloud Guard Policies

To control who has access to Oracle Cloud Guard, and the type of access for each group of users, you must create policies.

By default only the users in the Administrators group have access to all Cloud Guard resources. For everyone else who's involved with Cloud Guard, you must create new policies that assign them proper rights to Cloud Guard resources.

For a complete list of Oracle Cloud Infrastructure policies, see policy reference.

Resource Types

Cloud Guard offers both aggregate and individual resource types for writing policies.

You can use aggregate resource types to write fewer policies. For example, instead of allowing a group to manage cloud-guard-detectors and cloud-guard-problems, you can have a policy that allows the group to manage the aggregate resource type, cloud-guard-family.


Aggregate Resource Type	Individual Resource Types
`cloud-guard-family`	`cloud-guard-adhoc-query` `cloud-guard-condition-metadata-types` `cloud-guard-config` `cloud-guard-coverage` `cloud-guard-data-mask-rules` `cloud-guard-data-sources` `cloud-guard-detector-recipes` `cloud-guard-detector-rule-definitions` `cloud-guard-detectors` `cloud-guard-findings` `cloud-guard-managed-lists` `cloud-guard-metadata` `cloud-guard-meta-data-sync` `cloud-guard-problems` `cloud-guard-recommendations` `cloud-guard-resource-profile` `cloud-guard-resource-types` `cloud-guard-resource-view` `cloud-guard-responder-recipes` `cloud-guard-responder-rules` `cloud-guard-responder-executions` `cloud-guard-risk-scores` `cloud-guard-saved-query` `cloud-guard-schemas` `cloud-guard-security-scores` `cloud-guard-service-logging` `cloud-guard-signals` `cloud-guard-summary-event` `cloud-guard-target-detector-rules` `cloud-guard-targets` `cloud-guard-user-preferences` `security-policy` `security-recipe` `security-zone`

The APIs covered for the aggregate cloud-guard-family resource type cover every API listed under "Individual Resource Types" in the preceding table.

For example,

allow group cloudguard-admins to manage cloud-guard-family in compartment <x>

...is the same as writing 20 policies with this format:

allow group cloudguard-admins to manage <resource_type> in compartment <x>

Note

If the Cloud Guard admins group is not in the default identity domain, you must include the <identity_domain_name>, followed by a forward slash ("/"), before the group name:

allow group <identity_domain_name>/cloudguard-admins to manage cloud-guard-family in compartment <x>

Details for Verbs + Resource-Type Combinations

Tables of permissions and API operations covered by each verb for Cloud Guard.

The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access. For more information on permissions in Oracle Cloud Infrastructure, see Permissions.

cloud-guard-adhoc-query

The APIs covered for the cloud-guard-adhoc-query resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_ADHOC_QUERY_INSPECT	`ListAdhocQueries`	none
READ
INSPECT +	INSPECT +	none
CG_ADHOC_QUERY_READ	`GetAdhocQuery`
	`ListAdhocQueryResults`
	`GetAdhocQueryResultContent`
USE
READ +	READ +	none
CG_ADHOC_QUERY_CREATE	`CreateAdhocQuery`	none
MANAGE	no extra	no extra

cloud-guard-condition-metadata-types

The APIs covered for the cloud-guard-condition-metadata-types resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_CONDITION_METADATA_TYPES_INSPECT	`ListCloudGuardConditionMetadataType`	none
READ		no extra
INSPECT+	INSPECT+
CG_CONDITION_METADATA_TYPES_READ	`GetCloudGuardConditionMetadataType`
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-config

The APIs covered for the cloud-guard-config resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_CONFIG_INSPECT	`GetCloudGuard`	none
READ
INSPECT +	INSPECT +	none
CG_CONFIG_READ	`GetCloudGuard`	none
USE
READ +	READ +	none
CG_CONFIG_UPDATE	`UpdateCloudGuard`	none
MANAGE	no extra	no extra

cloud-guard-coverage

The APIs covered for the cloud-guard-coverage resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_COVERAGE_INSPECT	`RequestSummarizedCoverage`	none
READ	no extra	no extra
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-data-mask-rules

