Permissions for Data and Context Management

This topic describes the IAM permissions required for context and content management in OCI Generative AI. It outlines the access needed for users to create and manage files, vector stores, and vector store connectors.

For OCI Generative AI Vector Store Connectors

Create a dynamic group for vector store connectors.
Grant the dynamic group permission to read Object Storage resources in the specified compartment.

Create a dynamic group for applications and deployments in the tenancy with the following matching rule:
```
all {resource.type='generativeaivectorconnector'}
```

To restrict the vector store connectors to a specific compartment, update the previous condition to:

all {resource.type='generativeaivectorconnector',
resource.compartment.id='<your-compartment-OCID>'}

Create a policy to grant the dynamic group permission to read Object Storage resources such as buckets.

Allow dynamic-group <dynamic-group-name> 
to read object-family in compartment <your-compartment-name>'}

QuickStart Permissions for Users

See Give User Groups Access to All Generative AI Resources.

API-Level Permissions

See the following topics for fine-grained, API-level permissions for each resource type.

API-Level Permissions for Vector Stores

Oracle Cloud Infrastructure Documentation

Permissions for Data and Context Management

For OCI Generative AI Vector Store Connectors

QuickStart Permissions for Users

API-Level Permissions