This topic provides a quick hands-on tutorial for adding users and groups and creating
simple policies to grant them permissions to work with Oracle Cloud Infrastructure resources.
Use these instructions to quickly add some users to try out features. See Overview of IAM
to fully understand the features of the IAM service and how to manage access to your cloud resources.
About Users, Groups, and Policies
A user's permissions to access Oracle Cloud Infrastructure services come
from the groups to which they belong. The
permissions for a group are defined by policies .
Policies define what actions members of a group can perform, and in which compartments.
Users can then access services and perform operations based on the policies set for the
groups they are members of.
Sample Users and Groups 🔗
To help you understand how to set up users with the access permissions they need, perform the following tasks to set up these two basic types of users:
A user with full administrator permissions
A user with permissions to use one compartment only
Add a User with Oracle Cloud Administrator Permissions 🔗
The user you create in this task will have full administrator permissions of the default
administrator. This means that the user has access to all compartments and can create
and manage all resources in Oracle Cloud Infrastructure. You must have
Cloud Administrator permissions to complete this task.
Open the navigation menu and select Identity & Security. Under Identity, select Domains.
Click Default to open the Default identity domain.
Under the Identity domain resources on the left, click Users.
Click Create user.
In the First name and Last name fields of the Create user window, enter the user's first and last name.
To have the user log in with their email address:
Leave the Use the email address as the username check box
selected.
In the Username / Email field, enter the email address for the user
account.
or
To have the user log in with their user name:
Clear the Use the email address as the username check box.
In the Username field, enter the user name that the user is to
use to sign in to the Console.
In the Email field, enter the email address for the user
account.
Under Select groups to assign this user to, select the check box for
Administrators.
Click Create.
A welcome email is sent to the address provided for the new user. The new user can follow
the account activation instructions in the email to sign in and start using the
tenancy.
Create a Compartment and Add a User with Access to It 🔗
In this example, create a compartment called "Sandbox" and then create a user with access to only that compartment.
Open the navigation menu and select Identity & Security. Under Identity, select Domains.
Click Default to open the Default identity domain.
Under the Identity domain resources on the left, click Users.
Click Create user.
In the First name and Last name fields of the Create user window, enter the user's first and last name.
To have the user log in with their email address:
Leave the Use the email address as the username check box
selected.
In the Username / Email field, enter the email address for the user
account.
or
To have the user log in with their user name:
Clear the Use the email address as the username check box.
In the Username field, enter the user name that the user is to
use to log in to the Console.
In the Email field, enter the email address for the user
account.
Under Select groups to assign this user to, select the check box for the
group you created, SandboxGroup.
Click Create.
When this user signs in they can see the compartments they have access to and they can only view, create, and manage resources in the Sandbox compartment. This user cannot create other users or groups.