Applications Environment Management IAM Policy Reference
Set up advanced access policies.
Applications environment management uses Identity and Access Management (IAM) as its base service for authentication and authorization.
IAM is a policy-based identity service. The tenancy administrator for your organization needs to set up compartments, groups, and policies that control which users can access which resources and how. For an overview of this process, see Learn Best Practices for Setting Up Your Tenancy.
You create policies using the Oracle Cloud Infrastructure Console. For detailed information, see Managing Policies.
This topic contains details about the resource types and permissions used in applications environment management. For a quick start policy, see Managing User Access to Applications Environments.
Resource Types
Resource types are the resources that a policy grants access to. The resource types can be an individual resource, such as environment, or a resource family that grants access to multiple, related resources.
Application or Application Suite | Individual Resource-Types | Aggregate Resource Type |
---|---|---|
Commerce Cloud |
|
|
EPM Planning |
|
epm-planning-environment-family |
Financial Services Accounting Standards for Banking Cloud Service |
|
|
Financial Services Analytical Applications Cloud Service |
|
|
Financial Services Climate Change Analytics Cloud Service |
|
|
Financial Services Crime and Compliance Management Anti Money Laundering Cloud Service | FSGBUFCCMAMLCS-environment
|
|
Financial Services Insurance Cloud | FSGBUINS-environment
|
FSGBUINS-environment-family |
Financial Services Profitability and Balance Sheet Management Service |
|
|
Maxymiser Testing and Optimization |
|
|
Student Financial Planning Cloud Service |
|
OSFPCS-environment-family |
Transportation and Global Trade Management Cloud |
|
|
Utilities Work and Asset Cloud Service |
|
UGBUWACS-environment-family |
Warehouse Management Cloud Service |
|
LOGFIRE-environment-family |
The <application>-environment-family
resource-type
is an umbrella for the individual resource types. Use the aggregate resource-type to
grant permissions to all the individual resource-types in a single policy statement.
See the table in Details for Verb + Resource-Type Combinations for a detailed breakout of the API operations covered by each verb, for each individual resource-type.
Supported Variables
Applications environment management supports all the general variables, plus the ones listed here. For more information about general variables supported by Oracle Cloud Infrastructure services, see General Variables for All Requests.
Variable | Variable Type | Comments |
---|---|---|
target.environment.id
|
Entity (OCID) | Use this variable to control whether to allow operations against a specific environment in response to a request to read, update, delete, or move an environment. |
Details for Verb + Resource-Type Combinations
The level of access is cumulative as you go from inspect
to
read
to use
to manage
.
A plus sign (+)
in a table cell indicates incremental access when
compared to the preceding cell, whereas no extra
indicates no
incremental access.
For example, the read
verb for the
<Application>-environment
resource-type
includes the same permissions and API operations as the inspect
verb,
but also adds the GetEnvironment
API operation. Likewise, the
manage
verb for the
<Application>-environment
resource-type
allows even more permissions when compared to the use
permission.
Commerce Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
COMMERCECLOUD_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + COMMERCECLOUD_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + COMMERCECLOUD_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + COMMERCECLOUD_ENVIRONMENT_CREATE COMMERCECLOUD_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
COMMERCECLOUD_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + COMMERCECLOUD_COMPLIANCEDOC_READ |
INSPECT +
|
none |
EPM Planning Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
EPM_PLANNING_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + EPM_PLANNING_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + EPM_PLANNING_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + EPM_PLANNING_ENVIRONMENT_CREATE EPM_PLANNING_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
EPM_PLANNING_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + EPM_PLANNING_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Financial Services Accounting Standards for Banking Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUASCS_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + FSGBUASCS_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + FSGBUASCS_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + FSGBUASCS_ENVIRONMENT_CREATE FSGBUASCS_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUASCS_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + FSGBUASCS_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Financial Services Analytical Applications Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUERF_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + FSGBUERF_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + FSGBUERF_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + FSGBUERF_ENVIRONMENT_CREATE FSGBUERF_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUERF_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + FSGBUERF_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Financial Services Climate Change Analytics Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUCCA_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + FSGBUCCA_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + FSGBUCCA_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + FSGBUCCA_ENVIRONMENT_CREATE FSGBUCCA_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUCCA_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + FSGBUCCA_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Financial Services Crime and Compliance Management Anti Money Laundering Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUFCCMAMLCS_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + FSGBUFCCMAMLCS_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + FSGBUFCCMAMLCS_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + FSGBUFCCMAMLCS_ENVIRONMENT_CREATE FSGBUFCCMAMLCS_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUFCCMAMLCS_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + FSGBUFCCMAMLCS_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Financial Services Insurance Cloud Services Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUINS_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + FSGBUINS_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + FSGBUINS_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + FSGBUINS_ENVIRONMENT_CREATE FSGBUINS_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUINS_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + FSGBUINS_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Financial Services Profitability and Balance Sheet Management Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUPBSM_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + FSGBUPBSM_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + FSGBUPBSM_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + FSGBUPBSM_ENVIRONMENT_CREATE FSGBUPBSM_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
FSGBUPBSM_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + FSGBUPBSM_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Maxymiser Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
MAXYMISER_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + MAXYMISER_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + MAXYMISER_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + MAXYMISER_ENVIRONMENT_CREATE MAXYMISER_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
MAXYMISER_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + MAXYMISER_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Student Financial Planning Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
OSFPCS_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + OSFPCS_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + OSFPCS_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + OSFPCS_ENVIRONMENT_CREATE OSFPCS_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
OSFPCS_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + OSFPCS_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Transportation and Global Trade Management Cloud Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
OTMGTM_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + OTMGTM_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + OTMGTM_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + OTMGTM_ENVIRONMENT_CREATE OTMGTM_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
OTMGTM_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + OTMGTM_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Utilities Work and Asset Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
UGBUWACS_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + UGBUWACS_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + UGBUWACS_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + UGBUWACS_ENVIRONMENT_CREATE UGBUWACS_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
UGBUWACS_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + UGBUWACS_COMPLIANCEDOC_READ |
INSPECT +
|
none |
Warehouse Management Cloud Service Details
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
LOGFIRE_ENVIRONMENT_INSPECT |
|
none |
read |
INSPECT + LOGFIRE_ENVIRONMENT_READ |
INSPECT +
|
none |
use |
READ + LOGFIRE_ENVIRONMENT_UPDATE |
READ +
|
none |
manage |
USE + LOGFIRE_ENVIRONMENT_CREATE LOGFIRE_ENVIRONMENT_DELETE |
USE +
|
none |
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
LOGFIRE_COMPLIANCEDOC_INSPECT |
|
none |
read |
INSPECT + LOGFIRE_COMPLIANCEDOC_READ |
INSPECT +
|
none |