You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Oracle Cloud Infrastructure Identity and Access Management (IAM) controls who can access your resources and what actions they can perform. Combined with compartments, IAM provides a powerful framework for organising and securing your cloud environment.
Your tenancy is the root container for all OCI resources. When you sign up, your tenancy is created with:
Compartments are logical containers for organising resources:
Root Compartment (Tenancy)
├── Production
│ ├── Networking
│ ├── Compute
│ └── Databases
├── Development
│ ├── Networking
│ └── Compute
└── Shared-Services
├── Security
└── Monitoring
An IAM user is an identity that can:
Groups are collections of users that share the same permissions:
Group: NetworkAdmins
├── User: alice
├── User: bob
→ Policy: Allow group NetworkAdmins to manage virtual-network-family in compartment Networking
Policies are the mechanism for granting permissions in OCI. They use a human-readable syntax:
Allow group <group-name> to <verb> <resource-type> in compartment <compartment-name>
| Verb | Permissions |
|---|---|
| inspect | List resources and view metadata |
| read | Inspect + read the content of resources |
| use | Read + perform actions on existing resources |
| manage | Full control — create, update, delete |
Allow group Developers to manage instances in compartment Development
Allow group DBAdmins to manage database-family in compartment Databases
Allow group Auditors to inspect all-resources in tenancy
Allow group NetworkAdmins to manage virtual-network-family in compartment Networking
Common resource types:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.