API-Level Permissions for Deployments

This page provides access and authorization information for the OCI Generative AI service deployments resource type.

For specific permissions for this resource type, review this page. For a list of all resource types available in OCI Generative AI, see User Access to Individual Resources.

Resource Type


Resource Type for IAM Permissions	Documentation Reference	API Reference
`generative-ai-hosted-deployment`	Deployments	`HostedDeployments`

Inspect Permission

Grant user groups inspect permission to run the following commands:

GET ListHostedDeployments

Read Permission

Grant user groups read permission to run the following commands:

GET ListHostedDeployments
GET GetHostedDeployment

Use Permission

Grant user groups use permission to run the following commands:

GET ListHostedDeployments
GET GetHostedDeployment
PUT UpdateHostedDeployment

Manage Permission

Grant user groups manage permission to run the following commands:

GET ListHostedDeployments
GET GetHostedDeployment
PUT UpdateHostedDeployment
POST CreateHostedDeployment
POST AddArtifact
DELETE DeleteHostedDeploymentArtifact
DELETE DeleteHostedDeployment

Note

The manage permission includes all actions allowed by use, read, and inspect.
The use permission includes all actions allowed by read and inspect.
The read permission includes all actions allowed by inspect.

Tip

The generative-ai-hosted-deployment resource-type is part of the generative-ai-family.

If you have permission to the family, you have the same permission for this resource type. For example:

allow group <your-group-name> to manage generative-ai-family 
in compartment <your-compartment-name>

1-1 Permissions for APIs

Note

We recommend using the higher-level IAM verbs, manage, use, read, and inspect, for a better user experience. For example, you might grant a user group permission to delete a resource, but if you don't also grant permission to list that resource, users might not find it.

If a use case requires access to only a specific API operation, you can use the individual permissions listed here. For example, if users need permission to create a resource but not delete it, grant manage for that resource type and exclude the delete permission.

`generative-ai-hosted-deployment`


Permission	API Operation	Operation Type	Verb
`GENERATIVE_AI_HOSTED_DEPLOYMENT_INSPECT`	`ListHostedDeployment`	`GET`	`inspect`
`GENERATIVE_AI_HOSTED_DEPLOYMENT_READ`	`GetHostedDeployment`	`GET`	`read`
`GENERATIVE_AI_HOSTED_DEPLOYMENT_UPDATE`	`UpdateHostedDeployment`	`PUT`	`use`
`GENERATIVE_AI_HOSTED_DEPLOYMENT_CREATE`	`CreateHostedDeployment`	`POST`	`manage`
`GENERATIVE_AI_HOSTED_DEPLOYMENT_ARTIFACT_ADD`	`AddArtifact`	`POST`	`manage`
`GENERATIVE_AI_HOSTED_DEPLOYMENT_ARTIFACT_DELETE`	`DeleteHostedDeploymentArtifact`	`DELETE`	`manage`
`GENERATIVE_AI_HOSTED_DEPLOYMENT_DELETE`	`DeleteHostedDeployment`	`DELETE`	`manage`

Oracle Cloud Infrastructure Documentation