Skip to content

OCI Permissions Reference

This section explains the required ACL policies for integrating Oracle Cloud Infrastructure with SailPoint Entro.


Required Permissions

Summary

SailPoint Entro requires a dedicated IAM user with read-only access. No administrative or write privileges are required.

Required Roles and Access

The integration requires the ability to enumerate compartments, users, keys, vaults and secrets to build a security graph.

Scope Name Purpose
inspect compartments List all compartments to discover resource locations.
inspect users Identify IAM users and their associated metadata.
inspect keys Enumerate encryption keys used for secrets.
inspect vaults Enumerate the vaults that hold encryption keys and secrets, so they can be discovered before their keys are inspected.
read secret-family Read the content of secrets for classification and risk scoring.

Security Notes

  • Least Privilege: Do not assign the user to the Administrators group.

  • Rotation: OCI allows a maximum of 3 API keys per user. Ensure you delete old keys before adding a 4th during rotation.