Oracle Cloud Infrastructure Documentation

Details for Monitoring

This topic covers details for writing policies to control access to the Monitoring service.

Resource-Types

alarms

metrics

Supported Variables

Monitoring supports all the general variables (see General Variables for All Requests), plus the one listed here:

Operations for This Resource-Type... Can Use This Variable Variable Type Comments
metrics target.metrics.namespace String

Use this variable to control access to specific resource types. Surround the namspace value with single quotes. For example, to control access to metrics for Compute instances, use the following phrase: where target.metrics.namespace='oci_computeagent'

For an example policy, see Restrict user access to a specific metric namespace. For valid namespace values, see Supported Services.

Details for Verb + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

alarms
metrics

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type.

For information about permissions, see Permissions.

API Operation Permissions Required to Use the Operation
ListMetrics METRIC_INSPECT or METRIC_READ
SummarizeMetricsData METRIC_READ
PostMetricData METRIC_WRITE

ListAlarms

ALARM_INSPECT

ListAlarmsStatus ALARM_INSPECT

GetAlarm

ALARM_READ and METRIC_READ

GetAlarmHistory

ALARM_READ

CreateAlarm

ALARM_CREATE and METRIC_READ

UpdateAlarm

ALARM_UPDATE and METRIC_READ

RemoveAlarmSuppression ALARM_UPDATE

DeleteAlarm

ALARM_DELETE