Enter your keyword


What are the policies in Oracle Cloud Infrastructure (OCI)

What are the policies in Oracle Cloud Infrastructure (OCI)

In this article, we’ll discuss policies in Oracle Cloud Infrastructure and why policies are important.

What are policies

A Policy is a collection of one or more English sentences which provide permissions to a group that what the users in a group are allowed to do in OCI within a compartment or tenancy.

In other terms, a Policy is a document that specifies who can access what OCI resources in your tenancy.

The policy can be attached to a Compartment or Tenancy.

Important Note: To expedite your learning experience, you can join our interactive live training on Oracle Cloud Infrastructure. Click on the following link for more details:

Oracle Cloud Infrastructure (OCI) Training

Policy Basics

To control the access of resources, you have to write at least one policy and each policy consist of one or more policy statement.

Policies are written in a human-readable format.

By default, once a policy is created at the root level as:

ALLOW GROUP Administrators to manage all-resources IN TENANCY

Notice that the statements always begin with the word Allow. Policies only allow access; they cannot deny it.

Policy Syntax

A policy is nothing, it is just an English statement. The policy is written as follows:

Allow group <group_name> to <verb> <resource-type> in tenancy
Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name> where <condition>

A policy can be attached to a tenancy as well as a compartment level.

Policy Verb & Resource Type

Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name> where <condition>

Policy Verbs:

Verb Type of access given
inspect Ability to list resources
Read inspect + ability to get user-specified metadata and the actual resource itself.
Use read + ability to work with existing resources (the actions vary by resource type).
manage Can do anything on the resources

Policy Resource Type

Aggregate Resource Type Individual Resource Type
database-family db-systems, db-nodes, db-homes, databases
instance-family instance, instance-images,
volume-family volumes, volume-attachments, volume-backups

Refer to the following video for the rest of the things about Policy such as various examples, policy inheritance, etc.

Hope you find this article and video useful and relevant. Please like, comment, and share the video and subscribe to our YouTube channel to get such amazing content.

Further Readings

How to create uses and groups in Oracle Cloud Infrastructure

The compartments in Oracle Cloud Infrastructure

How to create policies in Oracle Cloud Infrastructure

How to Create Virtual Cloud Network in Oracle Cloud Infrastructure