Help Docs

Policies and permissions

To monitor your OCI resources, Site24x7 needs access to your tenancy. This requires creating a specific policy to allow Site24x7 to view your resources without affecting your security. 

While creating a policy, you need to copy the Site24x7 Tenancy ID and Group ID from Site24x7's Integrate OCI monitor page and paste it in the below syntax: 

Define tenancy Site24x7 as <Site24x7TenancyID>
Define group Administrators as <groupID>
Admit group Administrators of tenancy Site24x7 to read instance-family in tenancy
Note
  • If you wish to restrict access to a specific resource type, use the following syntax by filling the applicable resource type in the placeholder:
    Admit group Administrators of tenancy Site24x7 to read  in tenancy
  • If you are using the above syntax to restrict access to resource type, you need to provide the below syntax in addition to the above one to enable Site24x7 to read the compartments in a tenancy:
    Admit group Administrators of tenancy Site24x7 to read compartments in tenancy
  • You can apply a policy to a specific compartment, its parent, or even higher levels in your tenancy hierarchy. For example, a policy attached to a compartment applies only to resources within that compartment, while a policy attached to the root applies to all resources in your tenancy. To obtain compartment-based access, enter the following syntax:
    Admit group Administrators of tenancy Site24x7 to read all-resources in compartment 

These predefined policies are maintained and updated by the OCI team itself, so when we bring in monitoring support for any new OCI service, there won't be any need for you to update the permissions in the policy document.

Supported OCI services

The supported OCI services and the individual actions required for each service is mentioned below.

OCI service Read-level actions Partial write-level actions
Monitoring (This service is used for metric collection.)

SummarizeMetricsData

METRIC_INSPECT and METRIC_READ

  
Autonomous Database listAutonomousDatabases - AUTONOMOUS_DATABASE_INSPECT
GetAutonomousDatabase -   AUTONOMOUS_DATABASE_INSPECT
listAutonomousDatabaseBackups - AUTONOMOUS_DB_BACKUP_INSPECT		 StopAutonomousDatabase -  AUTONOMOUS_DATABASE_UPDATE 
restartAutonomousDatabase - AUTONOMOUS_DATABASE_UPDATE 
startAutonomousDatabase - AUTONOMOUS_DATABASE_UPDATE
Block Volume listVolumeAttachments
listBootVolumeAttachments - VOLUME_ATTACHMENT_INSPECT
GetVolume
GetBootVolume - VOLUME_INSPECT		  
Compute Instance listInstances - INSTANCE_READ
listVolumeAttachments -INSTANCE_READ
getVolume - VOLUME_INSPECT
listBootVolumeAttachments - VOLUME_INSPECT
getBootVolume - VOLUME_INSPECT
listVnicAttachments - VNIC_READ  (inspect instance-family)
getVnic - VNIC_READ		 InstanceAction - INSTANCE_POWER_ACTIONS
Object Storage Bucket ListBuckets - BUCKET_INSPECT
GetBucket - BUCKET_READ
GetNamespace		  

 

Related topics

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!