Managing Policies
On Private Cloud Appliance, a policy is a named set of one or more policy statements. Policy statements grant permissions to users to access resources.
When designing access policies, remember the following policy characteristics:
-
The policy will apply to the compartment where you attach the policy and to all subcompartments of that compartment. Permissions granted in a particular compartment, including the tenancy, are inherited by all subcompartments of that compartment.
-
A user can be a member of more than one group. A group can be the subject of more than one policy. A policy can have up to 50 policy statements.
-
If some users need full access to the named resources and other users only need to use the resources, you need to create multiple groups and multiple policies. A tenancy can have up to 100 policies.
-
Users who have full access to resources in a subcompartment probably also need view or use access to related resources in that compartment and in parent compartments. For example, users who have access to create instances in a compartment might also need access to use tag namespaces to apply defined tags to the instances, or access to read images in a different compartment.