Oracle Cloud Infrastructure Documentation

Create a Sandbox User for Tutorials

Create a sandbox user and a compartment for this user in an OCI tenancy. Then give this user access to all OCI resources only in this compartment.

Overview

You perform the following key tasks in the Console:

  • Create a sandbox user.
  • Create a compartment for this user.
  • Give permission to this user manage all OCI resources in this compartment.

Before You Begin

To successfully perform this tutorial, you must have the following configuration in place.

  • Access to an OCI tenancy.
  • Administrator permissions for the OCI tenancy. If you don't have admin rights to create users, groups, and compartments, then ask an administrator to perform the steps for you and then provide you with the username, temporary password, and compartment name.
  • Two supported browsers or two incognito windows of the same browser: one for the administrator that's creating the sandbox user and one for the sandbox user to complete setting up their account: <admin-browser> and <sandbox-user-browser>
Important

In the following sections, steps marked with (Admin) are to be performed by an Admin using the <admin-browser>, and steps labeled (Sandbox User) are to be completed using the sandbox user credentials in the <sandbox-user-browser>.

1. Create a User (Admin)

  1. Sign in to the Console by using a supported browser: <admin-browser>
  2. Open the navigation menu  and select Identity & Security. Under Identity, select Domains.
  3. For compartment, select the tenancy or the root compartment.
  4. Select a domain: <domain-name>. For example, Default.
  5. Select User management.
  6. Under Users, select Create.
  7. Enter a username: <sandbox-username>.
  8. Enter a description and provide a <sandbox-user-email> and select Create.
  9. Select Actions, and then Create/Reset password.
  10. Select Create/Reset password and copy and paste the password into a secure text file: <temporary-password>
  11. In the navigation bar, select the Profile icon, and write down the tenancy name: <tenancy-name>.

2. Reset Password (Sandbox User)

Done by Sandbox User
  1. In the <sandbox-user-browser> such as an incognito window, sign in to the Console.
  2. For Cloud Account Name, enter the <tenancy-name> and select Next.
  3. For identity domain, enter the <domain-name> from the previous section. For example, Default and then select, Next.
  4. Enter the <sandbox-username> and <temporary-password>.
  5. Enter the <temporary-password>, and set up a new <sandbox-user-password>.

3. Enable Multi-Factor Authentication (MFA) (Sandbox User)

  1. Sign in to the <sandbox-user-email> account that you provided for the sandbox user.
  2. Find the email to set up the new user's account.
    Example email title: Welcome to Oracle Cloud - Sign in and get started
  3. Copy the provided URL in the browser for the new user.
    Example: https://cloud.oracle.com/identity/verify/fxxx;tenant=xxx
  4. Conform that you get the following message in the browser: Email Activation Complete.
  5. On a mobile device, install Oracle Mobile Authenticator App.
  6. In the Console's top navigation bar, select the Profile menu and select User settings.
  7. Select Actions, and then Enable multi-factor authentication.
  8. Select Register using QR code.
  9. Open the Oracle Mobile Authenticator app, select Add Account, and scan the QR code displayed in the Console. If you need help, see Add an Account to the OMA App by Scanning the QR Code.
  10. Go back to the Console and confirm that in the User information page, MFA displays as Enabled.
  11. Select the Profile icon and sign out.

Test the MFA (Sandbox User)

  1. In the <sandbox-user-browser>, sign in to the Console.
  2. For Cloud Account Name, enter the <tenancy-name> and select Next.
  3. For identity domain, enter the <domain-name>. For example, Default and then select, Next.
  4. Enter the <sandbox-username> and <sandbox-user-password> and select Sign In.
  5. Open the Oracle Mobile Authenticator app, and for the <tenancy-name> <sandbox-username> account, get the generated passcode.
  6. In the browser, in the Multi-Factor Authentication window, enter the passcode and select Sign In.
    If the sign in succeeds, you land on the Console's home page.

4. Create a Group for the User (Sandbox User)

Done by Admin
  1. In the <admin-browser>, open the navigation menu  and select Identity & Security. Under Identity, select Domains.
  2. For compartment, select the tenancy or the root compartment.
  3. Select <domain-name>. For example, Default.
  4. Select User management.
  5. Under Groups, select Create group.
  6. Enter a name: <sandbox-group-name>.
  7. Enter a description for the group and select Create.
    After the group is created, you're brought to the <sandbox-group-name> detail page
  8. Select Users and then select Assign user to group.
  9. Select <sandbox-username> and then select Add.

5. Create a Compartment (Admin)

  1. In the <admin-browser>, open the navigation menu  and select Identity & Security. Under Identity, select Compartments.
  2. Select Create compartment.
  3. Enter a name: <sandbox-compartment>.
  4. Enter a description for the compartment, and for the Parent compartment, keep the root compartment or tenancy.
  5. Select Create compartment.
    After the compartment is created, you're brought to the Compartments list page. Write down the name of the <sandbox-compartment> for the next section.

6. Give Permission to User (Admin)

  1. In the <admin-browser>, open the navigation menu  and select Identity & Security. Under Identity, select Policies.
  2. Select Create Policy.
  3. Enter a name: <sandbox-user-policy>.
  4. Enter a description for the policy, and for compartment, keep the root compartment or tenancy.
  5. For Policy Builder, select Show manual editor.
  6. Paste the following policy into the editor and replace the variables with values you set for this tutorial. 
    allow group <sandbox-group-name> to manage all-resources in compartment <sandbox-compartment>
  7. Select Create.

7. Validate User Permissions (Sandbox User)

  1. Sign in to the Console.
  2. In the top navigation bar, change the region to US Midwest (Chicago).
  3. Open the navigation menu  and select Analytics & AI. Under AI Services, select Generative AI.
  4. For compartment, select <sandbox-compartment>.
    Important

    Make sure to perform tasks from other tutorials that reference this tutorial within your <sandbox-compartment>. You might not have permission to view or create resources in the tenancy or in other compartments.
  5. In the left navigation menu , select Chat.
  6. Select a Model from the list.
    If you have a list of models, then you have the correct permissions to work in this compartment.
  7. (Optional) Navigate to a different compartment and see if the model list disappears.
    Because you don't have permission to other compartments, the model list is empty.
  8. If you navigated to another compartment, switch back to <sandbox-compartment> to be ready for the next tutorials.