Tag Archives: ORACLECLOUD

Managing Policies in Oracle Cloud Infrastructure

Leave a reply

The Oracle Cloud Infrastructure policy specifies who has access to which resources in OCI. Policies simply allow a group to manage certain types of resources in a specific compartment in certain ways.

Policy basic Syntax:

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in compartment <compartment_name>

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in tenancy

Verbs:

inspect: Resource listing without access to confidential information or user-specified metadata.
read: It includes inspect as well as the ability to get user-specified metadata as well as the resource itself.
use: Includes reading and working with existing resources. Includes updating the resource, except for resource types where “update” has the same effect as “create”. In general, this verb doesn’t include the ability to create or delete.
manage: Includes all permissions associated with the resource.

Resource types:

all-resources: All Oracle Cloud Infrastructure resource-types
compute-management-family: Compute
database-family: Autonomous Database, Bare Metal and Virtual Machine DB Systems
virtual-network-family: Networking

Here are few Policy examples that I have come across with my projects

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read metrics in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log-groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read all-resources in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT 	

Allow group TEST_GROUP to manage cloud-shell in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to inspect file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage load-balancers in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage export-sets in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage cloud-shell in tenancy	

Allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in tenancy	

Allow group TEST_GROUP to manage vaults in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage keys in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage alarms in tenancy

Allow group TEST_GROUP to manage metrics in tenancy	
	
Allow group TEST_GROUP to manage bastion-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage tag-namespaces in tenancy	

Allow group TEST_GROUP to read users in tenancy	

Allow group TEST_GROUP to inspect users in tenancy	

Allow group TEST_GROUP to use users in tenancy	

allow group TEST_GROUP to manage dynamic-groups in tenancy

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT where request.resource.shape = 'VM.Standard.E2.1.Micro'

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage users in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage groups in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage policies in compartment TEST_COMPARTMENT

allow group Policy_Testing_group to manage compartments in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage policies in compartment TEST_COMPARTMENT

allow group TEST_GROUP to use cloud-shell in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage autonomous-database-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage db-systems in compartment TEST_COMPARTMENT

Happy Learning !!

Installation of OCI CLI in 10 minutes

Leave a reply

I choose server with Oracle Linux 8 on OCI always free to complete the setup

Update server before installing the CLI.

[root@testserver tmp]# sudo dnf update

Install Oracle Developer Tools

[root@testserver ~]# sudo dnf -y install oraclelinux-developer-release-el8

Install python

[root@testserver ~]# dnf install python36-oci-cli

Check the OCI CLI version

Setup the OCI to work with our Cloud Account

[root@testserver ~]# oci setup config

Provide OCI User Profile OCID – Profile -> User settings -> OCID

Provide OCI Tenancy OCID – Profile -> Tenancy details -> OCID

Provide region –> Number#10 or ap-mumbai-1

Need to upload the API key on OCI user which will be using for authentication

OCI User Profile -> User settings -> API Keys

Add API key -> Paste the public key

This Completes OCI CLI Setup – Lets validate the setup

[root@testserver ~]# oci iam availability-domain list

[root@testserver ~]# oci iam compartment list

Thank you !

Happy Learning !!