General Steps for Creating an IAM Policy for Oracle Data Safe

Follow these general steps to create an IAM policy that grants a user group permissions on Oracle Data Safe resources.

As a tenancy administrator, from the navigation menu in Oracle Cloud Infrastructure, select Identity and Security, and then click Policies on the right.
The Policies page is displayed in Oracle Cloud Infrastructure Identity and Access Management (IAM).
Under List Scope, select the compartment in which you want to store the policy. You can select the root compartment, if needed.
Click Create Policy.
The Create Policy page is displayed.
Enter a name for your policy. No spaces are allowed. Only letters, numerals, hyphens, periods, and underscores are allowed.
Enter a brief description for your policy.
Select a different compartment if needed.
In the Policy Builder section, move the Show manual editor slider to the right.
A box is displayed where you can enter policy statements.
Enter one or more policy statements using the following syntax.
```
Allow group <group-name> to <verb> <resource-type> in compartment <compartment-name>
```
For <group-name>, enter the name of the IAM group to which the policy applies.

For <verb>, you can use inspect, read, use, or manage.

For <resource-type>, enter a resource that is used by Oracle Data Safe. For a list of resources, see OCI Resources for Oracle Data Safe.

For <compartment>, enter the name of the compartment that contains the resources to which you want to grant permissions.

To specify subcompartments in a policy statement, use the following syntax, where <parent-compartment> is the compartment under the root compartment and <child-compartment> is the compartment under the <parent-compartment>. You can add as many child compartments as needed separated by a colon.
```
allow group <group-name> to <verb> <resource-type> in compartment <parent-compartment>:<child-compartment>
```
To add tags, click Show Advanced Options and configure tags.
Click Create.