Skip to content

Commit 011030d

Browse files
fzarrioraclefzarrioracle
committed
change policies
1 parent 2b573c6 commit 011030d

File tree

1 file changed

+4
-4
lines changed
  • security/security-design/fn-datasafe-dbaudit-to-oci-logging/terraform

1 file changed

+4
-4
lines changed

security/security-design/fn-datasafe-dbaudit-to-oci-logging/terraform/policies.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@ resource "oci_identity_policy" "FunctionPolicy" {
1818
description = var.PolicyDescription
1919
compartment_id = var.tenancy_ocid
2020
count = var.setup_policies ? 1 : 0
21-
statements = ["Allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to use log-content in compartment id ${var.compartment_ocid} where target.loggroup.id=${oci_logging_log_group.log_group.id}",
22-
"Allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to manage objects in compartment id ${var.compartment_ocid} where all {target.bucket.name='${oci_objectstorage_bucket.tracker-bucket.name}', any {request.permission='OBJECT_INSPECT', request.permission='OBJECT_CREATE'}}",
23-
"Allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to read objectstorage-namespaces in compartment id ${var.compartment_ocid} where target.bucket.name='${oci_objectstorage_bucket.tracker-bucket.name}'",
24-
"allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to read buckets in compartment id ${var.compartment_ocid} where target.bucket.name='${oci_objectstorage_bucket.tracker-bucket.name}'",
21+
statements = ["Allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to use log-content in compartment id ${var.compartment_ocid}",
22+
"Allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to manage objects in compartment id ${var.compartment_ocid}",
23+
"Allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to read objectstorage-namespaces in compartment id ${var.compartment_ocid}",
24+
"allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to read buckets in compartment id ${var.compartment_ocid}",
2525
"Allow dynamic-group ${oci_identity_dynamic_group.FunctionsServiceDynamicGroup[0].name} to read data-safe-audit-events in tenancy"
2626
]
2727

0 commit comments

Comments
 (0)