When you subscribe to OCI you get a default administrator account.
So your first task may be to create other users and assign permissions to them.
Users can be natural persons or applications.
But first to some OCI concepts -
1. Regions - OCI is hosted in regions - different physical locations in the world e.g. Phoenix US, London UK, Frankfurt DE.
2. Availability Domains (AD) - Within a Region I have Availability Domains, which are isolcated from each other, thus giving me High Availability OOTB. Some OCI resources you create, e.g. storage volumes are AD specific.
3. Tenancy - essentially your account - your slice of OCI.
4. Compartments - containers you can define within your tenancy so you can organise and isolate the resources you create. For example, a large organization could assign different compartments to departments etc. Compartments are logical as opposed to the physical Regions and ADs. Resources can be shared across compartments.
Users, Roles and Policies
So let's try this out...
Now I create a Compartment -
Next comes a Policy - it will give my group permissions within the compartment
The policy I create is as follows -
Allow group niallcOCI-usersGroup to manage all-resources in compartment niallCCompartment
The Policy is created -
Now to create a User -
I create a temp password for the user -
I now login as the new user -
I am prompted to change my password -
I go to Compute - Instances
I cannot select the Compartment - as I have not been granted that role
I logout and log back in as the admin.
I edit the user -
I log out and then back in as the new user -
I again go to Compute - Instances
Now I can select the Compartment
No comments:
Post a Comment