TheKoguryo's Tech Blog

 Version 2024-11-29

Warning

This content has been generated by machine translation. The translations are automated and have not undergone human review or validation.

6.4 Creating Policy

Step 1. Add Policy for the created group

  1. Open the navigation menu in the OCI console. Go to Identity & Security > Identity > Policies.

  2. In the lower left, specify the target Compartment as Root Compartment.

  3. Click Create Policy

  4. Enter policy information

    • Name: Enter “SandboxPolicy”

    • Description: Enter a description, Ex) same name as “SandboxPolicy”

    • Policy Statements:

      • Select “Show manual editor” to input directly.
      • Users in the SandboxGroup are set as follows to grant all permissions to the Sandbox Compartment.
    Allow group SandboxGroup to manage all-resources in compartment Sandbox
    

Step 2. Re-login the user to check the applied policy

  1. Log out of the existing user.

  2. Log back in as the new user you created earlier (eg sandboxer) belonging to the SandboxGroup group the policy is applied to.

  3. Open the navigation menu in the OCI console. Go to Compute > Instances.

  4. Resources within the Root Compartment are still invisible due to lack of authority. image-20220112133722387

  5. You will see the Sandbox Compartment in the Compartment selection menu as before. Production Compartments without permission are still invisible.

    image-20220112133826318

  6. Select the Sandbox Compartment to see the instances inside the Sandbox. Of course, since you have permission to manage the sandbox, you can also do everything else within the sandbox. image-20220112133951927



As an individual, this article was written with my personal time. There may be errors in the content of the article, and the opinions in the article are personal opinions.

Last updated on 11 Jan 2022