IAM Policies
In Oracle Cloud Infrastructure Identity and Access Management (IAM), a tenancy administrator can create policies to grant permissions to groups on resources in compartments in a tenancy. Regular IAM users do not require policies to access and use Oracle Data Safe. Oracle Data Safe administrators, however, do require a policy.
This article has the following topics:
Parent topic: Administration and Security
Basic Syntax for Policies
A policy is a document that consists of one or more statements. A policy statement follows this basic syntax:
Allow group <group_name> to <verb><resource-type> in compartment <compartment_name>
Policy language uses simple verbs like inspect
, read
, use
, and manage
.
Parent topic: IAM Policies
Example of IAM Policies
The diagram above shows three Oracle Cloud Infrastructure Identity and Access Management (IAM) groups and policies that provide the groups access to compartments.
The IT-Compliance
group, which ensures legal compliance
related to data protection, is granted permission to manage
all
resources in the Project A compartment. The Project A compartment consists of a Finance
database and block volumes.
The IT-Security
group, which provides test data to
developers and testers, is granted permission to manage
all resources
in the Project B compartment. The Project B compartment consists of a Sales database and
block volumes.
The Data-Safe-Admins
group is responsible for enabling Oracle Data Safe and managing privileges in Oracle Data Safe. This group is granted permission to manage
Oracle Data Safe and inspect
groups in the tenancy.
Parent topic: IAM Policies
Related Content
The following Oracle Cloud Infrastructure documentation discusses how to create policies in IAM:
Parent topic: IAM Policies