Getting Started with Policies

If you're new to Oracle Cloud Infrastructure Identity and Access Management (IAM) policies, this topic gives guidance on how to proceed.

If You're Doing a Proof-of-Concept

If you're just trying out Oracle Cloud Infrastructure or doing a proof-of-concept project with infrastructure resources, you may not need more than a few administrators with full access to everything. In that case, you can simply create any new users you need and add them to the Administrators group. The users will be able to do anything with any kind of resource. And you can create all your resources directly in the tenancy (the root compartment). You don't need to create any compartments yet, or any other policies beyond the Tenant Admin Policy, which automatically comes with your tenancy and can't be changed.


Don't forget to add your new users to the Administrators group; it's easy to forget to do that after creating them.

If You're Past the Proof-of-Concept Phase

If you're past the proof-of-concept phase and want to restrict access to your resources, first:

Policy FAQs

Which of the services within Oracle Cloud Infrastructure can I control access to through policies?
Can users do anything without an administrator writing a policy for them?
Why should I separate resources by compartment? Couldn't I just put all the resources into one compartment and then use policies to control who has access to what?
Can I control or deny access to an individual user?
How do I delete a user?
How can I tell which policies apply to a particular group or user?
How can I tell which policies apply to a particular compartment?