Oracle Cloud Infrastructure Documentation

Viewing User Information and Group Membership

On Private Cloud Appliance, you can show information about a user, including which groups the user is a member of.

When you know what groups a user belongs to, you can view policies that name those groups to find what authorizations the user has.

    1. In the Compute Web UI navigation menu, select Identity, then select Users.

      The Users list page shows all users of the tenancy because user accounts cannot be in different compartments. All user resources are in the tenancy.

    2. Select the name of the user for which you want more information.

    3. On the details page for that user account, scroll down to the Resources section and select Groups.

      The list of groups that this user is a member of is shown.

    4. To see the full list of members of a group, select the name of the group in the Groups list.

    5. To see what authorizations these users have, do the following:

      1. Select the Groups link in the breadcrumb at the top left of the group details page.

      2. In the left navigation panel on the groups list page, select Policies.

      3. Select a policy name from the list to view its details page.

      4. On the policy details page, scroll to the Resources section and view the policy statements to find statements that grant authorizations to the group that you are interested in. A particular group could be mentioned in more than one policy.

    1. Use the oci iam user list command to list all users.

      Copy the OCID of the user that you are interested in.

    2. Use the oci iam user list-groups command to list all groups that this user is a member of.

      Note the name of each group.

    3. Use the oci iam policy list command to show the statements in each policy.

      In the policy statements, look for the group name or any-user to see what authorizations a particular user has.

    To list all the members of a group, use the Compute Web UI or the API.

    For a complete list of CLI commands, flags, and options, see the Command Line Reference.

    1. Use the ListUsers operation to list all users.

    2. Use the ListUserGroupMemberships operation to do the following:

      • List all groups that have the specified user as a member. Specify the userId.

      • List all members of the specified group. Specify the groupID.

      • Determine whether the specified user is a member of the specified group. Specify both the userId and groupID.

    The ListPolicies operation does not show statements in policies. To see the statements in policies, use the Compute Web UI or the OCI CLI.

    For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.