Details for Search
The Search service does not require permissions for its API operations. You do not need to write policies specifically to control access to Search. However, what you can see in search or query results depends on the permissions you have. If a policy exists to give you access to the inspect
verb for a particular resource type, you have access to the permissions needed to view that resource type and its associated metadata in search results. If a service does not recognize the inspect
verb or if the resource type's inspect
verb does not fully cover list operations, permissions to view the service's supported resource types are granted by the read
verb instead.
For more information about permissions, see the Permissions section of Advanced Policy Features.
Permissions Required to View Each Resource Type
The following table lists the resource types grouped by service, which are listed in alphabetical order. The Search API operations that can access the metadata for these resource types with these permissions are GetResourceType
, ListResourceTypes
, and SearchResources
.
Service | Resource Type | Permissions Required to View in Search Results |
---|---|---|
Block Volume | volumes
|
VOLUME_INSPECT |
Block Volume | volume-backups
|
VOLUME_BACKUP_INSPECT |
Compute | console-histories
|
CONSOLE_HISTORY_INSPECT |
Compute | instance-images
|
INSTANCE_IMAGE_READ |
Compute | instances
|
INSTANCE_READ |
Database | databases
|
DATABASE_INSPECT |
Database | db-homes
|
DB_HOME_INSPECT (if you want to filter results using db-homes attributes) |
Database | db-systems
|
DB_SYSTEM_INSPECT |
IAM | compartments
|
COMPARTMENT_INSPECT |
IAM | groups
|
GROUP_INSPECT |
IAM | identity-providers
|
IDENTITY_PROVIDER_INSPECT |
IAM | users
|
USER_INSPECT |
Networking | route-tables
|
ROUTE_TABLE_READ |
Networking | security-lists
|
SECURITY_LIST_READ |
Networking | subnets
|
SUBNET_READ |
Networking | vcns
|
VCN_READ |
Object Storage | buckets
|
BUCKET_INSPECT |