The Oracle Cloud Infrastructure policy specifies who has access to which resources in OCI. Policies simply allow a group to manage certain types of resources in a specific compartment in certain ways.

Policy basic Syntax:

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in compartment <compartment_name>

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in tenancy

Verbs:

inspect: Resource listing without access to confidential information or user-specified metadata.
read: It includes inspect as well as the ability to get user-specified metadata as well as the resource itself.
use: Includes reading and working with existing resources. Includes updating the resource, except for resource types where “update” has the same effect as “create”. In general, this verb doesn’t include the ability to create or delete.
manage: Includes all permissions associated with the resource.

Resource types:

all-resources: All Oracle Cloud Infrastructure resource-types
compute-management-family: Compute
database-family: Autonomous Database, Bare Metal and Virtual Machine DB Systems
virtual-network-family: Networking

Here are few Policy examples that I have come across with my projects

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read metrics in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log-groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read all-resources in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT 	

Allow group TEST_GROUP to manage cloud-shell in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to inspect file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage load-balancers in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage export-sets in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage cloud-shell in tenancy	

Allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in tenancy	

Allow group TEST_GROUP to manage vaults in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage keys in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage alarms in tenancy

Allow group TEST_GROUP to manage metrics in tenancy	
	
Allow group TEST_GROUP to manage bastion-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage tag-namespaces in tenancy	

Allow group TEST_GROUP to read users in tenancy	

Allow group TEST_GROUP to inspect users in tenancy	

Allow group TEST_GROUP to use users in tenancy	

allow group TEST_GROUP to manage dynamic-groups in tenancy

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT where request.resource.shape = 'VM.Standard.E2.1.Micro'

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage users in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage groups in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage policies in compartment TEST_COMPARTMENT

allow group Policy_Testing_group to manage compartments in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage policies in compartment TEST_COMPARTMENT

allow group TEST_GROUP to use cloud-shell in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage autonomous-database-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage db-systems in compartment TEST_COMPARTMENT

Happy Learning !!