Example Policies
This page shows several exampleResource Scheduler policies that you can use as templates to create your own policies.
Important! To use resource schedules, you must create a policy to give users permission to create a schedule (see Example 1) AND you must create a policy to allow a schedule to manage resources (see Example 2).
Example 1. This policy gives users permission to manage (create, delete, activate, and others) resource schedules in their tenancy.
General example
Allow group <groupname> to manage resource-schedule-family in tenancy
Specific example
Allow group YourResourceScheduleAdminGroup to manage resource-schedule-family in tenancy
Example 2. This policy gives a resource schedule permission to perform an action on a resource.
When a resource schedule is created, by default, it doesn't have permission to perform the action on target resources, so you must give it permission.
This policy allows a schedule to manage predefined resources such as instances in a compartment.
General example
Allow any-user to manage <resource_type> in compartment id <compartment_ocid> where all{request.principal.type='resourceschedule',request.principal.id='<ocid_of_resourceschedule>'}
Specific example
Allow any-user to manage instance in compartment id ocid.compartment.oc1...q7fa where all{request.principal.type='resourceschedule',request.principal.id='ocid.resourceschedule.oc1.iad.axgr...dt8zb'}
Example 3. This example policy shows how to grant a resource-schedule permission to perform action as a dynamic group.
First, create a Dynamic Group to identify the resources that you want to authorize access for. The dynamic group requires one or more matching rules, as shown in the following example.
Example: Create a dynamic group for resource-scheduler named resource-scheduler-dynamic-group.
ALL {resource.type='resourceschedule', resource.id='ocid.resourceschedule.oc1.iad.axgr...dt8zb'}
Then, setup proper policies.
Allow dynamic-group resource-scheduler-dynamic-group to manage functions-family in tenancy