Applications Environment Management IAM Policy Reference

Set up advanced access policies.

Applications environment management uses Identity and Access Management (IAM) as its base service for authentication and authorization.

IAM is a policy-based identity service. The tenancy administrator for your organization needs to set up compartments, groups, and policies that control which users can access which resources and how. For an overview of this process, see Learn Best Practices for Setting Up Your Tenancy.

You create policies using the Oracle Cloud Infrastructure Console. For detailed information, see Managing Policies.

This topic contains details about the resource types and permissions used in applications environment management. For a quick start policy, see Managing User Access to Applications Environments.

Resource Types

Resource types are the resources that a policy grants access to. The resource types can be an individual resource, such as environment, or a resource family that grants access to multiple, related resources.


Application or Application Suite	Individual Resource-Types	Aggregate Resource Type
Commerce Cloud	`commercecloud-environment` `commercecloud-compliancedocs`	`commercecloud-environment-family`
EPM Planning	`epm-planning-environment` `epm-planning-compliancedocs`	`epm-planning-environment-family`
Financial Services Accounting Standards for Banking Cloud Service	`FSGBUASCS-environment` `FSGBUASCS-compliancedocs`	`FSGBUASCS-environment-family`
Financial Services Analytical Applications Cloud Service	`FSGBUERF-environment` `FSGBUERF-compliancedocs`	`FSGBUERF-environment-family`
Financial Services Climate Change Analytics Cloud Service	`FSGBUCCA-environment` `FSGBUCCA-compliancedocs`	`FSGBUCCA-environment-family`
Financial Services Crime and Compliance Management Anti Money Laundering Cloud Service	`FSGBUFCCMAMLCS-environment` `FSGBUFCCMAMLCS-compliancedocs`	`FSGBUCCMAMLCS-environment-family`
Financial Services Insurance Cloud	`FSGBUINS-environment` `FSGBUINS-compliancedocs`	`FSGBUINS-environment-family`
Financial Services Profitability and Balance Sheet Management Service	`FSGBUPBSM-environment` `FSGBUPBSM-compliancedocs`	`FSGBUPBSM-environment-family`
Maxymiser Testing and Optimization	`maxymiser-environment` `maxymiser-compliancedocs`	`maxymiser-environment-family`
Student Financial Planning Cloud Service	`OSFPCS-environment` `OSFPCS-compliancedocs`	`OSFPCS-environment-family`
Transportation and Global Trade Management Cloud	`OTMGTM-environment` `OTMGTM-compliancedocs`	`OTMGTM-environment-family`
Utilities Work and Asset Cloud Service	`UGBUWACS-environment` `UGBUWACS-compliancedocs`	`UGBUWACS-environment-family`
Warehouse Management Cloud Service	`LOOGFIRE-environment` `LOGFIRE-compliancedocs`	`LOGFIRE-environment-family`

The <application>-environment-family resource-type is an umbrella for the individual resource types. Use the aggregate resource-type to grant permissions to all the individual resource-types in a single policy statement.

See the table in Details for Verb + Resource-Type Combinations for a detailed breakout of the API operations covered by each verb, for each individual resource-type.

Supported Variables

Applications environment management supports all the general variables, plus the ones listed here. For more information about general variables supported by Oracle Cloud Infrastructure services, see General Variables for All Requests.


Variable	Variable Type	Comments
`target.environment.id`	Entity (OCID)	Use this variable to control whether to allow operations against a specific environment in response to a request to read, update, delete, or move an environment.

Details for Verb + Resource-Type Combinations

The level of access is cumulative as you go from inspect to read to use to manage.

A plus sign (+) in a table cell indicates incremental access when compared to the preceding cell, whereas no extra indicates no incremental access.

For example, the read verb for the <Application>-environment resource-type includes the same permissions and API operations as the inspect verb, but also adds the GetEnvironment API operation. Likewise, the manage verb for the <Application>-environment resource-type allows even more permissions when compared to the use permission.

