Oracle Cloud Infrastructure Identity and Access Management (IAM) Service lets you control who has access to your cloud resources.
Prerequisites:
1. You should have OCI account created.
2. OCI basic understanding
Login to your OCI and Create the Compartment
In left pane, Identity & Security -> Identity
-> Compartments then create your Compartment
Once you create, you should be able to see as –
Managing Users, Groups and Policies to Control
Access
We should
create a user, a group, and a security policy to understand the concept.
Again, login to OCI console and Menu -> Identity & Security -> Groups
Below are my policy statements –
Policy Statements
Allow group oci-testgroup1 to
inspect users in compartment vishwa-test1
Allow group oci-testgroup1 to
inspect groups in compartment vishwa-test1
Allow group oci-testgroup1 to use
users in compartment vishwa-test1 where
target.group.name != 'Administrators'
Allow group oci-testgroup1 to use
groups in compartment vishwa-test1 where
target.group.name != 'Administrators'
Now, create the new user:
Verify user permissions
a)
Go to the Menu, click Compute and
then click Instances.
b)
Try to select any compartment from the left menu.
c)
The message “You
don’t have permission to view these resources” appears. This is
normal as you did not add the user to the group where you associated the
policy.
Sign Out as ‘testuser01’
Add User to a Group
a)
Sign back in with the your Admin account.
b)
On the Menu click Identity & Security, and then click Users. From the Users list,
click the user account that you just created (for example, testuser01
) to go to the User Details page.
Go to the Menu, click Identity and select Groups.
The
message “Authorization
failed or requested resource not found” appears. This is
expected, since your user has no permission to modify groups. (Note: You may
instead get the "An unexpected error occurred" message instead. That
is also fine.)
Happy Learning!