Principals

 

Identity and Access Management (IAM)

Access IAM in Console

  • Click the three horizontal bars (sandwich) icon on the upper left corner of the OCI Console OCI --> Under Governance and Administration --> Identity

IAM Components

RESOURCE

  • The cloud objects that you create in OCI. 
  • Examples: Compute instances, Block volumes, VCNs, subnets, route tables, etc.

USER (A principle)

  • An IAM entity that is allowed to interact with OCI resources.
  • First IAM user = default administrator; admin sets up other IAM users and groups.
  • Users have no access by default, enforce the security principle of least privilege.
  • Users need to belong to a group.(Users → Groups)
  • Two types
    • IAM Users: Belong to Groups, individual people.
    • Instance Principles: Belong to Dynamic Groups, Instances and applications that make API calls against other OCI services, removing the need to configure user credentials or configuration file.

GROUP

  • A collection of users who all need the same access.

DYNAMIC GROUP

  • A collection of resources (instances) need the same access.
  • Defined using a matching rule (Dynamic membership)
  • Act as "principal" actors and can make API calls to services according to policies that you write for the dynamic group.

COMPARTMENT

  • Similar to the folder concept in a file system.
  • Can be used to separate resources for the purposes of measuring usage and billing, access, and isolation. 
  • It is common to create a compartment for each major part/project.
  • Can be nested up to six levels.

TENANCY

  • The root compartment that contains all other resources and compartments.

POLICY

  • A document that specifies who can access which resources, and how. 
  • Access is granted at the group and compartment level

HOME REGION

  • The region where your IAM resources reside. 

FEDERATION

  • Configured between an identity provider (IdP) and OCI service provider. 
  • Identity providers manage users and groups. OCI manages authorization.


Comments

Post a Comment

Popular posts from this blog

Exam Study

 In the left side sections (Study Guide), you will find a list of subjects that helps in the exam study.  I will be adding more pages to cover other subjects. Being an OCI Architect requires practical experience. I advise you to get a free account to practice your knowledge. To get OCI free access, follow this link Using the Oracle documentation, this study guide and practicing in your free Oracle OCI instance should help you to accomplish your goals and pass the OCI Architect Exam.  If you have questions, let me know in the comments and I will try to help.
Read more