The APIs covered for the cloud-guard-data-mask-rules resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_DATA_MASK_RULE_INSPECT	`ListDataMaskRules`	none
READ
INSPECT +	INSPECT +	none
CG_DATA_MASK_RULE_READ	`GetDataMaskRule`	none
USE
READ +	READ +	none
CG_DATA_MASK_RULE_UPDATE	`UpdateDataMaskRule`	none
MANAGE		none
USE +	USE +	none
CG_DATA_MASK_RULE_CREATE	`CreateDataMaskRule`
CG_DATA_MASK_RULE_DELETE	`DeleteDataMaskRule`

cloud-guard-data-sources

The APIs covered for the cloud-guard-data-sources resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_DATA_SOURCE_INSPECT	`ListDataSources`	none
READ
INSPECT +	INSPECT +	none
CG_DATA_SOURCE_READ	`GetDataSource`	none
USE
READ +	READ +	none
CG_DATA_SOURCE_UPDATE	`UpdateDataSource`	none
MANAGE		none
USE +	USE +	none
CG_DATA_SOURCE_CREATE	`CreateDataSource`
CG_DATA_SOURCE_DELETE	`DeleteDataSource`
CG_DATA_SOURCE_MOVE	`ChangeDataSourceCompartment`

cloud-guard-detectors

The APIs covered for the cloud-guard-detectors resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_DETECTOR_INSPECT	`ListCloudGuardDetectors`	none
CG_DETECTOR_INSPECT	`ListCloudGuardDetectorRules`	none
READ
INSPECT +	INSPECT +	none
CG_DETECTOR_READ	`GetCloudGuardDetector`
CG_DETECTOR_READ	`GetCloudGuardDetectorRule`
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-detector-recipes

The APIs covered for the cloud-guard-detector-recipes resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_DETECTOR_RECIPE_INSPECT	`ListCloudGuardDetectorRecipe`	none
CG_DETECTOR_RECIPE_INSPECT	`ListCloudGuardDetectorRecipeDetectorRules`	none
READ
INSPECT +	INSPECT +	none
CG_DETECTOR_RECIPE_READ	`GetCloudGuardDetectorRecipe`
CG_DETECTOR_RECIPE_READ	`GetCloudGuardDetectorRecipeDetectorRule`
USE
READ +	READ +	none
CG_DETECTOR_RECIPE_UPDATE	`UpdateCloudGuardDetectorRecipe`
	`ChangeCloudGuardDetectorRecipeCompartment`
	`UpdateCloudGuardDetectorRecipeDetectorRule`
MANAGE
USE +	USE +	none
CG_DETECTOR_RECIPE_CREATE	`CreateCloudGuardDetectorRecipe`
CG_DETECTOR_RECIPE_DELETE	`DeleteCloudGuardDetectorRecipe`

cloud-guard-detector-rule-definitions

The APIs covered for the cloud-guard-detector-rule-definitions resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_DETECTOR_RULE_DEFINITION_INSPECT	`ListDetectorRuleDefinitions`	none
READ
INSPECT +	INSPECT +	none
CG_DETECTOR_RULE_DEFINITION_READ	`GetDetectorRuleDefinition`	none
USE
READ +	READ +	none
CG_DETECTOR_RULE_DEFINITION_UPDATE	`UpdateDetectorRuleDefinition`	none
MANAGE
USE +	USE +	none
CG_DETECTOR_RULE_DEFINITION_CREATE	`CreateDetectorRuleDefinition`
CG_DETECTOR_RULE_DEFINITION_DELETE	`DeleteDetectorRuleDefinition`

cloud-guard-findings

The APIs covered for the cloud-guard-findings resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
INSPECT	no extra	no extra
READ	no extra	no extra
USE	no extra	no extra
MANAGE
CG_FINDING_CREATE	`CreateCloudGuardFinding`	none