Commerce Details

commercecloud-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	COMMERCECLOUD_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + COMMERCECLOUD_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + COMMERCECLOUD_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + COMMERCECLOUD_ENVIRONMENT_CREATE COMMERCECLOUD_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

commercecloud-compliancedoc


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	COMMERCECLOUD_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + COMMERCECLOUD_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

EPM Planning Details

epm-planning-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	EPM_PLANNING_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + EPM_PLANNING_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + EPM_PLANNING_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + EPM_PLANNING_ENVIRONMENT_CREATE EPM_PLANNING_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

epm-planning-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	EPM_PLANNING_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + EPM_PLANNING_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Financial Services Accounting Standards for Banking Cloud Service Details

FSGBUASCS-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUASCS_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + FSGBUASCS_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + FSGBUASCS_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + FSGBUASCS_ENVIRONMENT_CREATE FSGBUASCS_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

FSGBUASCS-compliancedoc


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUASCS_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + FSGBUASCS_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Financial Services Analytical Applications Cloud Service Details

FSGBUERF-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUERF_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + FSGBUERF_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + FSGBUERF_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + FSGBUERF_ENVIRONMENT_CREATE FSGBUERF_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

FSGBUERF-compliancedoc


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUERF_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + FSGBUERF_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Financial Services Climate Change Analytics Cloud Service Details

FSGBUCCA-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUCCA_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + FSGBUCCA_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + FSGBUCCA_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + FSGBUCCA_ENVIRONMENT_CREATE FSGBUCCA_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

FSGBUCCA-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUCCA_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + FSGBUCCA_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Financial Services Crime and Compliance Management Anti Money Laundering Cloud Service Details

FSGBUFCCMAMLCS-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUFCCMAMLCS_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + FSGBUFCCMAMLCS_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + FSGBUFCCMAMLCS_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + FSGBUFCCMAMLCS_ENVIRONMENT_CREATE FSGBUFCCMAMLCS_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

FSGBUFCCMAMLCS-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUFCCMAMLCS_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + FSGBUFCCMAMLCS_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Financial Services Insurance Cloud Services Details

FSGBUINS-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUINS_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + FSGBUINS_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + FSGBUINS_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + FSGBUINS_ENVIRONMENT_CREATE FSGBUINS_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

FSGBUINS-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUINS_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + FSGBUINS_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Financial Services Profitability and Balance Sheet Management Cloud Service Details

FSGBUPBSM-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUPBSM_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + FSGBUPBSM_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + FSGBUPBSM_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + FSGBUPBSM_ENVIRONMENT_CREATE FSGBUPBSM_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

FSGBUPBSM-compliancedoc


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	FSGBUPBSM_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + FSGBUPBSM_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Maxymiser Details

maxymiser-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	MAXYMISER_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + MAXYMISER_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + MAXYMISER_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + MAXYMISER_ENVIRONMENT_CREATE MAXYMISER_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

maxymiser-compliancedoc


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	MAXYMISER_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + MAXYMISER_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Student Financial Planning Cloud Service Details

OSFPCS-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	OSFPCS_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + OSFPCS_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + OSFPCS_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + OSFPCS_ENVIRONMENT_CREATE OSFPCS_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

OSFPCS-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	OSFPCS_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + OSFPCS_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Transportation and Global Trade Management Cloud Details

OTMGTM-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	OTMGTM_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + OTMGTM_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + OTMGTM_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + OTMGTM_ENVIRONMENT_CREATE OTMGTM_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

OTMGTM-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	OTMGTM_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + OTMGTM_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Utilities Work and Asset Cloud Service Details

UGBUWACS-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	UGBUWACS_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + UGBUWACS_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + UGBUWACS_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + UGBUWACS_ENVIRONMENT_CREATE UGBUWACS_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

UGBUWACS-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	UGBUWACS_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + UGBUWACS_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Warehouse Management Cloud Service Details

LOGFIRE-environment


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	LOGFIRE_ENVIRONMENT_INSPECT	`ListEnvironments`	none
read	INSPECT + LOGFIRE_ENVIRONMENT_READ	INSPECT + `GetEnvironment`	none
use	READ + LOGFIRE_ENVIRONMENT_UPDATE	READ + `UpdateEnvironment`	none
manage	USE + LOGFIRE_ENVIRONMENT_CREATE LOGFIRE_ENVIRONMENT_DELETE	USE + `CreateEnvironment` `DeleteEnvironment`	none

LOGFIRE-compliancedocs


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
inspect	LOGFIRE_COMPLIANCEDOC_INSPECT	`ListComplianceDocuments`	none
read	INSPECT + LOGFIRE_COMPLIANCEDOC_READ	INSPECT + `GetComplianceDocumentContent`	none

Oracle Cloud Infrastructure Documentation