Manually Setting up OCI Policy for Oracle OS Management Hub

Learn how to manually create the required Oracle Cloud Infrastructure(OCI) groups and policies to enable Oracle OS Management Hub. In this video, you will learn how to manually create an administrator group and add users, write matching rules for a dynamic group of instance resources that will be managed by OS management hub, find compartment and subcompartment OCIDs, and write the policy that defines permissions for users and instance resources to use OS management hub. Examples of dynamic group rules and policies are provided covering broad sets of permissions, limiting administrator groups, and narrowing permission to specific compartments or subcompartments.

00:03 Title screen
00:14 Policy advisor vs manual policy creation
00:31 Brief policy advisor review
01:03 Policy advisor documentation
01:11 Manually creating groups and policies overview
01:40 Navigating to identity resources
02:02 Creating an administrator group
02:20 Creating a dynamic group
02:55 Adding OCI-located instances to a dynamic group
03:23 Using the rule builder to create matching rules
04:03 Adding management agent resources to dynamic group
04:11 Multi-compartment dynamic group example
05:57 Additional dynamic group considerations06:22 Finding compartment and subcompartment OCIDs
06:51 Creating policy in the OCI web console
07:20 Adding required policy lines
08:02 Adding policy lines for management agent resources
08:32 Compartment policy example
08:48 Multi-compartment policy example with administrator limitations

Resources:
- Learn more about the policy advisor: https://docs.oracle.com/en-us/iaas/osmh/doc/policy-advisor.htm#policy-advisor
- Learn more about IAM policies for OS Management Hub: https://docs.oracle.com/en-us/iaas/osmh/doc/getstarted.htm#required-iam-policies
- Find the policy and dynamic group examples/templates in the video on the policy example documentation page: https://docs.oracle.com/en-us/iaas/osmh/doc/policies.htm#policy-examples
- Getting started with OCI Policies; https://docs.oracle.com/en-us/iaas/Content/Identity/policiesgs/get-started-with-policies.htm
- How Policies work: https://docs.oracle.com/en-us/iaas/Content/Identity/policieshow/how-policies-work.htm
- Policy syntax: https://docs.oracle.com/en-us/iaas/Content/Identity/policysyntax/policy-syntax.htm
- Managing dynamic groups: https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm
----------------------------------------------
Copyright © 2024, Oracle and/or its affiliates.