cloud-guard-managed-lists

The APIs covered for the cloud-guard-managed-lists resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_MANAGED_LIST_INSPECT	`ListCloudGuardManagedLists`	none
CG_MANAGED_LIST_INSPECT	`ListCloudGuardManagedListTypes`	none
READ
INSPECT +	INSPECT +	none
CG_MANAGED_LIST_READ	`GetCloudGuardManagedList`	none
USE
READ +	READ +	none
CG_MANAGED_LIST_UPDATE	`UpdateCloudGuardManagedList`	none
MANAGE
USE +	USE +	none
CG_MANAGED_LIST_CREATE	`CreateCloudGuardManagedList`
CG_MANAGED_LIST_DELETE	`DeleteCloudGuardManagedList`
CG_MANAGED_LIST_MOVE	`ChangeManagedListCompartment`

cloud-guard-metadata

The APIs covered for the cloud-guard-metadata resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_METADATA_INSPECT	`ListTactics`	none
CG_METADATA_INSPECT	`ListTechniques`	none
READ	no extra	no extra
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-meta-data-sync

The APIs covered for the cloud-guard-meta-data-sync resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	no extra	no extra
none	none	none
READ
INSPECT +	INSPECT +	none
CG_METADATASYNC_READ	`GetMetaDataSyncStatus`	none
USE
READ +	READ +	none
CG_METADATASYNC_UPDATE	`UpdateResourceSync`	none
MANAGE	no extra	no extra

cloud-guard-problems

The APIs covered for the cloud-guard-problems resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_PROBLEM_INSPECT	`ListCloudGuardProblems`	none
	`ListCloudGuardProblemHistories`
	`ListCloudGuardResponderActivities`
	`RequestCloudGuardSummarizedActivityProblems`
READ
INSPECT +	INSPECT +	none
CG_PROBLEM_READ	`GetCloudGuardProblem`
	`RequestCloudGuardSummarizedProblems`
	`RequestCloudGuardSummarizedTrendProblems`
	`ListCloudGuardImpactedResources`
USE
READ +	READ +	none
CG_PROBLEM_UPDATE	`UpdateCloudGuardBulkProblemStatus`
	`UpdateCloudGuardProblemStatus`
	`TriggerCloudGuardResponder`
MANAGE	no extra	no extra

cloud-guard-recommendations

The APIs covered for the cloud-guard-recommendations resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_RECOMMENDATION_INSPECT	`ListCloudGuardRecommendations`	none
READ	no extra	no extra
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-resource-profile

The APIs covered for the cloud-guard-resource-profile resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_RESOURCE_PROFILE_INSPECT	`ListResourceProfiles`	none
READ
INSPECT +	INSPECT +	none
CG_RESOURCE_PROFILE_READ	`GetResourceProfile`
	`ListResourceProfileEndpoints`
	`ListResourceProfileImpactedResources`
	`RequestSummarizedTopTrendResourceRiskScores`
	`RequestSummarizedTrendResourceRiskScores`
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-resource-types

The APIs covered for the cloud-guard-cloud-guard-resource-types resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_RESOURCE_TYPES_INSPECT	`ListCloudGuardResourceTypes`	none
READ	no extra	no extra
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-resource-view

The APIs covered for the cloud-guard-resource-view resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_RESOURCE_VIEW_INSPECT	`ListResources`	none
READ
INSPECT +	INSPECT +	none
CG_RESOURCE_VIEW_READ	`GetResource`	none
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-responder-recipes

The APIs covered for the cloud-guard-cloud-guard-responder-recipes resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_RESPONDER_RECIPE_INSPECT	`ListCloudGuardResponderRecipe`	none
CG_RESPONDER_RECIPE_INSPECT	`ListCloudGuardResponderRecipeResponderRule`	none
READ
INSPECT +	INSPECT +	none
CG_RESPONDER_RECIPE_READ	`GetCloudGuardResponderRecipe`
CG_RESPONDER_RECIPE_READ	`GetCloudGuardResponderRecipeResponderRule`
USE
READ +	READ +	none
CG_RESPONDER_RECIPE_UPDATE	`UpdateCloudGuardResponderRecipe`
	`ChangeCloudGuardResponderRecipeCompartment`
	`UpdateCloudGuardResponderRecipeResponderRule`
MANAGE
USE +	USE +	none
CG_RESPONDER_RECIPE_CREATE	`CreateCloudGuardResponderRecipe`
CG_RESPONDER_RECIPE_DELETE	`DeleteCloudGuardResponderRecipe`
CG_RESPONDER_RECIPE_MOVE	`ChangeResponderRecipeCompartment`

