Oracle Cloud Infrastructure Documentation

Adding Users

This topic provides a quick hands-on tutorial for adding users and groups and creating simple policies to grant them permissions to work with Oracle Cloud Infrastructure resources.

Use these instructions to quickly add some users to try out features. See Overview of Oracle Cloud Infrastructure Identity and Access Management to fully understand the features of the IAM service and how to manage access to your cloud resources.

About Users, Groups, and Policies

A user's permissions to access services comes from the A collection of users who all need a particular type of access to a set of resources or compartment. to which they belong. The permissions for a group are defined by An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources.. Policies define what actions members of a group can perform, and in which compartments. Users can then access services and perform operations based on the policies set for the groups they are members of.

About Federated Users

When you sign up for Oracle Cloud Infrastructure, your tenancy is federated with Oracle Identity Cloud Service (IDCS) as the identity provider. You can create users and groups in IDCS that you can use with your Oracle Cloud products. To give these users permissions in Oracle Cloud Infrastructure, you need to perform some steps in IDCS and some steps in Oracle Cloud Infrastructure.

You can create your IDCS users and groups directly in the Oracle Cloud Infrastructure Console. For more details on managing federated users, see Managing Oracle Identity Cloud Service Users and Groups in the Oracle Cloud Infrastructure Console.

Sample Users and Groups

To help you understand how to set up users with the access permissions they need, you can perform the following tasks to set up these two basic types of users:

  • A federated user with full administrator permissions
  • A federated user with permissions to use one compartment only

Add a User with Oracle Cloud Administrator Permissions

The user you create in this task will have full administrator permissions of the default administrator. This means that the user has full access to all compartments and can create and manage all resources in Oracle Cloud Infrastructure as well as other products managed through Oracle Identity Cloud Service.

Create a group in Oracle Identity Cloud Service
Map the Oracle Identity Cloud Service group to the Administrators group
Give the group permissions in Oracle Identity Cloud Service
Create a user and add it to the new group

Create a Compartment and Add a User with Access to It

In this example, create a compartment called "Sandbox" and then create a user with access to only that compartment.

Procedure Overview: To grant users access to the Sandbox compartment and all the resources in it, you create a group (SandboxGroup) and then create a policy (SandboxPolicy) to define the access rule. To enable access for federated users, create a group in Oracle Identity Cloud Service (IDCSSandboxGroup) and map it to the SandboxGroup. Finally, create a user and add them to the IDCSSandboxGroup.

Create a sandbox compartment
Create an Oracle Cloud Infrastructure group
Create a policy
Create an Oracle Identity Cloud Service group
Map the Oracle Identity Cloud Service Group to the Oracle Cloud Infrastructure group
Create a user and add it to the group

When this user signs in they can see the compartments they have access to and they can only view, create, and manage resources in the Sandbox compartment. This user cannot create compartments or create other users. Ensure to let the user know which compartments they have access to.