IAM and Compartments

Oracle Cloud Infrastructure Identity and Access Management (IAM) controls who can access your resources and what actions they can perform. Combined with compartments, IAM provides a powerful framework for organising and securing your cloud environment.

---

Tenancy and Compartments

Tenancy

Your tenancy is the root container for all OCI resources. When you sign up, your tenancy is created with:

• A home region — where your IAM resources are mastered
• A root compartment — the top-level compartment (same OCID as the tenancy)
• An administrator user — the initial user with full access

Compartments

Compartments are logical containers for organising resources:

• Every resource belongs to exactly one compartment
• Compartments can be nested up to six levels deep
• IAM policies are applied at the compartment level
• Resources in a compartment can interact with resources in other compartments (if policies allow)

Root Compartment (Tenancy)
├── Production
│   ├── Networking
│   ├── Compute
│   └── Databases
├── Development
│   ├── Networking
│   └── Compute
└── Shared-Services
    ├── Security
    └── Monitoring

Compartment Best Practices