cloud-guard-responder-executions

The APIs covered for the cloud-guard-responder-executions resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_RESPONDER_EXECUTION_INSPECT	`ListCloudGuardResponderExecution`	none
READ
INSPECT +	INSPECT +	none
CG_RESPONDER_EXECUTION_READ	`GetCloudGuardResponderExecution`
	`RequestCloudGuardSummarizedResponderExecutions`
	`RequestCloudGuardSummarizedTrendResponderExecutions`
USE
READ +	READ +	none
CG_RESPONDER_EXECUTION_UPDATE	`ExecuteCloudGuardResponderExecution`	none
MANAGE	no extra	no extra

cloud-guard-risk-scores

The APIs covered for the cloud-guard-risk-scores resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_RISK_SCORES_INSPECT	`RequestCloudGuardSummarizedRiskScores`	none
CG_RISK_SCORES_INSPECT	`RequestCloudGuardRiskScores`	none
READ	no extra	no extra
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-saved-query

The APIs covered for the cloud-guard-saved-query resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_SAVED_QUERY_INSPECT	`ListSavedQueries`	none
READ
INSPECT +	INSPECT +	none
CG_SAVED_QUERY_READ	`GetSavedQuery`	none
USE
READ +	READ +	none
CG_SAVED_QUERY_UPDATE	`UpdateSavedQuery`	none
MANAGE
USE +	USE +	none
CG_SAVED_QUERY_CREATE	`CreateSavedQuery`
CG_SAVED_QUERY_DELETE	`DeleteSavedQuery`
CG_SAVED_QUERY_MOVE	`ChangeWlpSavedQueryCompartment`

cloud-guard-schemas

The APIs covered for the cloud-guard-schemas resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_SCHEMA_INSPECT	`ListSchemas`	none
READ
INSPECT +	INSPECT +	none
CG_SCHEMA_READ	`GetSchema`	none
USE
READ +	READ +	none
CG_SCHEMA_UPDATE	`UpdateSchema`	none
MANAGE
USE +	USE +	none
CG_SCHEMA_CREATE	`CreateSchema`
CG_SCHEMA_DELETE	`DeleteSchema`

cloud-guard-security-scores

The APIs covered for the cloud-guard-security-scores resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_SECURITY_SCORES_INSPECT	`RequestCloudGuardSummarizedSecurityScores`	none
	`RequestCloudGuardSummarizedTrendSecurityScores`
	`RequestCloudGuardSecurityScores`
	`RequestSecurityScoreSummarizedTrend`
READ	no extra	no extra
USE	no extra	no extra
MANAGE	no extra	no extra

cloud-guard-service-logging

The APIs covered for the cloud-guard-service-logging resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
INSPECT	`ListCloudGuardProblems`	no extra
READ
INSPECT +	INSPECT +	none
CG_SERVICE_LOGGING_READ	`GetServiceLogging`	none
USE
READ +	READ +	none
CG_SERVICE_LOGGING_UPDATE	`UpdateServiceLogging`	none
MANAGE
USE +	USE +	none
CG_SERVICE_LOGGING_CREATE	`CreateServiceLogging`
CG_SERVICE_LOGGING_DELETE	`DeleteServiceLogging`

cloud-guard-signals

The APIs covered for the cloud-guard-signals resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	no extra	no extra
READ	no extra	no extra
USE	no extra	no extra
MANAGE
USE +	USE +	none
CG_SIGNAL_CREATE	`CreateCloudGuardSignal`	none

cloud-guard-summary-event

The APIs covered for the cloud-guard-summary-event resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT	no extra	no extra
READ	no extra	no extra
USE	no extra	no extra
MANAGE
USE +	USE +	none
CG_SUMMARY_EVENT_CREATE	`AddSummaryEvent`	none

