This image shows how authentication and authorization are modeled in Oracle Cloud Infrastructure Identity and Access Management (IAM).

You create users and groups. You then define policies that grant the required permissions to specific groups. Finally, you assign users to the appropriate groups.

A policy statement specifies who can access a given Oracle Cloud Infrastructure resource and what actions they can perform.