Warning
This content has been generated by machine translation. The translations are automated and have not undergone human review or validation.
6.4 Creating Policy
Step 1. Add Policy for the created group
Open the navigation menu in the OCI console. Go to Identity & Security > Identity > Policies.
In the lower left, specify the target Compartment as Root Compartment.
Click Create Policy
Enter policy information
Name: Enter “SandboxPolicy”
Description: Enter a description, Ex) same name as “SandboxPolicy”
Policy Statements:
- Select “Show manual editor” to input directly.
- Users in the SandboxGroup are set as follows to grant all permissions to the Sandbox Compartment.
Allow group SandboxGroup to manage all-resources in compartment Sandbox
Step 2. Re-login the user to check the applied policy
Log out of the existing user.
Log back in as the new user you created earlier (eg sandboxer) belonging to the SandboxGroup group the policy is applied to.
Open the navigation menu in the OCI console. Go to Compute > Instances.
Resources within the Root Compartment are still invisible due to lack of authority.
You will see the Sandbox Compartment in the Compartment selection menu as before. Production Compartments without permission are still invisible.
Select the Sandbox Compartment to see the instances inside the Sandbox. Of course, since you have permission to manage the sandbox, you can also do everything else within the sandbox.
As an individual, this article was written with my personal time. There may be errors in the content of the article, and the opinions in the article are personal opinions.