OCI IAM Policy

by Felix liu

OCI official document

https://docs.oracle.com/en-us/iaas/Content/Identity/policyreference/policyreference.htm

Readonly User Group 

ALLOW GROUP felix_readonly to manage all-resources IN TENANCY
ALLOW GROUP OracleIdentityCloudService/felix_readonly_IDCS to read all-resources in tenancy

ALLOW GROUP OracleIdentityCloudService/felix_readonly_IDCS to read all-resources in tenancy
ALLOW GROUP OracleIdentityCloudService/felix_readonly_IDCS to read all-resources in compartment felix-sandbox

User policy with specfic region

https://docs.oracle.com/en-us/iaas/Content/Identity/policyreference/policyreference_topic-General_Variables_for_All_Requests.htm

Allow group OracleIdentityCloudService/website-argentina to manage all-resources in compartment website:website_argentina where request.region = 'GRU'
Allow group website-argentina to manage all-resources in compartment website:website_argentina where request.region = 'GRU'

Cost and Usage Reports:

define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq

endorse group <group> to read objects in tenancy usage-report

BillAdmin

Allow group BillAdmin to read usage-report in tenancy

Allow group BillAdmin to manage usage-report in tenancy
Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *