Creating Policies to Control Operator Access with Operator Access Control
Learn to develop your own policies that use Actions to control access to Operator Access Control resources.
- About Resource-Types and Operator Access Control Policies
Learn about resource-types that you can use in your policies. - Resource-Types for Operator Access Control
Review the list of resource-types specific to Operator Access Control. - Supported Variables for Operator Access Control
Use variables when adding conditions to a policy. - Details for Verb + Resource-Type Combinations
Review the list of permissions and API operations covered by each verb for Operator Access Control. - Permissions Required for Each API Operation
Review the list of API operations for Operator Control Access resources in a logical order, grouped by resource type.
Related Topics
About Resource-Types and Operator Access Control Policies
Learn about resource-types that you can use in your policies.
An aggregate resource-type covers the list of individual resource-types that
directly follow. For example, writing one policy to allow a group to have access to the
operator-control-family is equivalent to writing three separate
policies for the group that would grant access to the operator-control,
operator-control-assignment,
operator-control-accessrequest, and the rest of the individual
resource-types. For more information, see Resource-Types.
Resource-Types for Operator Access Control
Review the list of resource-types specific to Operator Access Control.
operator-control-familyoperator-control
operator-control-assignment
operator-control-accessrequestSupported Variables for Operator Access Control
Use variables when adding conditions to a policy.
Operator Access Control supports only the general variables. For more information, see General Variables for All Requests.
Details for Verb + Resource-Type Combinations
Review the list of permissions and API operations covered by each verb for Operator Access Control.
For more information, see Permissions, Verbs, and Resource-Types.
- Operator-Control-Family Resource Types
Each Operator Access Control resource-type verb grants different levels of access. - operator-control-family
Review the list of permissions and API operations foroperator-control-familyresource-type. - operator-control
Review the list of permissions and API operations foroperator-controlresource-type. - operator-control-assignment
Review the list of permissions and API operations foroperator-control-assignmentresource-type. - operator-control-accessrequest
Review the list of permissions and API operations foroperator-control-accessrequestresource-type.
Operator-Control-Family Resource Types
Each Operator Access Control resource-type verb grants different levels of access.
The level of access is cumulative as you go from inspect to read, to use, and to manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
For example, the read verb for the
operator-control resource-type covers no extra
permissions or API operations compared to the inspect verb.
However, the use verb includes one more permission, fully
covers one more operation, and partially covers another additional
operation.
Parent topic: Details for Verb + Resource-Type Combinations
operator-control-family
Review the list of permissions and API operations for
operator-control-family resource-type.
Table 5-1 operator-control-family
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
INSPECT |
|
|
none |
|
READ |
INSPECT +
|
|
none |
|
USE |
READ +
|
|
none |
|
MANAGE |
USE +
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
operator-control
Review the list of permissions and API operations for
operator-control resource-type.
Table 5-2 operator-control
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
INSPECT |
|
|
none |
|
READ |
INSPECT +
|
|
none |
|
USE |
READ +
|
|
none |
|
MANAGE |
USE +
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
operator-control-assignment
Review the list of permissions and API operations for
operator-control-assignment resource-type.
Table 5-3 operator-control-assignment
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
INSPECT |
|
|
none |
|
READ |
INSPECT +
|
|
none |
|
USE |
READ +
|
|
none |
|
MANAGE |
USE +
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
operator-control-accessrequest
Review the list of permissions and API operations for
operator-control-accessrequest resource-type.
Table 5-4 operator-control-accessrequest
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
INSPECT |
|
none |
none |
|
READ |
INSPECT +
|
|
none |
|
USE |
READ + |
none |
none |
|
MANAGE |
USE +
|
|
none |
Parent topic: Details for Verb + Resource-Type Combinations
Permissions Required for Each API Operation
Review the list of API operations for Operator Control Access resources in a logical order, grouped by resource type.
For information about permissions, see Permissions.
operator-control-accessrequest is special kind of resource. You
cannot create it. Oracle operators create it and you will have ability to
approve or reject the requests.
Table 5-5 Resource-Type and Permissions
| Resource Type | Permissions |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
Table 5-6 Operator Access Control API Operations
| API Operation | Permissions Required to Use the Operation |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|