Certificate-based SDN connector user privileges
See the FortiOS Administration Guide.
When configuring a certificate-based OCI SDN connector in FortiOS, you must enter the OCID of an OCI user who belongs to the administrator group. The user should be added in a dedicated group. The following policy summarizes minimum sufficient privileges for this user:
- Allow dynamic-group <group_name> to read compartments in tenancy
- Allow dynamic-group <group_name> to read instances in tenancy
- Allow dynamic-group <group_name> to read vnic-attachments in tenancy
- Allow dynamic-group <group_name> to read private-ips in tenancy
- Allow dynamic-group <group_name> to read public-ips in tenancy
- Allow group <group_name> to manage private-ips in tenancy
-
Allow group <group_name> to manage public-ips in tenancy
-
Allow group <group_name> to manage vnics in tenancy