TheKoguryo's Tech Blog

 Version 2024.10.18

6. Using IAM to Set User Permissions

Identity and Access Management Service (IAM) is a function that controls users/groups accessing OCI, what services and resources they can use, and to what extent if they do use them.

  • Cloud Account (Tenancy) structure immediately after creation

    As shown in the figure, only the Root Compartment exists in Tenancy, and the user account used to apply for Cloud Account belongs to the Administrators group and is given the right to manage all resources in Tenancy.

    Actually, if you look at the Compartment, one more ManagedCompartmentForPaaS is created within the Root Compartment, but it is used internally for PaaS and you do not have the right to use it directly. Please note the benefits.

    Image


  • Resource

    A resource refers to all Cloud Objects created and used by OCI. These include Compute Instance, Block Storage, VCN, and more.

  • User

    A user is a person or system that accesses OCI to manage or use resources.

  • Group

    A group is a group of users who use a particular compartment or set of resources.

  • Compartment

    Compartment can be thought of as a resource group for resources to be managed collectively, such as resource management by department or project.

  • Policy

    IAM Policy is a policy that determines to what extent a specific group can use which resource within a specific Compartment. When the first Cloud Account is created, the administrator has all rights to the Root Compartment, configures detailed compartments, and grants rights to the group to be used for each compartment.



As an individual, this article was written with my personal time. There may be errors in the content of the article, and the opinions in the article are personal opinions.

Last updated on 10 Jan 2019