Disclaimer

Tuesday, 5 May 2026

IAM in OCI

 











This diagram shows how Identity and Access Management (IAM) works in Oracle Cloud Infrastructure

Let’s break it down in a clear way so you understand how access control is structured.

πŸ”· 1. IAM (Central Control Layer)

At the top is IAM, which acts like the security brain of OCI.
It decides:

  • Who can access (Identities)
  • What they can do (Permissions)

πŸ”· 2. Identities (Who is requesting?)

On the left side:

πŸ‘€ Users / Groups

  • Users = individual people (like you, admin, developer)
  • Groups = collection of users (e.g., “Developers”, “Admins”)

πŸ‘‰ Instead of giving permissions to each user, OCI recommends:

  • Add users to Groups
  • Assign permissions to the Group

πŸ’» Instances

  • These are compute resources (VMs) that can also act as identities
  • Example: A server accessing a database securely without storing passwords

πŸ”· 3. Permissions (What is allowed?)

On the right side:

πŸ“œ Policies

  • Policies define what actions are allowed

  • Written in simple language like:

    Allow group Developers to manage instances in compartment Dev

πŸ‘‰ Policies answer:

  • What action? (read, use, manage)
  • On which resource?
  • In which compartment?

πŸ”· 4. Compartments (Logical Containers)

In the middle:

  • Compartments are like folders to organize resources
  • Used for:
    • Access control
    • Billing separation
    • Resource organization

Example:

  • Dev Compartment
  • Test Compartment
  • Production Compartment

πŸ”· 5. Resources (What is being accessed?)

At the bottom:

These are actual OCI services like:

  • Compute (VMs)
  • Storage
  • Networking
  • Databases
  • Load Balancers

πŸ‘‰ IAM controls access to all these resources.

πŸ”· 6. Flow (How everything works together)

  1. A User (Identity) tries to access a resource
  2. OCI checks:
    • Which Group the user belongs to
  3. Then checks:
    • Policies attached to that group
  4. Policies are evaluated within:
    • Compartments
  5. If allowed → Access granted to Resources

πŸ”· 7. Identity Domains (Bottom Section of Diagram)

This is a newer concept in OCI IAM:

πŸ” Identity Domains

  • A separate identity management space inside a tenancy
  • Each domain can have:
    • Users
    • Groups
    • Authentication settings

πŸ‘‰ Example:

  • One domain for employees
  • One for external partners

Default domain:

  • Created automatically when OCI tenancy is set up

πŸ”· Simple Real-Life Analogy

Think of it like an office:

  • Users = Employees
  • Groups = Departments (HR, IT)
  • Policies = Rules (HR can access payroll, IT can manage servers)
  • Compartments = Office rooms (HR room, IT room)
  • Resources = Computers, files, systems
  • IAM = Security guard checking permissions 

at No comments:
Labels:
Subscribe to: Posts (Atom)

IAM in OCI

  This diagram shows how Identity and Access Management (IAM) works in Oracle Cloud Infrastructure .  Let’s break it down in a clear way so...