Oracle Cloud Infrastructure Documentation

Details for Search

The Search service does not require permissions for its API operations. You do not need to write policies specifically to control access to Search. However, what you can see in search or query results depends on the permissions you have. If a policy exists to give you access to the inspect verb for a particular resource type, you have access to the permissions needed to view that resource type and its associated metadata in search results. If a service does not recognize the inspect verb or if the resource type's inspect verb does not fully cover list operations, permissions to view the service's supported resource types are granted by the read verb instead.

For more information about permissions, see the Permissions section of Advanced Policy Features.

Permissions Required to View Each Resource Type

The following table lists the resource types grouped by service, which are listed in alphabetical order. The Search API operations that can access the metadata for these resource types with these permissions are GetResourceType, ListResourceTypes, and SearchResources.

Service Resource Type Permissions Required to View in Search Results
Block Volume volumes VOLUME_INSPECT
Block Volume volume-backups VOLUME_BACKUP_INSPECT
Compute console-histories CONSOLE_HISTORY_INSPECT
Compute instance-images INSTANCE_IMAGE_READ
Compute instances INSTANCE_READ
Database databases DATABASE_INSPECT
Database db-homes DB_HOME_INSPECT (if you want to filter results using db-homes attributes)
Database db-systems DB_SYSTEM_INSPECT
IAM compartments COMPARTMENT_INSPECT
IAM groups GROUP_INSPECT
IAM identity-providers IDENTITY_PROVIDER_INSPECT
IAM users USER_INSPECT
Networking route-tables ROUTE_TABLE_READ
Networking security-lists SECURITY_LIST_READ
Networking subnets SUBNET_READ
Networking vcns VCN_READ
Object Storage buckets BUCKET_INSPECT