Identify and Acess Management Lab 1 - Practices 2
Identify and Acess Management Lab 1 - Practices 2
Fá
bio
Ga
br
iel
no do
n- s S
tra a
ns nto
fe s
ra M
ble as
lic i Fá
en bi
se o (
to fds
us ma
e si
th @
Lab 1-2 Practices
is gm
Gu a
ide il.c
. om
Identity and Access
)h
as
a
Identity Domains Enabled
Management (IAM): Create
IAM Components - Without
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) lets you control who
has access to your cloud resources.
a
In this lab, we will help you create a compartment, group, user, and policy. We will also provide
as
the steps to create a dynamic group.
)h
. om
Note: Below instructions are for accounts without Identity Domains enabled.
ide il.c
In this lab, you’ll:
Gu a
is gm
a. Create a compartment
th @
e si
b. Create a user
us ma
c. Create a group, and add a user to the group
to fds
se o (
d. Create a policy
en bi
lic i Fá
14 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Fá
bio
Ga
br
iel
no do
n- s S
tra a
ns nto
fe s
ra M
ble as
lic i Fá
en bi
se o (
to fds
us ma
Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
Gu a
ide il.c
. om
)h
as
a
15
Create a Compartment (Without Identity Domains
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Enabled)
A compartment is a collection of related resources. Compartments are fundamental
components of OCI and are used for organizing and isolating your cloud resources.
a
as
Tasks
)h
. om
1. Sign in to the OCI Console.
ide il.c
2. Open the Main Menu and select Identity & Security. Under Identity,
Gu a
is gm
click Compartments. A list of the compartments to which you have access appears.
th @
3. Under Child Compartment, click Create Compartment.
e si
Do the following:
us ma
4.
a.
to fds
Name: Enter a unique name for the compartment. The name must be unique across
all the compartments in your tenancy.
se o (
en bi
b.
c.
another compartment in which to create this compartment, select from the drop-
ra M
down list.
fe s
ns nto
5. Click Create Compartment. The Child Compartment now appears in the list of
tra a
compartments.
n- s S
no do
iel
br
Ga
bio
Fá
16 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
Create a User (Without Identity Domains Enabled)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
a
Tasks
as
)h
1. Open the Main Menu and select Identity & Security. Under Identity, click Users. A list of
. om
users in your tenancy appears.
ide il.c
2. Click Create User.
Gu a
is gm
3. Enter the following:
th @
a. Name: Enter a unique name or email address for the user.
e si
us ma
b. Description: This value could be the user’s full name, a nickname, or any other
to fds
descriptive information.
se o (
c. Email: Enter an email address for the user. This email address is used for
en bi
lic i Fá
password recovery.
ble as
Identity and Access Management: Create IAM Components - Without Identity Domains Enabled 17
Create a Group, and Add a User to the Group (Without
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you’ll learn how to create a group, and add a user to a group.
a
as
Tasks
)h
. om
1. Open the Main Menu and select Identity & Security. Under Identity, click Groups. A list
ide il.c
of the groups in your tenancy appears.
Gu a
is gm
2. Click on the Administrators group.
th @
3. Click Add User to Group.
e si
us ma
4. Select the user created earlier from the Users drop-down list, and then click Add. The user
now appears in the group.
to fds
se o (
5. Use the breadcrumb trail to go back to the Groups page and click Create Group.
en bi
lic i Fá
18 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled
Create a Policy (Without Identity Domains Enabled)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
A policy is a document that specifies who can access which resources, and how.
Tasks
a
as
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.
)h
Choose a compartment.
. om
2.
ide il.c
3. A list of the policies in the compartment you’re currently viewing appears.
Gu a
is gm
4. Click Create Policy.
th @
5. Enter the following:
e si
us ma
a. Name: Enter a unique name for the policy.
to fds
b. Description: Enter a policy-related description.
se o (
en bi
c. Compartment: If you want to attach the policy to a compartment other than the one
lic i Fá
you’re viewing, select it from the drop-down list. Remember, where the policy is
ble as
6. In the Policy Builder section, click Show manual editor and enter the policy statement.
fe s
ns nto
Identity and Access Management: Create IAM Components - Without Identity Domains Enabled 19
Create a Dynamic Group (Without Identity Domains
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic
a
as
group.
)h
In this practice, you’ll learn how to create a dynamic group.
. om
ide il.c
Tasks
Gu a
is gm
1. Open the Main Menu and select Identity & Security. Under Identity, click Dynamic
Groups.
th @
e si
us ma
2. Click Create Dynamic Group.
to fds
3. Enter the following:
se o (
a. Name: Enter a unique name for the group. The name must be unique across all groups
en bi
4. Enter the Matching Rules. Resources that meet the rule criteria are members of the
dynamic group.
fe s
ns nto
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
n- s S
https://docs.oracle.com/en-
no do
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
Note: You can manually enter the rule in the text box or launch the rule builder.
iel
br
− For example, to include all instances that are in a specific compartment, add a rule
Ga
instance.compartment.id = '<compartment_ocid>'
Fá
5. Click Create. The dynamic group now appears in the list of dynamic groups.
20 Identity and Access Management: Create IAM Components - Without Identity Domains Enabled