Resource Types, Variables, and Permissions
OS Management Hub provides various resource-types, supported variables, and verb resource type combinations for writing policies.
Resource-Types
OS Management Hub offers both aggregate and individual resource-types for writing policies.
|
Aggregate Resource Type |
Individual Resource Types |
|---|---|
|
|
|
Supported Variables
|
Operations for This Resource Type... |
Can Use These Variables... |
Variable Type |
Comments |
|---|---|---|---|
osmh-lifecycle-environments |
target.lifecycleEnvironment.id |
Entity (OCID) | |
osmh-lifecycle-stages |
target.lifecycleStage.id |
Entity (OCID) | |
osmh-managed-instances |
target.managedInstance.id |
Entity (OCID) | |
osmh-managed-instance-groups |
target.managedInstanceGroup.id |
Entity (OCID) | |
osmh-management-stations |
target.managementStation.id |
Entity (OCID) | |
osmh-profiles |
target.profile.compartment.id |
Entity (OCID) | Only used with ListProfiles |
osmh-software-sources |
target.softwareSource.compartment.id |
Entity (OCID) | Only used with ListSoftwareSources |
Details for Verb and Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
none |
|
use |
READ +
|
|
none |
|
manage |
USE +
|
|
none |
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
|
|
use |
READ +
|
|
|
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
|
|
use |
READ +
|
|
|
| manage |
USE +
|
DeleteManagedInstance |
none |
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
|
|
use |
READ +
|
|
|
|
manage |
USE +
|
|
none |
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
|
|
use |
READ +
|
|
|
|
manage |
USE +
|
|
|
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
|
|
use |
READ +
|
|
|
|
manage |
USE +
|
|
none |
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
none |
|
use |
READ +
|
|
none |
|
manage |
USE +
|
|
|
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
read |
INSPECT +
|
|
none |
| use |
READ +
|
|
none |
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
|
|
read |
INSPECT +
|
|
|
|
use |
READ +
|
|
none |
|
manage |
USE +
|
|
none |
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
manage |
INSPECT +
|
|
none |
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
|
|
none |
|
manage |
INSPECT +
|
|
none |
|
manage |
READ +
|
|
none |
|
manage |
USE +
|
|
none |
Permissions Required for Each API Operation
| API Operation | Permissions Required to Use the Operation |
|---|---|
CreateLifecycleEnvironment |
OSMH_LIFECYCLE_ENVIRONMENT_CREATE |
ListLifecycleEnvironments |
OSMH_LIFECYCLE_ENVIRONMENT_INSPECT |
GetLifecycleEnvironment |
OSMH_LIFECYCLE_ENVIRONMENT_READ |
UpdateLifecycleEnvironment |
OSMH_LIFECYCLE_ENVIRONMENT_UPDATE |
DeleteLifecycleEnvironment |
OSMH_LIFECYCLE_ENVIRONMENT_DELETE |
ChangeLifecycleEnvironmentCompartment |
OSMH_LIFECYCLE_ENVIRONMENT_MOVE |
ListLifecycleStages |
OSMH_LIFECYCLE_STAGE_INSPECT |
GetLifecycleStage |
OSMH_LIFECYCLE_STAGE_READ |
AttachManagedInstanceToLifecycleStage |
|
DetachManagedInstanceFromLifecycleStage |
|
PromoteSoftwareSourceToLifecycleStage |
|
ListLifecycleStageInstalledPackages |
|
RebootLifecycleStage |
|
ListManagedInstances |
|
GetManagedInstance |
|
UpdateManagedInstance |
|
DeleteManagedInstance |
|
ListManagedInstanceInstalledPackages |
OSMH_MANAGED_INSTANCE_READ |
ListManagedInstanceAvailablePackages |
OSMH_MANAGED_INSTANCE_READ |
ListManagedInstanceUpdatablePackages |
OSMH_MANAGED_INSTANCE_READ |
ListManagedInstanceAvailableWindowsUpdates |
OSMH_MANAGED_INSTANCE_READ |
ListManagedInstanceInstalledWindowsUpdates |
OSMH_MANAGED_INSTANCE_READ |
ListManagedInstanceErrata |
OSMH_MANAGED_INSTANCE_READ |
