Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Fá
bio
Ga
br
iel
no do
n- s S
tra a
ns nto
fe s
ra M
ble as
lic i Fá
en bi
se o (
to fds
us ma
e si
th @
Lab 1-2 Practices
is gm
Gu a
ide il.c
. om
Identity and Access

)h
as
a
Identity Domains Enabled
Management (IAM): Create
IAM Components - Without
 Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Overview

Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) lets you control who
has access to your cloud resources.

a
In this lab, we will help you create a compartment, group, user, and policy. We will also provide

as
the steps to create a dynamic group.

)h
. om
Note: Below instructions are for accounts without Identity Domains enabled.

ide il.c
In this lab, you’ll:

Gu a
is gm
a. Create a compartment

th @
e si
b. Create a user

us ma
c. Create a group, and add a user to the group
to fds
se o (

d. Create a policy
en bi
lic i Fá

e. Create a dynamic group

ble as
ra M
fe s
ns nto
tra a
n- s S
no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

14 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Fá
bio
Ga
br
iel
no do
n- s S
tra a
ns nto
fe s
ra M
ble as
lic i Fá
en bi
se o (
to fds
us ma

Copyright © 2023, Oracle and/or its affiliates.

e si
th @
is gm

Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
Gu a
ide il.c
. om
)h
as
a

15
 Create a Compartment (Without Identity Domains
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Enabled)
A compartment is a collection of related resources. Compartments are fundamental
components of OCI and are used for organizing and isolating your cloud resources.

In this practice, you will learn how to create a compartment.

a
as
Tasks

)h
. om
1. Sign in to the OCI Console.

ide il.c
2. Open the Main Menu and select Identity & Security. Under Identity,

Gu a
is gm
click Compartments. A list of the compartments to which you have access appears.

th @
3. Under Child Compartment, click Create Compartment.

e si
Do the following:

us ma
4.

a.
to fds
Name: Enter a unique name for the compartment. The name must be unique across
all the compartments in your tenancy.
se o (
en bi

Description: Enter a compartment-related description.

lic i Fá

b.

Parent Compartment: The compartment you are in appears by default. To choose

ble as

c.
another compartment in which to create this compartment, select from the drop-
ra M

down list.
fe s
ns nto

5. Click Create Compartment. The Child Compartment now appears in the list of
tra a

compartments.
n- s S
no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

16 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
 Create a User (Without Identity Domains Enabled)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

A user is an individual employee or system that needs to manage or use your

company’s OCI resources.

In this practice, you’ll learn how to create a user.

a
Tasks

as
)h
1. Open the Main Menu and select Identity & Security. Under Identity, click Users. A list of

. om
users in your tenancy appears.

ide il.c
2. Click Create User.

Gu a
is gm
3. Enter the following:

th @
a. Name: Enter a unique name or email address for the user.

e si
us ma
b. Description: This value could be the user’s full name, a nickname, or any other
to fds
descriptive information.
se o (

c. Email: Enter an email address for the user. This email address is used for
en bi
lic i Fá

password recovery.
ble as

4. Click Create. The user now appears in the list of users.

ra M
fe s
ns nto
tra a
n- s S
no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

Identity and Access Management: Create IAM Components - Without Identity Domains Enabled 17
 Create a Group, and Add a User to the Group (Without
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Identity Domains Enabled)

A group is a collection of users who need the same type of access to a particular compartment
or set of resources.

In this practice, you’ll learn how to create a group, and add a user to a group.

a
as
Tasks

)h
. om
1. Open the Main Menu and select Identity & Security. Under Identity, click Groups. A list

ide il.c
of the groups in your tenancy appears.

Gu a
is gm
2. Click on the Administrators group.

th @
3. Click Add User to Group.

e si
us ma
4. Select the user created earlier from the Users drop-down list, and then click Add. The user
now appears in the group.
to fds
se o (

5. Use the breadcrumb trail to go back to the Groups page and click Create Group.
en bi
lic i Fá

6. Enter the following:

ble as

a. Name: Enter a unique name for the group.

ra M
fe s

b. Description: Enter a group-related description.

ns nto
tra a

7. Click Create. The group now appears in the list of groups.

n- s S
no do
iel
br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

18 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
 Create a Policy (Without Identity Domains Enabled)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

A policy is a document that specifies who can access which resources, and how.

In this practice, you’ll learn how to create a policy.

Tasks

a
as
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.

)h
Choose a compartment.

. om
2.

ide il.c
3. A list of the policies in the compartment you’re currently viewing appears.

Gu a
is gm
4. Click Create Policy.

th @
5. Enter the following:

e si
us ma
a. Name: Enter a unique name for the policy.
to fds
b. Description: Enter a policy-related description.
se o (
en bi

c. Compartment: If you want to attach the policy to a compartment other than the one
lic i Fá

you’re viewing, select it from the drop-down list. Remember, where the policy is
ble as

attached controls who can later modify or delete it.

ra M

6. In the Policy Builder section, click Show manual editor and enter the policy statement.
fe s
ns nto

Note: A sample statement would look like the following:

tra a
n- s S

allow group <group_name> to manage virtual-network-family in

compartment <compartment_name>
no do
iel

7. Click Create. The policy now appears in the list of policies.

br
Ga
bio
Fá

Copyright © 2023, Oracle and/or its affiliates.

Identity and Access Management: Create IAM Components - Without Identity Domains Enabled 19
 Create a Dynamic Group (Without Identity Domains
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic

a
as
group.

)h
In this practice, you’ll learn how to create a dynamic group.

. om
ide il.c
Tasks

Gu a
is gm
1. Open the Main Menu and select Identity & Security. Under Identity, click Dynamic
Groups.

th @
e si
us ma
2. Click Create Dynamic Group.
to fds
3. Enter the following:
se o (

a. Name: Enter a unique name for the group. The name must be unique across all groups
en bi

in your tenancy, including dynamic groups and user groups.

lic i Fá

b. Description: Enter a friendly description.

ble as
ra M

4. Enter the Matching Rules. Resources that meet the rule criteria are members of the
dynamic group.
fe s
ns nto

a. Rule 1: Enter a rule by following the guidelines in https://docs.oracle.com/en-

tra a

us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
n- s S

https://docs.oracle.com/en-
no do

us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
Note: You can manually enter the rule in the text box or launch the rule builder.
iel
br

− For example, to include all instances that are in a specific compartment, add a rule
Ga

with the following syntax:

bio

instance.compartment.id = '<compartment_ocid>'
Fá

b. Enter additional rules as needed. To add a rule, click +Additional Rule.

5. Click Create. The dynamic group now appears in the list of dynamic groups.

Copyright © 2023, Oracle and/or its affiliates.

20 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled