Details for Load Balancing

This topic covers details for writing policies to control access to the Load Balancer service.

Resource-Types

load-balancers

Details for Verb + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

For example, the read verb for load-balancers includes the same permissions and API operations as the inspect verb, plus the LOAD_BALANCER_READ permission and a number of API operations (e.g., GetLoadBalancer, ListWorkRequests, etc.). The use verb covers still another permission and set of API operations compared to read. And manage covers two more permissions and operations compared to use.

load-balancers

Verbs Permissions APIs Fully Covered APIs Partially Covered
inspect

LOAD_BALANCER_INSPECT

ListLoadBalancers

ListShapes

ListPolicies

ListProtocols

none

read

INSPECT +

LOAD_BALANCER_READ

INSPECT +

GetLoadBalancer

ListWorkRequests

GetWorkRequest

ListBackendSets

GetBackendSet

ListBackends

GetBackend

GetHealthChecker

ListCertificates

none

use

READ +

LOAD_BALANCER_UPDATE

LOAD_BALANCER_MOVE

READ +

UpdateLoadBalancer

ChangeLoadBalancerCompartment

UpdateBackendSet

CreateBackendSet

DeleteBackendSet

UpdateBackend

CreateBackend

DeleteBackend

UpdateHealthChecker

CreateCertificate

DeleteCertificate

UpdateListener

CreateListener

DeleteListener

none

manage

USE +

LOAD_BALANCER_CREATE

LOAD_BALANCER_DELETE

USE +

CreateLoadBalancer

DeleteLoadBalancer

none

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type.

Tip

If a group uses the Console to manage load balancers, permissions to use the associated networking resources are required. See the load balancing policy examples for further guidance.

For information about permissions, see Permissions.

API Operation Permissions Required to Use the Operation
ListLoadBalancers LOAD_BALANCER_INSPECT
GetLoadBalancer LOAD_BALANCER_READ
ChangeLoadBalancerCompartment LOAD_BALANCER_MOVE
UpdateLoadBalancer LOAD_BALANCER_UPDATE
CreateLoadBalancer LOAD_BALANCER_CREATE
DeleteLoadBalancer LOAD_BALANCER_DELETE
ListShapes LOAD_BALANCER_INSPECT
ListWorkRequests LOAD_BALANCER_READ
GetWorkRequest LOAD_BALANCER_READ
ListBackendSets LOAD_BALANCER_READ
GetBackendSet LOAD_BALANCER_READ
UpdateBackendSet LOAD_BALANCER_UPDATE
CreateBackendSet LOAD_BALANCER_UPDATE
DeleteBackendSet LOAD_BALANCER_UPDATE
ListBackends LOAD_BALANCER_READ
GetBackend LOAD_BALANCER_READ
UpdateBackend LOAD_BALANCER_UPDATE
CreateBackend LOAD_BALANCER_UPDATE
DeleteBackend LOAD_BALANCER_UPDATE
GetHealthChecker LOAD_BALANCER_READ
UpdateHealthChecker LOAD_BALANCER_UPDATE
ListCertificates LOAD_BALANCER_READ
CreateCertificate LOAD_BALANCER_UPDATE
DeleteCertificate LOAD_BALANCER_UPDATE
UpdateListener LOAD_BALANCER_UPDATE
CreateListener LOAD_BALANCER_UPDATE
DeleteListener LOAD_BALANCER_UPDATE
ListPolicies LOAD_BALANCER_INSPECT
ListProtocols LOAD_BALANCER_INSPECT