Oracle Exam 1Z0-1072-23 Topic 9 Question 18 Discussion

Actual exam question for Oracle's 1Z0-1072-23 exam

Question #: 18
Topic #: 9

You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins.

Each admin group has full access over their respective compartments as shown in the graphic below.

Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.

You want to set up a Test compartment for members of the three projects to share. You also need to provide admin access to all three of your existing admin groups.

Which policy would you write to accomplish this task?

AAllow all-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'

BAllow dynamic-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'

CAllow group any-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'

DAllow any-user to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'

Show Suggested Answer

Suggested Answer: D

Allow all-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin' is the policy that would accomplish this task. This policy grants admin access to all groups that have the tag EmployeeGroup.Role='Admin' in the compartment Test. The other options are not correct, as they use incorrect terms such as dynamic-group, any-group, or any-user. Reference: [Tag-Based Authorization]

by Graciela at May 02, 2024, 07:32 PM

Limited Time Offer

25%

7 months ago

Have you looked at this question about setting up a Test compartment?

upvoted 0 times

...