Scheduler Policies
You must create a group of users that are authorized to work with scheduler before you can schedule an action.
A schedule resource principal is used to run the schedule action. For example, when the schedule is triggered, it's used to create a job run.
An example of a dynamic group (
schedule_group) defined for the schedule
resource principal where schedules are in some compartment or with some
tag:ALL { resource.type = 'datascienceschedule', resource.compartment.id = '<compartmentA Ocid>' }An example of a dynamic group rule using the schedule resource principal where schedules are
tagged with a specific defined tag can create a
resource:
ALL { resource.type = 'datascienceschedule', tag.operations.value = 'somevalue' }The following example is a policy for the scheduler to create a job run using a custom
context
variable:
Allow dynamic-group <schedule_group> to
{ DATA_SCIENCE_PROJECT_READ, DATA_SCIENCE_JOB_READ, DATA_SCIENCE_JOB_RUN_CREATE }
in compartment <YOUR_COMPARTMENT_NAME> where request.principal.scheduleTarget_id
= 'ocid1.datasciencejob.oc1.iad.amaaaaaay75uckqahmfxaqm7d74b4xey5ibhy2atlbigxm5l4v4rkm5hgeaq'(Optional) Allows the scheduler emit logs to the Logging service. You need this policy if
you're using Logging with scheduling. This statement is permissive. In this example, you
restrict the permission to use log-content in a specific
compartment.
allow any-user to use log-content in compartment <YOUR_COMPARTMENT_NAME>
where request.principal.type = 'datascienceschedule'