Permissions for OCI

Updated

On this page

To enable users to perform operations for Oracle Cloud Infrastructure (OCI), Oracle Resource Manager configures the IAM permissions for API key-based authentication using the Metallic-provided Resource Manager template when you configure backups for OCI instances.

The Oracle Resource Manager template creates an IAM user (MetallicServiceAccount) in the IAM group (MetallicGroup). Then, it creates and assigns an IAM policy (MetallicPolicy) to the group. MetallicPolicy has the minimum permissions that are required to perform backup and restore operations.

Required Permissions

At tenant level:

Resource

Level

Backup

Recovery

VM Conversion

compartments

inspect

Yes

Yes

Yes

subnets

use

--

Yes

--

vcns

inspect

--

Yes

--

vnics

use

--

Yes

--

At compartment level for each source instance and for each future restored instance target compartments:

Resource

Level

Backup

Recovery

VM Conversion

BYOS Object Storage

boot-volume-backups

manage

Yes

Yes

--

--

buckets

create

Yes

Yes

Yes

Yes

buckets

PAR_MANAGE for Preauthenticated Requests

--

--

Yes

Yes

buckets

inspect

Yes

Yes

--

Yes

instance-images

manage

Yes

Yes

Yes

--

instances

manage

Yes

Yes

Yes

--

objects

manage

Yes

Yes

Yes

Yes

subnets

use

Yes

Yes

Yes

--

vcns

inspect

Yes

Yes

Yes

--

vnic-attachments

inspect

Yes

Yes

Yes

--

vnics

use

Yes

Yes

Yes

--

volume-attachments

manage

Yes

Yes

Yes

--

volume-backups

manage

Yes

Yes

--

--

volumes

manage

Yes

Yes

Yes

--

At the backup gateway compartment level:

Resource

Level

Backup

Recovery

VM Conversion

instances

use

Yes

Yes

Yes

volume-attachments

manage

Yes

Yes

Yes

volumes

use

Yes

Yes

Yes