Create an IAM Policy

Create a policy to grant permission to users in a group to work with Oracle Cloud Infrastructure Process Automation instances within a specified tenancy or compartment.

Note:

This topic applies only to tenancies that do not use identity domains. See Differences Between Tenancies With and Without Identity Domains.

1. Open the navigation menu and click Identity & Security. Under Identity, click Policies.
2. Click Create Policy.
3. In the Create Policy window, enter a name (for example, ProcessAutomationGroupPolicy) and a description.
4. In the Policy Builder, select Show manual editor and enter the required policy statements.

   Syntax:

   • allow group group_name to verb resource-type in compartment compartment-name
   • allow group group_name to verb resource-type in tenancy

   Example: allow group oci-ocipa-admins to manage process-automation-instance in compartment PACompartment

   This policy statement allows the oci-ocipa-admins group to manage instance process-automation-instance in compartment PACompartment.

   Want to learn more about policies?

   • See How Policies Work and Policy Reference.
   • See About IAM Policies for Process Automation.
5. If desired, you can add a policy to allow members of the group to view service metrics as described in View Service Metrics.
   For example: allow group oci-ocipa-admins to read metrics in compartment PACompartment
6. Click Create.
   The policy statements are validated and syntax errors (if any) are displayed.