Detalhes do Gerenciamento da Organização
Este tópico abrange detalhes de gravação de políticas para controlar o acesso ao Gerenciamento da Organização.
Tipos de Recursos
organizations-family
organizations-link
organizations-recipient-invitation
organizations-sender-invitation
organizations-invitation
organizations-domain
organizations-domain-governance
organizations-entity
organizations-tenancy
organizations-order
organizations-subscription
organizations-subscription-mapping
organizations-assigned-subscription
organizations-subscription-region
organizations-governance-rules
organizations-enforced-governance-rules
Variáveis Suportadas
O Gerenciamento da Organização suporta todas as variáveis gerais (consulte Variáveis Gerais para Todas as Solicitações), além de outras listadas aqui:
Variáveis obrigatórias (fornecidas pelo serviço para cada solicitação):
Variável | Tipo de variável | Comentários |
---|---|---|
target.resource.kind |
String | O nome do tipo do recurso principal da solicitação. |
Variáveis Automáticas (fornecidas pelo SDK para cada solicitação):
Variável | Tipo de variável | Comentários |
---|---|---|
target.tenant.id |
Entidade (OCID) | O OCID do ID do tenant de destino. |
Detalhes para Combinações de Verbo + Tipo de Recurso
As tabelas a seguir mostram as permissões e operações de API abrangidas por cada verbo. O nível de acesso é cumulativo à medida que você vai de inspect
> read
> use
> manage
. Um sinal de mais (+) em uma célula da tabela indica o acesso incremental comparado à célula diretamente acima dela, enquanto "sem extra" indica acesso incremental.
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_LINK_INSPECT ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT ORGANIZATIONS_DOMAIN_INSPECT ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT ORGANIZATIONS_TENANCY_INSPECT ORGANIZATIONS_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT GOVERNANCE_RULE_INSPECT ORGANIZATIONS_ENTITY_INSPECT ORGANIZATIONS_TENANCY_INSPECT |
ListLinks
|
none |
READ | INSPECT + ORGANIZATIONS_LINK_READ ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ ORGANIZATIONS_DOMAIN_READ ORGANIZATIONS_DOMAIN_GOVERNANCE_READ ORGANIZATIONS_ENTITY_READ ORGANIZATIONS_TENANCY_READ ORGANIZATIONS_SUBSCRIPTION_READ ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ GOVERNANCE_RULE_READ |
INSPECT + GetLink
|
none |
USE | LEIA + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE
ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY |
LEIA + AcceptRecipientInvitation
GetGovernanceRule
|
none |
MANAGE | UTILIZAÇÃO + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE ORGANIZATIONS_SENDER_INVITATION_CREATE ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE ORGANIZATIONS_ORDER_ACTIVATE ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE ORGANIZATIONS_ENTITY_UPDATE ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE |
UTILIZAÇÃO + DeleteLink
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_LINK_INSPECT | ListLinks
|
none |
LEITURA, USO | INSPECT + ORGANIZATIONS_LINK_READ | INSPECT + GetLink |
none |
MANAGE | UTILIZAÇÃO + ORGANIZATIONS_LINK_PARENT_DELETE ORGANIZATIONS_LINK_CHILD_DELETE |
UTILIZAÇÃO + DeleteLink |
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT | ListRecipientInvitations
|
none |
READ | INSPECT + ORGANIZATIONS_RECIPIENT_INVITATION_READ | INSPECT + GetRecipientInvitation |
none |
USAR, GERENCIAR | LEIA + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE | LEIA + AcceptRecipientInvitation
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_SENDER_INVITATION_INSPECT | ListRecipientInvitations
|
none |
READ | INSPECT + ORGANIZATIONS_SENDER_INVITATION_READ | INSPECT + GetSenderInvitation |
none |
USE | LEIA + ORGANIZATIONS_SENDER_INVITATION_UPDATE | LEIA + UpdateSenderInvitation
|
none |
MANAGE | UTILIZAÇÃO + ORGANIZATIONS_SENDER_INVITATION_CREATE | UTILIZAÇÃO + CreateSenderInvitation |
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT ORGANIZATIONS_SENDER_INVITATION_INSPECT |
