• PDF / 953,055 Bytes
• 18 Pages / 504 x 720 pts Page_size
• 88 Downloads / 218 Views

DOWNLOAD

REPORT

Identity and Access Management The purpose of this chapter is to provide a basic understanding of the Oracle Cloud Infrastructure Identity and Access Management (IAM). Using this service, we are able to create users, groups, and policies that will be used to control the access to your cloud resources. This chapter will provide a brief description of the main IAM components and will give an example to demonstrate how this is working all together.

IAM Components Home Region As explained in Chapter 1, the Home Region is the region from where you have created your Oracle Cloud Infrastructure (OCI) account. You should always use the URL related to your Home Region to access the OCI console. The IAM entities’ metadata (users, policies, groups, etc.) resides in your Home Region and the changes are automatically propagated to every other region.

Resource Resources are the components you can manage in the cloud. These include compute instances, database instances, block volumes, load balancers, and so on. Using IAM, we will have to grant permissions to users in order for them to access these resources.

© Adrian Png and Luc Demanche 2020 A. Png and L. Demanche, Getting Started with Oracle Cloud Free Tier, https://doi.org/10.1007/978-1-4842-6011-1_2

17

Chapter 2

Identity and Access Management

User The tenancy provisioning process creates the first user as the default administrator for the tenancy. This user is automatically in the default group Administrators. Every individual or system that needs to interact with resources should have their own user account. For ease of governance, it is crucial to have dedicated users for individuals and systems that interact with the resources.

Note  By user, we are not referring to the application’s users, but the individual or service that will connect to the OCI console or needs to interact with resources.

Group A group is a set of users that require the same access and permissions on resources. During the tenancy provisioning process, a default group called Administrators is created and contains the initial user. This default group shouldn’t be deleted and should always contain at least one user.

Policies A policy specifies the type of access a user can have on a resource or a group of resources. The policy is assigned to a group and is set at the tenancy or compartment level. If the permission is granted at the tenancy level, the users in the group will get the same permissions for every compartment in this tenancy. During the tenancy provisioning process, a default policy is created that provides permissions on allresources for the group Administrators which contains the initial user.

Compartment The compartment is one of the fundamental components in OCI. It helps to group related Cloud resources. This is used for the purpose of segregation, isolation, and organization and also to easily get usage and cost information. When the tenancy is provisioned, we can see two different compartments, the main one called “accountname (root)” and another one called ManagedComp

Recommend Documents

Identity-based Access Control

209 79 2MB

Data Security Using Directory Server in Identity and Access Management System

154 82 29MB

Access Control and Privilege Management

155 36 9MB

Data Storage and Access Management

168 70 203KB

Identity-Based Key Management

202 85 22MB

Data-Access QoE Management

161 0 49MB

Identity Management for Health Professionals

170 66 1MB

Access Control Based on Code Identity for Open Distributed Systems

166 49 7MB

IMC: A Classification of Identity Management Approaches

167 59 19MB

Access Control Management for Ubiquitous Computing

187 29 4MB

Access Control Management in Cloud Environments

175 72 4MB

Self-Management for Access Points Coverage Optimization and Mobility Agents Configuration in Future Access Networks

153 40 2MB