OCI Access Rule Policies

Contact Us
Allow Group "group 1, 2, 3..." to "action" "resource name" in compartment "compartment_name"
Action options: inspect (list only), read (read metadata and and list resources), use (access resources), manage (full access)

Resource names: objects, load balancers, virtual network family (vcn, subnet, route tables, security lists), instance family, and volume family)

You can use this feature to create multiple sub accounts with in your account/tenancy. The second highest level of access within your Oracle cloud is compartment. The compartments are typically used to separate your production, test, etc. environment. This level allows you to completely separate firewall, network, storage, and servers.

Here are some examples on how to separate your Oracle cloud account into multiple sub accounts:

Allow Group SubCompany1ProdFull to manage instance-family in compartment SubCompany1Prod

Allow Group SubCompany1QAFull to manage instance-family in compartment SubCompany1QA

Allow Group SubCompany1QAView to read all in compartment SubCompany1QA