You deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with multiple block volumes attached. There are multiple teams that use the same compute instance and have access to these block volumes. You want to ensure that no one accidentally deletes of these block volumes. You have started to construct the following IAM policy but need to determine which permissions should be used.
To minimize loss of data due to inadvertent deletes by an authorized user or malicious deletes, Oracle recommends to giving VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE and VOLUME_BACKUP_DELETE permissions to a minimum possible set of IAM users and groups. DELETE permissions should be given only to tenancy and compartment administrators
Currently there are no comments in this discussion, be the first to comment!