Scribd Logo
Upload

Welcome to Scribd!

  • IAM

    Uploaded by

    sukkhin hegde
    5 views3 pages
    An identity domain in OCI represents a user population and associated configurations and security settings. Resources are organized into compartments, which are virtual containers that can hold resources from different regions. Compartments can be nested up to 6 levels deep and quotas and budgets can be applied to individual compartments. Authentication is handled through API signing keys or auth tokens, while authorization is managed using policies that control permissions and can be attached to compartments or the entire tenancy. The tenancy administrator creates the tenancy and sets up the initial OCI administrator, who then creates users, groups, policies, and compartments within their own compartment.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An identity domain in OCI represents a user population and associated configurations and security settings. Resources are organized into compartments, which are virtual containers that can hold resources from different regions. Compartments can be nested up to 6 levels deep and quotas and budgets can be applied to individual compartments. Authentication is handled through API signing keys or auth tokens, while authorization is managed using policies that control permissions and can be attached to compartments or the entire tenancy. The tenancy administrator creates the tenancy and sets up the initial OCI administrator, who then creates users, groups, policies, and compartments within their own compartment.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    IAM

    Uploaded by

    sukkhin hegde
    An identity domain in OCI represents a user population and associated configurations and security settings. Resources are organized into compartments, which are virtual containers that can hold resources from different regions. Compartments can be nested up to 6 levels deep and quotas and budgets can be applied to individual compartments. Authentication is handled through API signing keys or auth tokens, while authorization is managed using policies that control permissions and can be attached to compartments or the entire tenancy. The tenancy administrator creates the tenancy and sets up the initial OCI administrator, who then creates users, groups, policies, and compartments within their own compartment.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Identity Domains: an identity domain represents a user population in OCI and associated

    configurations and security settings

    Oracle cloud ID (OCID) -> unique oracle-assigned identifier

    Compartments:

    Resources from different regions can be in the same compartment, it’s a virtual box where
    you can keep your resources.
     Compartments can have 6 levels (nested)
     You can set quotas and budgets to individual compartment
    AuthN and AuthZ
    Principals: IAM entities that are allowed to interact with OCI resources -> IAM Users and
    Resource Principals
    AuthN: API Signing Key (RSA key pair) , Auth Tokens
    AuthZ: what permissions do you have (policies)

    Policy can be attached to a compartment or a tenancy


    AuthZ in OCI: Allow <group_name> to <verb> <resource-type> in <location> where
    <condition>

    Tenancy Setup
    Tenancy admin -> creates an account/ modify and so on
    OCI admin -> set of user -> group -> policies -> own-compartment
    Use MFA
    Allow these policies for OCI admin so that they can use the privilege to grant or revoke the
    necessary permissions.
    Quiz

    You might also like