To enable users to perform operations for Oracle Cloud Infrastructure (OCI), Oracle Resource Manager configures the IAM permissions for API key-based authentication using the Metallic-provided Resource Manager template when you complete the OCI guided setup.
The Oracle Resource Manager template creates an IAM user (MetallicServiceAccount) in the IAM group (MetallicGroup). Then, it creates and assigns an IAM policy (MetallicPolicy) to the group. MetallicPolicy has the minimum permissions that are required to perform backup and restore operations.
Required Permissions
At tenant level:
|
Resource |
Level |
Backup |
Recovery |
|---|---|---|---|
|
compartments |
inspect |
Yes |
Yes |
|
tag-namespaces |
use |
Yes |
Yes |
At compartment level:
|
Resource |
Level |
Backup |
Recovery |
BYOS Object Storage |
|---|---|---|---|---|
|
buckets |
read |
Yes |
Yes |
-- |
|
buckets |
create |
-- |
Yes |
Yes |
|
buckets |
update |
-- |
Yes |
-- |
|
buckets |
inspect |
Yes |
Yes |
Yes |
|
objects |
manage |
Yes |
Yes |
Yes |
At the access node compartment level:
|
Resource |
Level |
Backup |
Recovery |
|---|---|---|---|
|
instances |
use |
Yes |
Yes |
|
volume-attachments |
manage |
Yes |
Yes |
|
volumes |
use |
Yes |
Yes |