Preparing OCI
Before registering your Oracle Cloud Infrastructure (OCI) application instance with Oracle CASB Cloud Service, create and configure a dedicated OCI user account.
Prerequisite: Ensure that you have a public/private key pair available to use with OCI.
The steps below guide you through performing four tasks in OCI:
-
Creating an identity account, or user.
- Getting the public key for the user from Oracle CASB Cloud Service.
-
Creating an identity group.
-
Assigning the identity account, or user to the identity group.
-
Creating an identity policy to grant access privileges to the group that includes the user.
-
This is the simplest policy, very convenient for non-production environments:
Allow group YourGroupNameGoesHere to read all-resources in tenancy
-
These are the entries for the tightest policy, with the minimal set of privileges required for production:
Allow group YourGroupNameGoesHere to inspect all-resources in tenancy
Allow group YourGroupNameGoesHere to read audit-events in tenancy
Allow group YourGroupNameGoesHere to read object-family in tenancy where request. operation='GetBucket'
Allow group YourGroupNameGoesHere to read instance-family in tenancy where any { request.operation-'ListInstances', request.operation='GetInstance
}Allow group YourGroupNameGoesHere to read users in tenancy where any
{ request.operation-'ListApiKeys', request.operation=ListSwiftPasswords
}
-
Note:
Oracle CASB Cloud Service uses OCI SDK 1.2.28 to monitor the us-ashburn-1, us-phoenix-1, and eu-frankfurt-1 regions.