Set Up Service Instance
You can create an Oracle Access Governance instance in the Oracle Cloud Infrastructure Console. The steps below show you how to create an instance and verify its operation.
Note:
Oracle Access Governance is available in all the regions of the commercial realm. Full details about the regions can be referred to at Regions and Availability Domains.Related Topics
Prerequisites
Create and set up an Oracle Access Governance service instance and manage the agcs-instance resource.
The Oracle Cloud Infrastructure Identity and Access Management administrator or domain administrator must perform the following operations:
- To create Oracle Access Governance service instance, create a group and allow group permissions:
Read objectstorage-namespace resources in tenancy (root compartment) in a policy statement.
Manage agcs-instance resources for a given compartment or tenancy (root compartment) in a policy statement
- To update or delete an Oracle Access Governance service instance, create a group and allow that group permissions:
Manage agcs-instance resources for a given compartment or tenancy (root compartment) in a policy statement.
Note:
The Oracle Access Governance service instance must be created in your Home Region. If you try to create the instance outside your Home Region, the setup will fail. For more details, see Tenancy Home Region.Setup Policies for Tenancies using Identity Domains
Lists the required policies to create Oracle Access Governance an service instance.
Tenancy Admin
Allow group <domain_name>/<group_name> to manage all-resources in
tenancy
Compartment Admin
- Add the following policy statement in the root compartment of your
tenancy. This will fetch the tenancy namespace to create a service
instance.
Allow group <domain_name>/<group_name> to read objectstorage-namespace in tenancy
- Add the following policy statement in the compartment where you want
create the service
instance.
Allow group <domain_name>/<group_name> to manage all-resources in compartment <compartment_name>
Manage agcs-instance in tenancy
- Add the following policy statement in the root compartment of your
tenancy. This will fetch the tenancy namespace to create a service
instance.
Allow group <domain_name>/<group_name> to read objectstorage-namespace in tenancy
- Add the following policy statement in the compartment where you want
create the service
instance
Allow group <domain_name>/<group_name> to manage agcs-instance in tenancy
With ‘manage agcs-instance’ in a compartment
- Add the following policy statement in the root compartment of your
tenancy. This will fetch the tenancy namespace to create a service
instance.
Allow group <domain_name>/<group_name> to read objectstorage-namespace in tenancy
- Add the following policy statement in the compartment where you want
create the service
instance
Allow group <domain_name>/<group_name> to manage agcs-instance in compartment <compartment_name>
Setup Policies for Tenancies NOT using Identity Domains
Lists the required policies to create an Oracle Access Governance service instance with tenancies not using Identity Domains.
Tenancy Admin
Allow group <group_name> to manage all-resources in
tenancy
Compartment Admin
- Add the following policy statement in the root compartment of your tenancy. This will fetch the tenancy namespace to create a service instance.
Allow group <group_name> to read objectstorage-namespace in tenancy
- Add the following policy statement in the compartment where you want create the service instance
Allow group <group_name> to manage all-resources in compartment <compartment_name>
Manage agcs-instance in tenancy
- Add the following policy statement in the root compartment of your tenancy. This will fetch the tenancy namespace to create a service instance.
Allow group <group_name> to read objectstorage-namespace in tenancy
- Add the following policy statement in the compartment where you want create the service instance.
Allow group <group_name> to manage agcs-instance in tenancy
With ‘manage agcs-instance’ in a compartment
- Add the following policy statement in the root compartment of your tenancy. This will fetch the tenancy namespace to create a service instance.
Allow group <group_name> to read objectstorage-namespace in tenancy
- Add the following policy statement in the compartment where you want create the service instance
Allow group <group_name> to manage agcs-instance in compartment <compartment_name>
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.