Anomaly Detection Policies

Learn about the resource policies including API permissions.

To control who has access to Anomaly Detection, and the type of access for each group of users, you must create policies. By default, only the users in the Administrators group have access to all Anomaly Detection resources.

For everyone else who's using the service, you must create policies that assign them proper rights to Anomaly Detection resources. For a complete list of OCI policies, see the Policy Reference.

Resource Types

Anomaly Detection offers both aggregate and individual resource-types for writing policies. You can use aggregate resource types to write fewer policies. For example, instead of allowing a group to manage all individual resource types, you can have a policy that allows the group to manage the aggregate resource type, ai-service-anomaly-detection-family.

Individual Resource Types
ai-service-anomaly-detection-model
ai-service-anomaly-detection-project
ai-service-anomaly-detection-data-asset
ai-service-anomaly-detection-private-endpoint
ai-service-anomaly-detection-job
Aggregate Resource Type
ai-service-anomaly-detection-family

Required IAM Policy

To work with Anomaly Detection, an administrator must grant you access in an IAM policy.

If you get a message that you don’t have permission or are unauthorized, verify with an administrator what type of access you have.

Create a policy with one of the following policies:

allow <subject> to manage ai-service-anomaly-detection-family in tenancy, where subject can be:
group <group-name> | group id <group-ocid> | dynamic-group <dynamic-group-name> | dynamic-group id <dynamic-group-ocid> | any-user

Example Policies

Allow users to manage all Anomaly Detection resources using the aggregate resource:

allow any-user to manage ai-service-anomaly-detection-family in tenancy

These policies control user access by theAnomaly Detection resources:

allow any-user to manage ai-service-anomaly-detection-project in tenancy
allow any-user to manage ai-service-anomaly-detection-model in tenancy
allow any-user to manage ai-service-anomaly-detection-data-asset in tenancy
allow any-user to manage ai-service-anomaly-detection-private-endpoint in tenancy
allow any-user to manage ai-service-anomaly-detection-job in tenancy

Resource Types and Permissions

Resource Permissions
ai-service-anomaly-detection-model AI_SERVICE_ANOMALY_DETECTION_MODEL_INSPECT
AI_SERVICE_ANOMALY_DETECTION_MODEL_CREATE
AI_SERVICE_ANOMALY_DETECTION_MODEL_READ
AI_SERVICE_ANOMALY_DETECTION_MODEL_UPDATE
AI_SERVICE_ANOMALY_DETECTION_MODEL_DELETE
AI_SERVICE_ANOMALY_DETECTION_MODEL_MOVE
AI_SERVICE_ANOMALY_DETECTION_MODEL_INFER
ai-service-anomaly-detection-project AI_SERVICE_ANOMALY_DETECTION_PROJECT_INSPECT
AI_SERVICE_ANOMALY_DETECTION_PROJECT_CREATE
AI_SERVICE_ANOMALY_DETECTION_PROJECT_READ
AI_SERVICE_ANOMALY_DETECTION_PROJECT_UPDATE
AI_SERVICE_ANOMALY_DETECTION_PROJECT_DELETE
AI_SERVICE_ANOMALY_DETECTION_PROJECT_MOVE
ai-service-anomaly-detection-data-asset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_INSPECT
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_CREATE
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_READ
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_UPDATE
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_DELETE
AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_MOVE
ai-service-anomaly-detection-private-endpoint AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_INSPECT
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_CREATE
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_READ
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_UPDATE
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_DELETE
AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_MOVE
ai-service-anomaly-detection-job AI_SERVICE_ANOMALY_DETECTION_JOB_INSPECT
AI_SERVICE_ANOMALY_DETECTION_JOB_CREATE
AI_SERVICE_ANOMALY_DETECTION_JOB_READ
AI_SERVICE_ANOMALY_DETECTION_JOB_UPDATE
AI_SERVICE_ANOMALY_DETECTION_JOB_CANCEL
AI_SERVICE_ANOMALY_DETECTION_JOB_MOVE

Permissions Required for Each API Operation

You can use the individual resource types with API calls to interact with the service.

The following table lists the API operations for the Anomaly Detection service in a logical order, grouped by resource type, and the permissions required for resource types:

API Operation Permission

CreateProject

AI_SERVICE_ANOMALY_DETECTION_PROJECT_CREATE
GetProject AI_SERVICE_ANOMALY_DETECTION_PROJECT_READ
UpdateProject AI_SERVICE_ANOMALY_DETECTION_PROJECT_UPDATE
DeleteProject AI_SERVICE_ANOMALY_DETECTION_PROJECT_DELETE
ChangeProjectCompartment AI_SERVICE_ANOMALY_DETECTION_PROJECT_MOVE
CreateDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_CREATE
ListDataAssets AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_LIST
GetDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_READ
UpdateDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_UPDATE
DeleteDataAsset AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_DELETE
ChangeDataAssetCompartment AI_SERVICE_ANOMALY_DETECTION_DATA_ASSET_MOVE
CreateModel AI_SERVICE__ANOMALY_DETECTION_MODEL_CREATE
ListModels AI_SERVICE_ANOMALY_DETECTION_MODEL_INSPECT
GetModel AI_SERVICE__ANOMALY_DETECTION_MODEL_READ
UpdateModel AI_SERVICE__ANOMALY_DETECTION_MODEL_UPDATE
DeleteModel AI_SERVICE__ANOMALY_DETECTION_MODEL_DELETE
ChangeModelCompartment AI_SERVICE__ANOMALY_DETECTION_MODEL_MOVE
DetectAnomalies AI_SERVICE_ANOMALY_DETECTION_MODEL_INFER
ChangeAiPrivateEndpointCompartment AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_MOVE
CreateAiPrivateEndpoint AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_CREATE
DeleteAiPrivateEndpoint AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_DELETE
GetAiPrivateEndpoint AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_READ
UpdateAiPrivateEndpoint AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_UPDATE
ListAiPrivateEndpoints AI_SERVICE_ANOMALY_DETECTION_PRIVATE_ENDPOINT_INSPECT
ListDetectAnomalyJobs AI_SERVICE_ANOMALY_DETECTION_JOB_INSPECT
CreateDetectAnomalyJob AI_SERVICE_ANOMALY_DETECTION_JOB_CREATE
GetDetectAnomalyJob AI_SERVICE_ANOMALY_DETECTION_JOB_READ
UpdateDetectAnomalyJob AI_SERVICE_ANOMALY_DETECTION_JOB_UPDATE
DeleteDetectAnomalyJob AI_SERVICE_ANOMALY_DETECTION_JOB_CANCEL
ChangeDetectAnomalyJobCompartment AI_SERVICE_ANOMALY_DETECTION_JOB_MOVE