Oracle Cloud Infrastructure Documentation

Common Policies

This section includes some common policies you might want to use in your organization.


These policies use example group and compartment names. Make sure to replace them with your own names.

Let the Help Desk manage users
Let auditors inspect your resources
Let network admins manage a cloud network
Let network admins manage load balancers
Let users launch Compute instances
Let users manage Compute instance configurations and instance pools
Let users manage Compute autoscaling configurations
Let users list and subscribe to images from the Partner Image catalog
Let volume admins manage block volumes, backups, and volume groups
Let volume backup admins manage only backups
Let users create a volume group
Let users clone a volume group
Let users create a volume group backup
Let users restore a volume group backup
Let users create, manage, and delete file systems
Let users create file systems
Let Object Storage admins manage buckets and objects
Let users write objects to Object Storage buckets
Let users download objects from Object Storage buckets
Let database admins manage database systems
Let database and fleet administrators manage Autonomous Databases
Let database admins manage Autonomous Data Warehouse databases
Let security admins manage vaults and keys
Let security admins manage all keys in a specific vault in a compartment
Let security admins use a specific key in a compartment
Let a user group delegate key usage in a compartment
Let Block Volume and Object Storage services encrypt and decrypt volumes, volume backups, and buckets
Let group admins manage group membership
Let users manage their own passwords and credentials
Let a compartment admin manage the compartment
Restrict admin access to a specific region
Restrict user access to view only summary announcements
Let users view details of announcements
Let streaming users manage streams
Let streaming users publish messages to streams
Let streaming users publish messages to a specific stream
Let streaming users consume messages from streams
Let users view metric definitions in a compartment
Let users access monitoring metrics in a compartment
Restrict user access to a specific metric namespace
Let users publish custom metrics
Let instances make API calls to access monitoring metrics in the tenancy
Let users view alarms
Let users manage alarms
Let users manage alarms and create topics
Allow a group to manage topics
Allow a group to manage topic subscriptions
Allow a group to publish messages to topics