Creating a Policy

This section describes the minimum setup IAM policies required to use JD Edwards EnterpriseOne Infrastructure Provisioning for Reference Architecture. The user who is running the Infrastructure Provisioning must have these policy settings for the group to which they belong. The tenancy administrator for Oracle Cloud Infrastructure is responsible for creating and assigning these requisite policies. If you are unsure of your policy settings you should check with the tenancy administrator.

Important: As described above, this procedure may only be necessary in certain regions or for certain classes of subscribers or users in Oracle Cloud Infrastructure.

For additional information on using policies in Oracle Cloud Infrastructure, refer to the documentation for Oracle Cloud Infrastructure in the Managing Policies.

Prerequisite

• The user interface for the Oracle Cloud Infrastructure Console is constantly evolving. For the most up-to-date descriptions and navigation, refer to Get to Know the Console.

• You should have a fundamental understanding of Oracle Cloud Infrastructure. It is highly recommended that you review the extensive collateral information, including training, at this site: Oracle Cloud Infrastructure

• You must have a subscription to Oracle Cloud Infrastructure and an Administrator account in the platform. For more information, refer to Getting Started with Oracle Cloud.
• To access the Oracle Cloud Infrastructure Console, you must use a supported browser. See Supported Browsers in Troubleshooting Signing In to the Console.

To create a policy using the Oracle Cloud Infrastructure Console, refer to Creating a Policy in Oracle Cloud Infrastructure Documentation.

In the Policy Builder section, click the Customize/Advanced button.

In the Policy Builder dialog, enter the following statements:

Allow group <group_name> to read announcements in tenancy

Allow group <group_name> to manage virtual-network-family in tenancy

Allow group <group_name> to manage load-balancers in tenancy

Allow group <group_name> to manage instance-family in tenancy

Allow group <group_name> to read app-catalog-listing in tenancy

Allow group <group_name> to manage volume-family in tenancy

Allow group <group_name> to manage file-family in tenancy

Allow group <group_name> to manage database-family in tenancy

Allow group <group_name> to manage autonomous-database-family in tenancy

Allow group <group_name> to manage keys in tenancy

Allow group <group_name> to manage dns in tenancy

Allow group <group_name> to manage object-family in tenancy

Allow group <group_name> to manage compartments in tenancy

Allow group <group_name> to manage tag-namespaces in tenancy

Allow group <group_name> to manage vaults in tenancy

Allow group <group_name> to manage secret-family in tenancy

where <group_name> is the name of group that you specified as described in the section of this Learning Path entitled "Creating a Group".