Creating User Permissions
Learn how to create a policy to allow a group to manage email-family resources.
Using the Console
- Open the navigation menu and click Identity & Security. Under Identity, click Policies. A list of the policies in the compartment you're viewing is displayed.
- To attach the policy to a compartment other than the one you're viewing, select the compartment from the list on the left. Where the policy is attached controls who can later change or delete it (see How Policies Work).
- Click Create Policy.
-
Enter the following:
- Name: A unique name for the policy. The name must be unique across all policies in your tenancy. You can't change this later.
- Description: A friendly description.
- Compartment: Select a compartment you want to create the policies in, if not already selected.
- Policy Builder: Select Email Management as the policy use case. The default policies are listed under Policy Statements.Note
To change the policy statements, enable the Show manual editor slider next to Policy Buider.
Enter the following policy statements under Policy Statements:
Allow group <group name> to use email-family in compartment <compartment name> Allow group <group name> to manage credentials in compartment <compartment name> where target.credential.type = 'smtp' Allow group <group name> to manage email-family in compartment <compartment name> Allow group <group name> to manage suppressions in tenancy Allow group <group name> to manage log-groups in compartment <compartment name> Allow group <group name> to read log-content in compartment <compartment name>
For more information about policies and policy syntax, see Policy Basics.
- Select group and location.
- Click Create. The new policy goes into effect typically within 10 seconds.