Oracle Exam 1Z0-1067-23 Topic 5 Question 22 Discussion

Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)

Scenario Description: (Hands-On Performance Exam Certification)

Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.

You start by setting up the following compartment hierarchy:

Tenancy (root)

Common-Infra

Network

Security

Applications

E-Comm

SCM

CRM

You create the following groups:

Network-Admins

Security-Admins

E-Comm-Admins

SCM-Admins

CRM-Admins

Write the IAM policies for the following use cases:

Assumptions:

Assume that all policies will be attached to the root compartment.

Write one policy per given text box.

Keep policies as simple as possible by using verbs instead of permissions (for example, ''inspect orm-stacks'' instead of ''ORM_STACK_INSPECT'') and aggregate resource types instead of individual ones (for example, ''file-family'' instead of ''file-systems'' and ''mount-targets'')

Task 1

Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.

Task 2

Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]

Task 3

Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.