IAM Policies for OCI Generative AI
You can get permission to access OCI Generative AI resources through OCI Identity and Access Management (IAM) policies.
If you're not member of the Administrators group, ask your administrator to assign you the least privileges that are required to perform your responsibilities by reviewing the following sections.
If you need help writing IAM policies, see IAM Policies and Policy Syntax.
Give User Groups Access to All Generative AI Resources
To give user groups permission to all Generative AI resource types, you can use the aggregate generative-ai-family resource types in an IAM policy permissions.
We recommend giving permission to all Generative AI resources only to administrators or user groups working on sandbox environments.
-
Grant access to
manageall the Generative AI resources in the tenancy with the following IAM policy:allow group <your-group-name> to manage generative-ai-family in tenancy - Grant access to
manageall the Generative AI resources in a specified compartment with the following IAM policy:allow group <your-group-name> to manage generative-ai-family in compartment <your-compartment-name>
Generative AI Individual Resource Types
Instead of giving a group of users access to all Generative AI resources, you can fine grain the access to the resource-type level. The following table lists all the resource-types included in the generative-ai-family resource type. Select the topics in the next section for the types of permissions for each resource type.
| Aggregate Resource Type | Included Individual Resource Types |
|---|---|
generative-ai-family
|
|