ListManagedInstanceAvailableSoftwareSource |
|
InstallPackagesOnManagedInstance |
|
RemovePackagesFromManagedInstance |
|
UpdatePackagesOnManagedInstance |
|
InstallWindowsUpdatesOnManagedInstance |
|
RefreshSoftwareOnManagedInstance |
|
AttachSoftwareSourcesToManagedInstance |
|
DetachSoftwareSourcesFromManagedInstance |
OSMH_MANAGED_INSTANCE_REMOVE_SOFTWARE_SOURCE |
AttachProfileToManagedInstance |
|
DetachProfileFromManagedInstance |
OSMH_MANAGED_INSTANCE_REMOVE_PROFILE |
ManageModuleStreamsOnManagedInstance |
OSMH_MANAGED_INSTANCE_MANAGE_MODULE_STREAM |
EnableModuleStreamOnManagedInstance |
OSMH_MANAGED_INSTANCE_ENABLE_MODULE_STREAM |
DisableModuleStreamOnManagedInstance |
OSMH_MANAGED_INSTANCE_DISABLE_MODULE_STREAM |
SwitchModuleStreamOnManagedInstance |
OSMH_MANAGED_INSTANCE_SWITCH_MODULE_STREAM |
InstallModuleStreamProfileOnManagedInstance |
OSMH_MANAGED_INSTANCE_INSTALL_MODULE_STREAM_PROFILE |
RemoveModuleStreamProfileFromManagedInstance |
OSMH_MANAGED_INSTANCE_REMOVE_MODULE_STREAM_PROFILE |
ListManagedInstanceModules |
OSMH_MANAGED_INSTANCE_READ |
UpdateAllPackagesOnManagedInstancesInCompartment |
OSMH_MANAGED_INSTANCE_INSTALL_UPDATE |
InstallAllWindowsUpdatesOnManagedInstancesInCompartment |
OSMH_MANAGED_INSTANCE_INSTALL_UPDATE |
SummarizeManagedInstanceAnalytics |
OSMH_MANAGED_INSTANCE_READ |
GetManagedInstanceAnalyticContent |
OSMH_MANAGED_INSTANCE_READ |
GetManagedInstanceContent |
OSMH_MANAGED_INSTANCE_READ |
RebootManagedInstance |
|
AssociateManagedInstancesWithManagementStation |
|
CreateManagedInstanceGroup |
|
ListManagedInstanceGroups |
OSMH_MANAGED_INSTANCE_GROUP_INSPECT |
GetManagedInstanceGroup |
|
UpdateManagedInstanceGroup |
|
DeleteManagedInstanceGroup |
|
AttachManagedInstancesToManagedInstanceGroup |
And one or more of the following:
|
DetachManagedInstancesFromManagedInstanceGroup |
OSMH_MANAGED_INSTANCE_GROUP_DETACH_INSTANCE |
AttachSoftwareSourcesToManagedInstanceGroup |
|
DetachSoftwareSourcesFromManagedInstanceGroup |
|
InstallPackagesOnManagedInstanceGroup |
|
RemovePackagesFromManagedInstanceGroup |
|
ManageModuleStreamsOnManagedInstanceGroup |
|
EnableModuleStreamOnManagedInstanceGroup |
|
DisableModuleStreamOnManagedInstanceGroup |
|
InstallModuleStreamProfileOnManagedInstanceGroup |
|
RemoveModuleStreamProfileFromManagedInstanceGroup |
|
ChangeManagedInstanceGroupCompartment |
OSMH_MANAGED_INSTANCE_GROUP_MOV |
SwitchModuleStreamOnManagedInstanceGroup |
OSMH_MANAGED_INSTANCE_GROUP_SWITCH_MODULE_STREAM |
InstallWindowsUpdatesOnManagedInstanceGroup |
OSMH_MANAGED_INSTANCE_GROUP_INSTALL_PACKAGE |
ListManagedInstanceGroupAvailableModules |
OSMH_MANAGED_INSTANCE_GROUP_READ |
ListManagedInstanceGroupAvailablePackages |
OSMH_MANAGED_INSTANCE_GROUP_READ |
ListManagedInstanceGroupAvailableSoftwareSources |
OSMH_MANAGED_INSTANCE_GROUP_READ |
ListManagedInstanceGroupInstalledPackages |
OSMH_MANAGED_INSTANCE_GROUP_READ |
ListManagedInstanceGroupModules |
OSMH_MANAGED_INSTANCE_GROUP_READ |
UpdateAllPackagesOnManagedInstanceGroup |
OSMH_MANAGED_INSTANCE_GROUP_INSTALL_UPDATE |
RebootManagedInstanceGroup |
OSMH_MANAGED_INSTANCE_GROUP_REBOOT |
CreateProfile |
And at most one of the following:
|
GetProfile |
OSMH_PROFILE_READ |
ListProfiles |
OSMH_PROFILE_INSPECT |
UpdateProfile |
OSMH_PROFILE_UPDATE |
DeleteProfile |
OSMH_PROFILE_DELETE |
ChangeProfileCompartment |
OSMH_PROFILE_MOVE |
GetProfileVersion |
OSMH_PROFILE_READ |
AttachLifecycleStageToProfile |
|
AttachManagedInstanceGroupToProfile |
|
AttachManagementStationToProfile |
|
AttachSoftwareSourcesToProfile |
|
DetachSoftwareSourcesToProfile |
|
CreateManagementStation |
