Oracle Cloud Infrastructure Documentation

Details for API Gateway

This topic covers details for writing policies to control access to API Gateway.

Resource-Types

Aggregate Resource-Type

api-gateway-family

Individual Resource-Types

  • api-gateways
  • api-deployments
  • api-workrequests

Comments

A policy that uses <verb> api-gateway-family is equivalent to writing one with a separate <verb> <individual resource-type> statement for each of the individual resource-types.

See the table in Details for Verb + Resource-Type Combinations for a detailed breakout of the API operations covered by each verb, for each individual resource-type included in api-gateway-family.

Supported Variables

API Gateway supports all the general variables (see General Variables for All Requests).

Details for Verb + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access..

For example, the read verb for the api-gateways resource-type includes the same permissions and API operations as the inspect verb, plus the API_GATEWAY_READ permission and a number of API operations (e.g., GetGateway, etc.). The use verb covers additional permissions and API operations compared to read. Lastly, manage covers more permissions and operations compared to use.

api-gateways
api-deployments

 

api-workrequests

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type. For information about permissions, see Permissions.

API Operation Permissions Required to Use the Operation
ListGateways API_GATEWAY_LIST
CreateGateway API_GATEWAY_CREATE
GetGateway API_GATEWAY_READ
UpdateGateway API_GATEWAY_UPDATE
DeleteGateway API_GATEWAY_DELETE
ListDeployments API_DEPLOYMENT_LIST
CreateDeployment API_DEPLOYMENT_CREATE and API_GATEWAY_READ and API_GATEWAY_ADD_DEPLOYMENT
GetDeployment API_DEPLOYMENT_READ and API_GATEWAY_READ
UpdateDeployment API_DEPLOYMENT_UPDATE and API_GATEWAY_READ and API_GATEWAY_ADD_DEPLOYMENT
DeleteDeployment API_DEPLOYMENT_DELETE and API_GATEWAY_READ and API_GATEWAY_REMOVE_DEPLOYMENT
ListWorkRequests

API_WORK_REQUEST_LIST

GetWorkRequest

API_WORK_REQUEST_READ

CancelWorkRequest

API_WORK_REQUEST_CANCEL

ListWorkRequestErrors

API_WORK_REQUEST_READ

ListWorkRequestLogs

API_WORK_REQUEST_READ