Managing Dynamic Groups

Dynamic groups allow you to group compute instances and other resources as "principal" actors (similar to user groups). You can then create policies to permit the resources to make API calls against services. When you create a dynamic group, rather than adding members explicitly to the group, you instead define a set of matching rules to define the group members. Resources that match the rules are members of the group. For example, a rule could specify that all instances in a particular compartment are members of the dynamic group. The members can change dynamically as instances are launched and terminated in that compartment.

You can perform the following dynamic group management tasks:

Required Policy or Role

To manage identity domain settings, you must have one of the following access grants:
  • Be a member of the Administrators group
  • Be granted the Identity Domain Administrator role or the Security Administrator role
  • Be a member of a group granted manage domains

To understand more about policies and roles, see The Administrators Group, Policy, and Administrator Roles, Understanding Administrator Roles, and Understanding Policies.