Disclaimer

Saturday, 31 January 2026

Create Bucket and IAM policy in OCI

 

Admin:-






sankar is in storage admin group







Storage Policy:- 



Resources

Statements

Edit Policy Statements

allow group STORAGE-ADMIN to manage buckets in compartment test-dev-cmp

allow group STORAGE-ADMIN to manage instance-family in compartment test-dev-cmp where request.permission != 'INSTANCE_DELETE'

allow group STORAGE-ADMIN to use virtual-network-family in compartment test-dev-cmp


allow group STORAGE-ADMIN to use subnets in compartment test-dev-cmp



Sankar:-




Admin:-



allow group STORAGE-ADMIN to manage users in compartment test-dev-cmp


Note:- Sankar will be able to see the users or not





In order to have a users, group , domain , it should be added at root level.

Policy should be at root level

Default Domain - that's why sankar is not able to see users


Admin:-









Creating Group -  IAM-Group




Creating Policy - IAM-Policy




Adding Sankar into group 




Sankar - still facing issue because of IAM policy 



Admin:- Manage Vs Read










Sankar:- Now Sankar is able to see by adding policy 






Policy :-









at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

SAML in OCI

  First, set the roles clearly (very important) Nizam → Apple employee Azure AD (or On-prem AD + ADFS/Okta) → Identity Provider (IdP) OCI ...