Permissions and Resources
This document outlines the permissions required for installing and operating various Sysdig features on Oracle Cloud, as well as the resources that will be created in your Oracle Cloud environment.
Base Integration - Cloud Security Posture Management (CSPM)
Agentless Cloud Security Posture Management (CSPM) assesses and manages the security posture of your cloud resources without requiring agents. It uses API access to gather information and identify potential security risks across the cloud infrastructure, providing a non-intrusive way to assess security configurations and compliance issues.
Permissions Required to Install
The Installer must have at least the following policies assigned in the root Compartment of the Tenancy being onboarded:
| Policy Statement | Description |
|---|---|
| Allow | Required to create the Admit policy in the root Compartment. |
| Allow | Required to create the CSPM User in the default identity domain. |
| Allow | Required to create the CSPM User Group in the default identity domain. |
Permissions Granted to Sysdig
Sysdig will be granted the following permissions in your tenancy:
| Policy | Policy Statement | Description |
|---|---|---|
AdmitSysdigSecureTenantOnboarding-XXXX | Admit group onboardingGroup of tenancy sysdigTenancy to inspect tenancies in tenancy | Allows Sysdig to retrieve Tenancy information |
AdmitSysdigSecureTenantOnboarding-XXXX | Admit group onboardingGroup of tenancy sysdigTenancy to inspect compartments in tenancy | Allows Sysdig to list compartments in your Tenancy. |
AllowSysdigSecureTenantConfigPosture-XXXX | Allow group SysdigSecureConfigPostureGroup-XXXX to read all-resources in tenancy | Allows Sysdig to list resources within your Tenancy. |
Resources Created
The following resources will be created in your Oracle Cloud Environment:
| Resource | Description |
|---|---|
oci_identity_policy | Cross Tenancy IAM Policy with the name AdmitSysdigSecureTenantOnboarding-XXXX. This policy is used to manage the lifecycle of your Sysdig integration. |
oci_identity_user | IAM User for CSPM. This will be created in the default identity domain. |
oci_identity_group | IAM Group for CSPM. This will be created in the default identity domain. |
oci_identity_policy | IAM Policy for CSPM. |
oci_identity_api_key | API Key for the CSPM User. This key will be used to access this User from the Sysdig Backend. |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
