Create an IAM Policy in an Identity Domain

Create a policy to grant permissions to users in a domain group to work with Oracle Cloud Infrastructure Process Automation instances within a specified tenancy or compartment.

Note:

This topic applies only to tenancies that use identity domains. See Differences Between Tenancies With and Without Identity Domains.

1. Open the navigation menu and click Identity & Security. Under Identity, click Policies.
2. Click Create Policy.
3. In the Create Policy window, enter a name (for example ProcessAutomationGroupPolicy) and a description.
4. In the Policy Builder, select Show manual editor and enter the required policy statements.

   Syntax:

   • allow group domain-name/group_name to verb resource-type in compartment compartment-name
   • allow group domain-name/group_name to verb resource-type in tenancy

   Example: allow group admin/oci-pa-admins to manage process-automation-instance in compartment PACompartment

   Note:

   If you omit the domain name, the default domain is assumed.

   This policy statement allows the oci-pa-admins group in the admin domain to manage instance process-automation-instance in compartment PACompartment.

   When defining policy statements, you can specify either verbs (as used in these steps) or permissions (typically used by power users).

   Want to learn more about policies?

   • See How Policies Work and Policy Reference.
   • See About IAM Policies for Process Automation.
5. If desired, you can add a policy to allow members of the group to view service metrics as described in View Service Metrics.
   For example: allow group oci-pa-admins to read metrics in compartment PACompartment
6. Click Create.
   The policy statements are validated and syntax errors (if any) are displayed.