Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)
Scenario Description: (Hands-On Performance Exam Certification)
Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.
You start by setting up the following compartment hierarchy:
Tenancy (root)
Common-Infra
Network
Security
Applications
E-Comm
SCM
CRM
You create the following groups:
Network-Admins
Security-Admins
E-Comm-Admins
SCM-Admins
CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, ''inspect orm-stacks'' instead of ''ORM_STACK_INSPECT'') and aggregate resource types instead of individual ones (for example, ''file-family'' instead of ''file-systems'' and ''mount-targets'')
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]
Task 3
Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Solution- Policy Statement:
allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]
Solution- Policy Statement:
allow E-Comm-Admins to manage instance-family in compartment Applications:E-Commallow E-Comm-Admins to use virtual-network-family in compartment Common-Infra:Network
Task 3
Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment---but only in Phoenix and London.
Solution- Policy Statement:
allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'}
Cherry
4 months agoKenda
3 months agoLawrence
4 months agoBettina
4 months agoDorcas
5 months agoCortney
4 months agoRosina
4 months agoHuey
4 months agoTrina
5 months agoAdolph
5 months agoChantell
5 months agoCarey
4 months agoMonte
4 months agoBettina
5 months agoTrina
5 months ago