The Oracle Cloud Infrastructure policy specifies who has access to which resources in OCI. Policies simply allow a group to manage certain types of resources in a specific compartment in certain ways.
Policy basic Syntax:
Allow group <group_name> | <group_ocid> to <verb> <resource-type> in compartment <compartment_name>
Allow group <group_name> | <group_ocid> to <verb> <resource-type> in tenancy
Verbs:
inspect: Resource listing without access to confidential information or user-specified metadata.
read: It includes inspect as well as the ability to get user-specified metadata as well as the resource itself.
use: Includes reading and working with existing resources. Includes updating the resource, except for resource types where “update” has the same effect as “create”. In general, this verb doesn’t include the ability to create or delete.
manage: Includes all permissions associated with the resource.
Resource types:
all-resources: All Oracle Cloud Infrastructure resource-types
compute-management-family: Compute
database-family: Autonomous Database, Bare Metal and Virtual Machine DB Systems
virtual-network-family: Networking
Admin:-
sankar is in storage admin group
Storage Policy:-
Resources
Statements
Edit Policy Statements
Sankar:-
Admin:-
allow group STORAGE-ADMIN to manage users in compartment test-dev-cmp
Note:- Sankar will be able to see the users or not
In order to have a users, group , domain , it should be added at root level.
Policy should be at root level
Default Domain - that's why sankar is not able to see users
Admin:-
Creating Group - IAM-Group
Creating Policy - IAM-Policy
Adding Sankar into group
Sankar - still facing issue because of IAM policy
Admin:- Manage Vs Read
Sankar:- Now Sankar is able to see by adding policy
Policy :-
No comments:
Post a Comment