Oracle Cloud Infrastructure Documentation

Setting Up Users, Groups, and User Access

To access Batch resources, you must be one of the following user types and have the appropriate policies configured for your user role.

You can structure users, groups, user access, and associated policies in any way that fits your organization's operational and security needs.
  • Basic user: A basic user has read-only access to monitor jobs and task statuses.

    Example policies to enable monitoring in a compartment: 

    Allow group JobMonitors to read batch-computing-family in compartment project1
    Allow group JobMonitors to read batch-job-pool in compartment project1
  • Basic privilege user: A basic privilege user has read and write access to specific resource types. This user can perform the following actions within a compartment:
    • Monitor job pools
    • Create jobs in a job pool
    • Manage jobs in a job pool
    • Set job prioritization tags
    • Create task profiles
    • Create environments

    Example policies:

    
Allow group JobCreators to read   batch-computing-family   in compartment project1
Allow group JobCreators to manage batch-job                in compartment project1
Allow group JobCreators to use    batch-job-pool           in compartment project1
Allow group JobCreators to use    batch-task-profile       in compartment project1
Allow group JobCreators to use    batch-environment        in compartment project1
Allow group JobCreators to use    tag-namespaces           in compartment project1
  • Administrative user: The administrator can manage all resources and perform the following within a compartment:
    • Manage all OCI Batch resources
    • Manage tag namespaces
    • Manage tag defaults
    Note

    Administrators need access to tag namespaces and tag defaults to define tag keys and values, enforce automatic tagging (for example, applying cost-tracking or ownership tags), and set up namespaces for tags used in prioritization across all batch resources in the compartment.

    Example policies:

    
Allow group BatchAdmins to manage batch-computing-family     in compartment project1
Allow group BatchAdmins to manage tag-namespaces             in compartment project1
Allow group BatchAdmins to manage tag-defaults               in compartment project1