What are the policies in Oracle Cloud Infrastructure (OCI)
In this article, we’ll discuss policies in Oracle Cloud Infrastructure and why policies are important.
What are policies
A Policy is a collection of one or more English sentences which provide permissions to a group that what the users in a group are allowed to do in OCI within a compartment or tenancy.
In other terms, a Policy is a document that specifies who can access what OCI resources in your tenancy.
The policy can be attached to a Compartment or Tenancy.
Important Note: To expedite your learning experience, you can join our interactive live training on Oracle Cloud Infrastructure. Click on the following link for more details:
Policy Basics
To control the access of resources, you have to write at least one policy and each policy consist of one or more policy statement.
Policies are written in a human-readable format.
By default, once a policy is created at the root level as:
ALLOW GROUP Administrators to manage all-resources IN TENANCY
Notice that the statements always begin with the word Allow. Policies only allow access; they cannot deny it.
Policy Syntax
A policy is nothing, it is just an English statement. The policy is written as follows:
Allow group <group_name> to <verb> <resource-type> in tenancy
Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name> where <condition>
A policy can be attached to a tenancy as well as a compartment level.
Policy Verb & Resource Type
Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name> where <condition>
Policy Verbs:
Verb | Type of access given |
inspect | Ability to list resources |
Read | inspect + ability to get user-specified metadata and the actual resource itself. |
Use | read + ability to work with existing resources (the actions vary by resource type). |
manage | Can do anything on the resources |
Policy Resource Type
Aggregate Resource Type | Individual Resource Type |
all-resources | |
database-family | db-systems, db-nodes, db-homes, databases |
instance-family | instance, instance-images, |
volume-family | volumes, volume-attachments, volume-backups |
Refer to the following video for the rest of the things about Policy such as various examples, policy inheritance, etc.
Hope you find this article and video useful and relevant. Please like, comment, and share the video and subscribe to our YouTube channel to get such amazing content.
Further Readings
How to create uses and groups in Oracle Cloud Infrastructure
The compartments in Oracle Cloud Infrastructure
How to create policies in Oracle Cloud Infrastructure
How to Create Virtual Cloud Network in Oracle Cloud Infrastructure