What Changed
Added explicit IAM permissions guidance to the Oracle Cloud Infrastructure CCF connector UI prerequisites. The connector now clarifies that API signing keys provide authentication only, and users must configure separate OCI IAM policies for data stream consumption authorization.
Security Impact (Visibility & Fidelity)
This documentation enhancement addresses a configuration gap where users might assume API signing keys provide full access permissions. The new guidance prevents connector deployment failures and ensures proper least-privilege access controls are configured in OCI:
- Required IAM policy: Allow group placeholder-group-name to use stream-pull in compartment placeholder-compartment-name
- Authentication vs Authorization: API signing key handles authentication; IAM policy controls resource access
- Configuration clarity: Users now understand both authentication and authorization requirements before deployment
No impact on data ingestion quality or detection capability — this is a user experience improvement to prevent misconfigured connector deployments.
Affected Files
Solutions/Oracle Cloud Infrastructure/Data Connectors/Oracle_Cloud_Infrastructure_CCP/OCI_DataConnector_DataConnectorDefinition.json
(packaging artefacts: 3.0.10.zip, ReleaseNotes.md, Solution_OCILogs.json, mainTemplate.json)