ListRecipientInvitations
|
none |
READ | INSPECT + ORGANIZATIONS_RECIPIENT_INVITATION_READ ORGANIZATIONS_SENDER_INVITATION_READ |
INSPECT + GetRecipientInvitation
|
none |
USE | LEIA + ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE ORGANIZATIONS_SENDER_INVITATION_UPDATE |
LEIA + AcceptRecipientInvitation
|
none |
MANAGE | UTILIZAÇÃO + ORGANIZATIONS_SENDER_INVITATION_CREATE | UTILIZAÇÃO + CreateSenderInvitation |
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_DOMAIN_INSPECT | ListDomains
|
none |
READ | INSPECT + ORGANIZATIONS_DOMAIN_READ | INSPECT + GetDomain |
none |
USE | LEIA + ORGANIZATIONS_DOMAIN_UPDATE | LEIA + UpdateDomain |
none |
MANAGE | UTILIZAÇÃO + ORGANIZATIONS_DOMAIN_CREATE ORGANIZATIONS_DOMAIN_DELETE |
UTILIZAÇÃO + CreateDomain
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT | ListDomainGovernances
|
none |
READ | INSPECT + ORGANIZATIONS_DOMAIN_GOVERNANCE_READ | INSPECT + GetDomainGovernance |
none |
USE | LEIA + ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE | LEIA + UpdateDomainGovernance |
none |
MANAGE | UTILIZAÇÃO + ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE |
UTILIZAÇÃO + CreateDomainGovernance
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_ENTITY_INSPECT | ListOrganizations
|
none |
READ | INSPECT + ORGANIZATIONS_ENTITY_READ | INSPECT + GetOrganization |
none |
USE | LEIA + ORGANIZATIONS_ENTITY_UPDATE | LEIA + UpdateOrganization |
none |
MANAGE | - | - | none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_TENANCY_INSPECT | ListOrganizationTenancies
|
none |
LEITURA, USO | INSPECT + ORGANIZATIONS_TENANCY_READ | INSPECT + GetOrganizationTenancy |
none |
MANAGE | UTILIZAÇÃO + ORGANIZATIONS_TENANCY_CREATE ORGANIZATIONS_TENANCY_DELETE ORGANIZATIONS_TENANCY_RESTORE |
UTILIZAÇÃO + CreateChildTenancy
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | - | - | none |
READ | - | - | none |
USE | - | - | none |
MANAGE | ORGANIZATIONS_ORDER_ACTIVATE | ActivateOrder |
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_SUBSCRIPTION_INSPECT | ListSubscriptions
|
none |
READ | INSPECT + ORGANIZATIONS_SUBSCRIPTION_READ | INSPECT + GetSubscription |
none |
USAR, GERENCIAR | UTILIZAÇÃO + ORGANIZATIONS_SUBSCRIPTION_ASSIGN ORGANIZATIONS_SUBSCRIPTION_DELETE |
UTILIZAÇÃO + AssignTenancySubscription
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT | ListSubscriptionMappings
|
none |
READ | INSPECT + ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ | INSPECT + GetSubscriptionMapping |
none |
USAR, GERENCIAR | UTILIZAÇÃO + ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE |
UTILIZAÇÃO + DeleteSubscriptionMapping
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT | ListAssignedSubscriptions
|
none |
READ | INSPECT + ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ | INSPECT + GetAssignedSubscription |
none |
USE | - | - | none |
MANAGE | - | - | none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT | ListAvailableRegions
|
none |
READ | - | - | none |
USE | - | - | none |
MANAGE | - | - | none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | GOVERNANCE_RULE_INSPECT | ListGovernanceRules
|
none |
READ | INSPECT + GOVERNANCE_RULE_READ | INSPECT + GetGovernanceRule
|
none |
USE | LEIA + GOVERNANCE_RULE_UPDATE GOVERNANCE_RULE_RETRY |
LEIA + GetGovernanceRule
|
none |
MANAGE | UTILIZAÇÃO + GOVERNANCE_RULE_CREATE GOVERNANCE_RULE_DELETE |
UTILIZAÇÃO + CreateGovernanceRule
|
none |
Verbos | Permissões | APIs Totalmente Abrangidas | APIs Parcialmente Abrangidas |
---|---|---|---|
INSPECT | GOVERNANCE_RULE_ENFORCED_INSPECT | ListEnforcedGovernanceRules
|
none |
READ | INSPECT + GOVERNANCE_RULE_ENFORCED_READ | INSPECT + GetEnforcedGovernanceRule |
none |
USE | - | - | none |
MANAGE | - | - | none |
Permissões Exigidas para Cada Operação de API
A tabela a seguir lista as operações de API em uma ordem lógica, agrupadas por tipo de recurso. Para obter informações sobre permissões, consulte Permissões.