OSMH_MANAGEMENT_STATION_CREATE |
ListManagementStations |
OSMH_MANAGEMENT_STATION_INSPECT |
GetManagementStation |
OSMH_MANAGEMENT_STATION_READ |
UpdateManagementStation |
OSMH_MANAGEMENT_STATION_UPDATE |
DeleteManagementStation |
OSMH_MANAGEMENT_STATION_DELETE |
ListMirrors |
OSMH_MANAGEMENT_STATION_READ |
SynchronizeMirrors |
OSMH_MANAGEMENT_STATION_UPDATE |
SynchronizeSingleMirrors |
OSMH_MANAGEMENT_STATION_UPDATE |
ChangeManagementStationCompartment |
OSMH_MANAGEMENT_STATION_MOVE |
RefreshManagementStationConfig |
OSMH_MANAGEMENT_STATION_UPDATE |
ListScheduledJobs |
OSMH_SCHEDULED_JOB_INSPECT |
CreateScheduledJob |
And one or more of the following:
|
GetScheduledJob |
OSMH_SCHEDULED_JOB_READ |
UpdateScheduledJob |
OSMH_SCHEDULED_JOB_UPDATE |
DeleteScheduledJob |
OSMH_SCHEDULED_JOB_DELETE |
RunScheduledJobNow |
OSMH_SCHEDULED_JOB_UPDATE |
ChangeScheduledJobCompartment |
OSMH_SCHEDULED_JOB_MOVE |
ListWorkRequests |
OSMH_WORK_REQUEST_INSPECT |
GetWorkRequest |
OSMH_WORK_REQUEST_READ |
ListWorkRequestErrors |
OSMH_WORK_REQUEST_READ |
ListWorkRequestLogs |
OSMH_WORK_REQUEST_READ |
RerunWorkRequest |
OSMH_WORK_REQUEST_RERUN |
ListSoftwareSources |
OSMH_SOFTWARE_SOURCE_INSPECT |
GetSoftwareSource |
OSMH_SOFTWARE_SOURCE_READ |
UpdateSoftwareSource |
OSMH_SOFTWARE_SOURCE_UPDATE |
CreateSoftwareSource |
OSMH_SOFTWARE_SOURCE_CREATE |
DeleteSoftwareSource |
OSMH_SOFTWARE_SOURCE_DELETE |
ListSoftwarePackages |
OSMH_SOFTWARE_SOURCE_READ |
GetSoftwarePackage |
OSMH_SOFTWARE_SOURCE_READ |
ListErrata |
No authorization needed as it's shared public information. This API will only be authenticated. |
GetErratum |
No authorization needed as it's shared public information. This API will only be authenticated. |
ListWindowsUpdate |
No authorization needed as it's shared public information. This API will only be authenticated. |
GetWindowsUpdate |
No authorization needed as it's shared public information. This API will only be authenticated. |
ListModuleStreams |
OSMH_SOFTWARE_SOURCE_READ |
ListModuleStreamProfiles |
OSMH_SOFTWARE_SOURCE_READ |
QueryModuleStreamProfilesInSoftwareSources |
OSMH_SOFTWARE_SOURCE_READ |
GetModuleStream |
OSMH_SOFTWARE_SOURCE_READ |
GetModuleStreamProfile |
OSMH_SOFTWARE_SOURCE_READ |
ChangeAvailabilityOfSoftwareSources |
OSMH_SOFTWARE_SOURCE_UPDATE |
ListPackageGroups |
OSMH_SOFTWARE_SOURCE_READ |
GetPackageGroup |
OSMH_SOFTWARE_SOURCE_READ |
QueryPackageGroupsInSoftwareSources |
OSMH_SOFTWARE_SOURCE_READ |
ListSoftwareSourceVendors |
OSMH_SOFTWARE_SOURCE_INSPECT |
ListEntitlements |
OSMH_ENTITLEMENTS_INSPECT |
CreateEntitlement |
OSMH_ENTITLEMENTS_CREATE |
AddPackagesToSoftwareSource |
OSMH_SOFTWARE_SOURCE_UPDATE |
ChangeAvailabilityOfSoftwareSources |
OSMH_SOFTWARE_SOURCE_UPDATE |
GetSoftwarePackageByName |
OSMH_SOFTWARE_SOURCE_READ |
ListAllSoftwarePackages |
OSMH_SOFTWARE_SOURCE_READ |
ListSoftwarePackageSoftwareSources |
OSMH_SOFTWARE_SOURCE_INSPECT |
SearchSoftwareSourceModules |
OSMH_SOFTWARE_SOURCE_READ |
SearchSoftwareSourceModuleStreams |
OSMH_SOFTWARE_SOURCE_READ |
SearchSoftwareSourcePackageGroups |
OSMH_SOFTWARE_SOURCE_READ |
RemovePackagesFromSoftwareSource |
OSMH_SOFTWARE_SOURCE_UPDATE |
ReplacePackagesInSoftwareSource |
OSMH_SOFTWARE_SOURCE_UPDATE |
ListEvents |
OSMH_EVENT_INSPECT |
GetEvent |
OSMH_EVENT_READ |
CreateEvent |
OSMH_EVENT_CREATE |
UpdateEvent |
OSMH_EVENT_UPDATE |
DeleteEvent |
OSMH_EVENT_DELETE |
GetEventContent |
OSMH_EVENT_READ |
DeleteEventContent |
OSMH_EVENT_MANAGE |
ImportEventContent |
OSMH_EVENT_MANAGE |
UpdateEventOccurrence |
OSMH_EVENT_UPDATE |
ChangeEventCompartment |
OSMH_EVENT_MOVE |