Oracle Cloud Infrastructure provider permissions - List of Oracle Cloud Infrastructure provider permissions for Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Allow dynamic-group registry-scan to manage buckets in tenancy

Tag-scoped (project_id)

Manage Object Storage buckets for scan artifacts/results

Allow dynamic-group registry-scan to manage objects in tenancy

Tag-scoped (project_id)

Upload/download image layers, manifests, and reports

Allow dynamic-group registry-scan to read secret-bundles in tenancy

Tag-scoped (project_id)

Retrieve registry credentials from OCI Vault

Endorse dynamic-group registry-scan to read repos in any-tenancy

Cross-tenancy

Allow cross-tenancy image pulls for scans

Allow any-user to manage buckets in tenancy

Tag-scoped (project_id)

Create/manage buckets for scan data

Allow any-user to manage objects in tenancy

Tag-scoped (project_id)

Read/write objects (artifacts, logs, results)

Allow any-user to use keys in tenancy

Tag-scoped (project_id)

Decrypt secrets for registry access

Allow any-user to manage secret-versions in tenancy

Tag-scoped (project_id)

Rotate credentials and manage secret versions

Allow any-user to manage secrets in tenancy

Tag-scoped (project_id)

Create/update secrets for scanners

Allow any-user to manage secret-family in tenancy

Tag-scoped (project_id)

Broader secret-management rights

Allow any-user to manage vaults in tenancy

Tag-scoped (project_id)

Create/administer Vaults for key and secret storage

Allow any-user to inspect tag-family in tenancy

Global

Discover tag namespaces/definitions

Allow any-user to use tag-family (namespace=cortex_cloud, managed_by=PANW)

Restricted

Restrict tag usage to Palo Alto-managed groups

Endorse any-group to use tag-namespaces in any-tenancy

Cross-tenancy

Allow tag namespace usage across tenancies