Operação da API | Permissões Necessárias para Usar a Operação |
---|---|
GetLink | ORGANIZATIONS_LINK_READ |
ListLinks | ORGANIZATIONS_LINK_INSPECT |
DeleteLink | ORGANIZATIONS_LINK_CHILD_DELETE ORGANIZATIONS_LINK_PARENT_DELETE |
GetRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_READ |
AcceptRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
IgnoreRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
UpdateRecipientInvitation | ORGANIZATIONS_RECIPIENT_INVITATION_UPDATE |
ListRecipientInvitations | ORGANIZATIONS_RECIPIENT_INVITATION_INSPECT |
CreateSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_CREATE |
GetSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_READ |
ListSenderInvitations | ORGANIZATIONS_SENDER_INVITATION_INSPECT |
CancelSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_UPDATE |
UpdateSenderInvitation | ORGANIZATIONS_SENDER_INVITATION_UPDATE |
UpdateSenderInvitation | ORGANIZATIONS_DOMAIN_READ |
ListDomains | ORGANIZATIONS_DOMAIN_INSPECT |
CreateDomain | ORGANIZATIONS_DOMAIN_CREATE |
UpdateDomain | ORGANIZATIONS_DOMAIN_UPDATE |
DeleteDomain | ORGANIZATIONS_DOMAIN_DELETE |
GetDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_READ |
ListDomainGovernances | ORGANIZATIONS_DOMAIN_GOVERNANCE_INSPECT |
CreateDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_CREATE |
UpdateDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_UPDATE |
DeleteDomainGovernance | ORGANIZATIONS_DOMAIN_GOVERNANCE_DELETE |
GetOrganization | ORGANIZATIONS_ENTITY_READ |
ListOrganizations | ORGANIZATIONS_ENTITY_INSPECT |
UpdateOrganization | ORGANIZATIONS_ENTITY_UPDATE |
GetOrganizationTenancy | ORGANIZATIONS_TENANCY_READ |
ListOrganizationTenancies | ORGANIZATIONS_TENANCY_INSPECT |
approForTransfer/unapproveForTransfer | ORGANIZATIONS_TENANCY_TRANSFER_APPROVAL_UPDATE |
CreateChildTenancy | ORGANIZATIONS_TENANCY_CREATE |
DeleteOrganizationTenancy | ORGANIZATIONS_TENANCY_DELETE |
RestoreOrganizationTenancy | ORGANIZATIONS_TENANCY_RESTORE |
ActivateOrder | ORGANIZATIONS_ORDER_ACTIVATE |
ListSubscriptions | ORGANIZATIONS_SUBSCRIPTION_INSPECT |
ListSubscriptionMappings | ORGANIZATIONS_SUBSCRIPTION_MAPPING_INSPECT |
GetSubscription | ORGANIZATIONS_SUBSCRIPTION_READ |
GetSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_READ |
AssignTenancySubscription | ORGANIZATIONS_SUBSCRIPTION_ASSIGN |
AssignDefaultSubscription | ORGANIZATIONS_SUBSCRIPTION_ASSIGN |
DeleteSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_DELETE |
CreateSubscriptionMapping | ORGANIZATIONS_SUBSCRIPTION_MAPPING_CREATE |
ListAssignedSubscriptions | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_INSPECT |
GetAssignedSubscription | ORGANIZATIONS_ASSIGNED_SUBSCRIPTION_READ |
ListAvailableRegions | ORGANIZATIONS_SUBSCRIPTION_REGION_INSPECT |
ListGovernanceRules | GOVERNANCE_RULE_INSPECT |
GetGovernanceRule | GOVERNANCE_RULE_READ |
CreateGovernanceRule | GOVERNANCE_RULE_CREATE |
UpdateGovernanceRule | GOVERNANCE_RULE_UPDATE |
DeleteGovernanceRule | GOVERNANCE_RULE_DELETE |
RetryGovernanceRule | GOVERNANCE_RULE_RETRY |
CreateInclusionCriterion | GOVERNANCE_RULE_UPDATE |
DeleteInclusionCriterion | GOVERNANCE_RULE_UPDATE |
ListTenancyAttachments | GOVERNANCE_RULE_READ |
GetTenancyAttachment | GOVERNANCE_RULE_READ |
RetryTenancyAttachment | GOVERNANCE_RULE_RETRY |
ListEnforcedGovernanceRules | GOVERNANCE_RULE_ENFORCED_INSPECT |
GetEnforcedGovernanceRule | GOVERNANCE_RULE_ENFORCED_READ |