Oracle Cloud Infrastructure Documentation

Resource-Types

Application Dependency Management provides both aggregate and individual resource-types for writing policies.

You can use aggregate resource-types to write fewer policies. For example, instead of allowing a group to manage adm-knowledge-bases, adm-vulnerability-audits, and adm-work-requests, you can write a policy that allows the group to manage the aggregate resource-type, adm-family.

Aggregate Resource-Types Individual Resource-Types
adm-family

adm-knowledge-bases

adm-vulnerability-audits

adm-work-requests
adm-remediations-family

adm-remediation-recipes

adm-remediation-runs

adm-remediation-run-stages

adm-vulnerability-audits

adm-recommendations

adm-work-requests
adm-knowledge-bases-family

adm-vulnerability-audits

adm-knowledge-bases

adm-work-requests
The APIs provided by the aggregate adm-family resource-type cover the APIs for adm-knowledge-bases, adm-vulnerability-audits, and adm-work-requests. For example, 
allow group adm-admins to manage adm-family in compartment <compartment_name>
is the same as writing the following three policies:
allow group adm-admins to manage adm-knowledge-bases in compartment <compartment_name>
allow group adm-admins to manage adm-vulnerability-audits in compartment <compartment_name>
allow group adm-admins to manage adm-work-requests in compartment <compartment_name>
Resource Type Permissions
adm-remediation-recipes
  • ADM_REMEDIATION_RECIPE_INSPECT
  • ADM_REMEDIATION_RECIPE_CREATE
  • ADM_REMEDIATION_RECIPE_READ
  • ADM_REMEDIATION_RECIPE_UPDATE
  • ADM_REMEDIATION_RECIPE_DELETE
  • ADM_REMEDIATION_RECIPE_MOVE
adm-remediation-runs
  • ADM_REMEDIATION_RUN_INSPECT
  • ADM_REMEDIATION_RUN_CREATE
  • ADM_REMEDIATION_RUN_READ
  • ADM_REMEDIATION_RUN_DELETE
  • ADM_REMEDIATION_RUN_UPDATE
  • ADM_REMEDIATION_RUN_CANCEL
adm-remediation-run-stages
  • ADM_REMEDIATION_RUN_STAGE_INSPECT
  • ADM_REMEDIATION_RUN_STAGE_READ
adm-vulnerability-audits
  • ADM_VULNERABILITY_AUDIT_INSPECT
  • ADM_VULNERABILITY_AUDIT_CREATE
  • ADM_VULNERABILITY_AUDIT_READ
  • ADM_VULNERABILITY_AUDIT_DELETE
  • ADM_VULNERABILITY_AUDIT_UPDATE
  • ADM_VULNERABILITY_AUDIT_MOVE
adm-recommendations
  • ADM_RECOMMENDATION_INSPECT
  • ADM_RECOMMENDATION_CREATE
  • ADM_RECOMMENDATION_READ
  • ADM_RECOMMENDATION_DELETE
  • ADM_RECOMMENDATION_UPDATE
adm-knowledge-bases
  • ADM_KNOWLEDGE_BASE_INSPECT
  • ADM_KNOWLEDGE_BASE_CREATE
  • ADM_KNOWLEDGE_BASE_DELETE
  • ADM_KNOWLEDGE_BASE_READ
  • ADM_KNOWLEDGE_BASE_UPDATE
  • ADM_KNOWLEDGE_BASE_MOVE
adm-work-requests
  • ADM_WORK_REQUEST_INSPECT
  • ADM_WORK_REQUEST_READ
  • ADM_WORK_REQUEST_CANCEL

For more information, see Permissions.