A group can be defined as the collection of users who all require a particular type of access to a set of resources or compartments.

First, a user or a group of user needs to authenticate (AuthN) in Oracle Cloud Infrastructure using any of these methods:

Authentication (AuthN) generally verifies the identity of a person and ensures that they are who they claim to be. An Identity Domain represents a user population in OCI with its associated configuration and security settings. A user belongs to a group that has the same type of access to resources. When a user joins OCI, a tenancy is created. The tenancy is the root compartment which contains all the available resources. For tenancy setup, it is best practice to enforce Multi-Factor Authentication.

After successful authentication, policies are written for the user that specify which resources can be accessed by that particular group. Policies can be applied to the tenancy as well as dedicated compartments. A policy allows a group to work in certain ways with specific types of resources in a particular compartment. Policies can be formulated as follows:

  1. Allow group <group-name> to <verb><resource-type> in tenancy.
  2. Allow group <group-name> to <verb><resource-type> in compartment <compartment-name> [where <condition>].

A compartment is a logical isolation for resources and has various features:

  1. It is the collection of related resources.
  2. Each resource belongs to a single compartment but can move from one compartment to another. 
  3. Resources in different compartments can interact with each other.
  4. Users can set quotas and budgets on compartments.

A resource is a cloud object that you create and use in OCI, such as compute instances, block storage volumes, and virtual cloud networks. Each resource has a unique, Oracle-assigned identifier called Oracle Cloud ID (OCID). An OCID can have the following format:

ocid1. <resources-type>. <realm>. [region]. [Future Use]. <unique Id>

By utilizing compartments and their corresponding policies, users can access required resources they need.