Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Fá
bio
Ga
br
iel
no do
n- s S
tra a
ns nto
fe s
ra M
ble as
lic i Fá
en bi
se o (
to fds
us ma
e si
th @
Lab 1-1 Practices
is gm
Gu a
ide il.c
. om
Identity and Access

)h
as
a
IAM Components - With
Identity Domains Enabled
Management (IAM): Create
 Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Overview

Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) lets you control who
has access to your cloud resources.

a
In this lab, we will help you create a compartment, group, user, and policy. We will also provide

as
the steps to create a dynamic group.

)h
. om
Note: Below instructions are for accounts with Identity Domains enabled.

ide il.c
In this lab, you’ll:

Gu a
is gm
a. Create a compartment

th @
e si
b. Create a user

us ma
c. Create a group, and add a user to the group
to fds
se o (

d. Create a policy
en bi
lic i Fá

e. Create a dynamic group

ble as
ra M
fe s
ns nto
tra a
n- s S
no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

6 Identity and Access Management: Create IAM Components - With Identity Domains Enabled
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Fá
bio
Ga
br
iel
no do
n- s S
tra a
ns nto
fe s
ra M
ble as
lic i Fá
en bi
se o (
to fds
us ma

Copyright © 2023, Oracle and/or its affiliates.

e si
th @

Identity and Access Management: Create IAM Components - With Identity Domains Enabled
is gm
Gu a
ide il.c
. om
)h
as
a

7
 Create a Compartment (With Identity Domains Enabled)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

A compartment is a collection of related resources. Compartments are fundamental

components of OCI and are used for organizing and isolating your cloud resources.

In this practice, you will learn how to create a compartment.

a
Tasks

as
)h
1. Sign in to the OCI Console.

. om
2. Open the Main Menu and select Identity & Security. Under Identity,

ide il.c
click Compartments. A list of the compartments to which you have access appears.

Gu a
is gm
3. Click Create Compartment.

th @
Do the following:

e si
4.

us ma
a. Name: Enter a unique name for the compartment. The name must be unique across
to fds
all the compartments in your tenancy.
se o (
en bi

b. Description: Enter a compartment-related description.

lic i Fá

c. Parent Compartment: The compartment you are in appears by default.

ble as
ra M

5. Click Create Compartment. The Child Compartment now appears in the list of
fe s

compartments.
ns nto
tra a
n- s S
no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

8 Identity and Access Management: Create IAM Components - With Identity Domains Enabled
 Create a User (With Identity Domains Enabled)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

A user is an individual employee or system that needs to manage or use your

company’s OCI resources.

In this practice, you’ll learn how to create a user.

a
Tasks

as
)h
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A

. om
list of domains in your tenancy appears.

ide il.c
2. Select the Domain that is allotted to you. Otherwise, you can click on the Default domain.

Gu a
is gm
3. Under Identity domain, click Users. A list of the users in your domain appears.

th @
Click Create User.

e si
4.

us ma
5. Enter the following: to fds
se o (

a. First Name: Enter first name of user.

en bi

b. Last Name: Enter last name of user.

lic i Fá
ble as

c. Username/Email: Enter an email address for the user.

ra M

d. Check the Use the same email address as the username. Do not select the
fe s
ns nto

Assign cloud account administrator role check box.

tra a
n- s S

6. Click Create. The user now appears in the list of users.

no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

Identity and Access Management: Create IAM Components - With Identity Domains Enabled 9
 Create a Group, and Add a User to the Group (With
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Identity Domains Enabled)

A group is a collection of users who need the same type of access to a particular compartment
or set of resources.

In this practice, you’ll learn how to create a group, and add a user to a group.

a
as
Tasks

)h
. om
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A

ide il.c
list of domains in your tenancy appears.

Gu a
is gm
2. Click on the Default domain.

th @
3. Under Identity domain, click Groups. A list of the groups in your domain appears.

e si
us ma
4. Select the Administrators group.
to fds
5. Click Assign User to Groups.
se o (

Select the user created earlier from the Users drop-down list, and then click Add. The user
en bi

6.
lic i Fá

now appears in the group.

ble as

7. Use the breadcrumb trail to go back to the Groups page and click Create Group.
ra M

8. Enter the following:

fe s
ns nto

a. Name: Enter a unique name for the group.

tra a
n- s S

b. Description: Enter a group-related description.

no do

9. Click Create. The group now appears in the list of groups.

iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

10 Identity and Access Management: Create IAM Components - With Identity Domains Enabled
 Create a Policy (With Identity Domains Enabled)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

A policy is a document that specifies who can access which resources, and how.

In this practice, you’ll learn how to create a policy.

Tasks

a
as
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.

)h
Click Create Policy.

. om
2.

ide il.c
3. Enter the following:

Gu a
is gm
a. Name: Enter a unique name for the policy.

th @
b. Description: Enter a policy-related description.

e si
us ma
c. Compartment: If you want to attach the policy to a compartment other than the one
to fds
you’re viewing, select it from the drop-down list. Remember, where the policy is
se o (

attached controls who can later modify or delete it.

en bi

In the Policy Builder section, click Show manual editor and enter the policy statement.
lic i Fá

4.
ble as

Note: A sample statement would look like the following:

ra M

allow group <group_name> to manage virtual-network-family in

fe s

compartment <compartment_name>
ns nto
tra a

5. Click Create. The policy now appears in the list of policies.

n- s S
no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

Identity and Access Management: Create IAM Components - With Identity Domains Enabled 11
 Create a Dynamic Group (With Identity Domains
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic

a
as
group.

)h
In this practice, you’ll learn how to create a dynamic group.

. om
ide il.c
Tasks

Gu a
is gm
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
list of domains in your tenancy appears.

th @
e si
us ma
2. Click on the Default domain.
to fds
3. Under Identity domain, click Dynamic Groups.
se o (

4. Click Create Dynamic Group.

en bi
lic i Fá

5. Enter the following:

ble as

a. Name: Enter a unique name for the group. The name must be unique across all groups
ra M

in your tenancy, including dynamic groups and user groups.

fe s

b. Description: Enter a friendly description.

ns nto
tra a

Enter the Matching Rules. Resources that meet the rule criteria are members of the
n- s S

6.
dynamic group.
no do

a. Rule 1: Enter a rule by following the guidelines in https://docs.oracle.com/en-

iel

us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
br

https://docs.oracle.com/en-
Ga

us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
Note: You can manually enter the rule in the text box or launch the rule builder.
bio
Fá

− For example, to include all instances that are in a specific compartment, add a rule
with the following syntax:
instance.compartment.id = '<compartment_ocid>'

b. Enter additional rules as needed. To add a rule, click +Additional Rule.

7. Click Create. The dynamic group now appears in the list of dynamic groups.

Copyright © 2023, Oracle and/or its affiliates.

12 Identity and Access Management: Create IAM Components - With Identity Domains Enabled