Threat Intelligence IAM Policies

This topic covers details for writing policies to control access to Oracle Cloud Infrastructure Threat Intelligence.

All Threat Intelligence resources are scoped to your entire tenancy (the root compartment).

Note

In IAM policies, threat types are referred to as labels. For example, to view threat types you must have permission to read labels.

Resource Types

The following resource types are related to Threat Intelligence.

Individual Resource Types

threat
label

Aggregate Resource Types

threat-intel-family

A policy that uses <verb> threat-intel-family is equivalent to writing one with a separate <verb> <individual resource-type> statement for each of the individual Threat Intelligence resource types.

Supported Variables

Threat Intelligence IAM policies support all the general policy variables.

See General Variables for All Requests.

Details for Verb + Resource-Type Combinations

For each resource type, identify the permissions and API operations covered by each verb.

threat


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
`read`	`TI_THREAT_READ`	`ListIndicators` `ListIndicatorTypes` `GetIndicator` `GetIndicatorSummaryCounts`	none

labels


Verbs	Permissions	APIs Fully Covered	APIs Partially Covered
`read`	`TI_LABEL_READ`	`ListLabels`	none

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type.

For more information about permissions, see Permissions.


API Operation	Permissions Required to Use the Operation
`ListIndicators`	`TI_THREAT_READ`
`GetIndicator`	`TI_THREAT_READ`
`ListIndicatorTypes`	`TI_THREAT_READ`
`GetIndicatorSummaryCounts`	`TI_THREAT_READ`
`ListLabels`	`TI_LABEL_READ`

Policy Examples

Learn about Threat Intelligence IAM policies using examples.

Allow users in the group SecurityAdmins to search for and view threat indicators

Allow group SecurityAdmins to read threat-intel-family in tenancy

Oracle Cloud Infrastructure Documentation