cloud-guard-targets

The APIs covered for the cloud-guard-targets resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_TARGET_INSPECT	`ListCloudGuardTargets`	none
	`ListCloudGuardTargetDetectorRecipes`
	`ListCloudGuardTargetDetectorRecipeDetectorRules`
READ
INSPECT +	INSPECT +	none
CG_TARGET_READ	`GetCloudGuardTarget`
	`ListCloudGuardTargetResponderRecipes`
	`GetCloudGuardTargetResponderRecipe`
	`ListCloudGuardTargetResponderRecipeResponderRules`
	`GetCloudGuardTargetResponderRecipeResponderRule`
	`GetCloudGuardTargetDetectorRecipe`
	`GetCloudGuardTargetDetectorRecipeDetectorRule`
USE
READ +	READ +	none
CG_TARGET_UPDATE	`UpdateCloudGuardTarget`
	`UpdateCloudGuardTargetDetectorRule`
	`CreateCloudGuardTargetResponderRecipe`
	`ChangeCloudGuardTargetResponderRecipeCompartment`
	`UpdateCloudGuardTargetResponderRecipe`
	`UpdateCloudGuardTargetResponderRecipeResponderRule`
	`CreateCloudGuardTargetDetectorRecipe`
	`ChangeCloudGuardTargetDetectorRecipeCompartment`
	`UpdateCloudGuardTargetDetectorRecipe`
MANAGE
USE +	USE +	none
CG_TARGET_CREATE	`CreateCloudGuardTarget`
CG_TARGET_DELETE	`DeleteCloudGuardTarget`
	`DeleteCloudGuardTargetResponderRecipe`
	`DeleteCloudGuardTargetDetectorRecipe`

cloud-guard-user-preferences

The APIs covered for the cloud-guard-user-preferences resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_USER_PREFERENCE_INSPECT	`GetCloudGuardUserPreference`	none
READ	no extra	no extra
USE
READ +	READ +	none
USE +	USE +	none
CG_USER_PREFERENCE_UPDATE	`ReplaceCloudGuardUserPreference`	none
MANAGE	no extra	no extra

cloud-guard-work-requests

The APIs covered for the cloud-guard-work-requests resource-type are listed here. The APIs are displayed alphabetically for each permission.


Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT
CG_WORK_REQUEST_INSPECT	`LListWorkRequests`	none
READ
INSPECT +	INSPECT +	none
CG_WORK_REQUEST_READ	`GetWorkRequest`
	`ListWorkRequestErrors`
	`ListWorkRequestLogs`
USE	no extra	no extra
MANAGE
USE +	USE +	none
CG_WORK_REQUEST_DELETE	`CancelWorkRequest`	none

security-policy

API Operation	Permissions Required to Use the Operation
`GetSecurityPolicy`	`SECURITY_RECIPE_READ`

security-recipe

The APIs covered for the security-recipe resource-type are listed here. The APIs are displayed alphabetically for each permission.


Verb	Permissions	APIs Fully Covered	APIs Partially Covered
`inspect`	`SECURITY_RECIPE_INSPECT`	`ListSecurityRecipes`	none
`read`	`inspect+` `SECURITY_RECIPE_READ`	`GetSecurityRecipe`	none
`use`	`read+` `SECURITY_RECIPE_UPDATE`	`UpdateSecurityRecipe`	none
`manage`	`use+` `SECURITY_RECIPE_CREATE` `SECURITY_RECIPE_DELETE`	`CreateSecurityRecipe` `DeleteSecurityRecipe`	none

security-zone

The APIs covered for the security-zone resource-type are listed here. The APIs are displayed alphabetically for each permission.


Verb	Permissions	APIs Fully Covered	APIs Partially Covered
`inspect`	`SECURITY_ZONE_INSPECT`	`ListSecurityZones`	none
`read`	`inspect+` `SECURITY_ZONE_READ`	`GetSecurityZone`	none
`use`	`read+` `SECURITY_ZONE_ATTACH` `SECURITY_ZONE_DETACH` `SECURITY_ZONE_UPDATE`	`AddCompartment` `RemoveCompartment` `UpdateSecurityZone`	none
`manage`	`use+` `SECURITY_ZONE_CREATE` `SECURITY_ZONE_DELETE`	`CreateSecurityZone` `DeleteSecurityZone`	none

Permissions Required for Each API Operation

Tables listing the API operations in a logical order, grouped by resource-type.

The resource-types are listed in Resource Types, in the "Individual Resource-Types "column.

For information about permissions, see permissions.