This is more of a note for the folks doing the hands on lab at DevLive 24 in London. The OIC lab involves uploading a .csv file from OIC FileServer to ATP. It is a bulk upload that will leverage OCI Object Storage.
Here I detail the OCI policies required to -
- manage object storage
- manage OIC
- manage ATP
Create a new user in OCI
I began by creating a user and assigning them to the following group -
Grant Access to Object Storage
Per default - everything is locked down -
Grant Access to ATP
Again, per default - no access to ATP.
Now my newly created user can see the ATP instance I already created -
The user can click on the link and then select SQL -
User is automatically in the ADMIN user schema -
User can then login as DBTESTUSER -
Maybe do this is in incognito / private window.
However, this user can create tables etc. in their schema.
Grant Access to OIC instance
As to be expected, the newly created user has no access to the OIC instance.
Let's grant her access to an existing OIC instance.
This is the instance to which I will be granting access -
And she can -
However, the user still has no access to OIC at OCI level. i.e. she cannot create a new OIC instance or check out the service metrics etc.
For that I require a new Policy -
allow group DevLiveUsers to manage integration-instance in compartment DevLiveLondon24
Now the user has access -
No comments:
Post a Comment