Creating a policy
Create a policy.
Prerequisite: The group and compartment that you're writing the policy for must already exist.
- Open the navigation menu and click Identity & Security. Under Identity, click Policies. A list of the policies in the compartment you're viewing is displayed.
- Click Create Policy.
- Enter the following:
- Name: A unique name for the policy. The name must be unique across all policies in your tenancy. You cannot change this later. Avoid entering confidential information.
- Description: A friendly description. You can change this later if you want to.
- Compartment: If you want to attach the policy to a compartment other than the one you're viewing, select it from list. Where the policy is attached controls who can later modify or delete it (see Policy Attachment).
- Enter the policy statements using the policy
builder. Use the basic option if you want to choose from common policy
templates, which you can also customize. Use the Show manual
editor option if you already know how to write the statements you
need and you want to simply enter them in a text box.To use the policy builder basic option:
To use the Show manual editor option:
- Select from the Policy use cases menu to filter the list of policy templates. If you're not sure which use case to choose, you can browse all the templates in the Common policy templates list.
- Select the template that best matches your requirements from the
Common policy templates list.
The policy builder displays the description of the chosen policy and lists the policy statements that it includes.
- Select the Identity domain that contains the group to which you want to apply this policy.
- Select the Group that this policy applies to.
- Select a Location. The location is the compartment that this policy grants access to. The compartment you choose here must be either the compartment you chose to attach the policy to in Step 3, or a compartment within the hierarchy of that compartment.
- If you need to modify the policy statements, click Show manual editor.
- Click Show manual editor.
- Enter or edit policy statements following the format described in Policy Syntax, entering one statement per line.
- To add tags to this policy, click Show Advanced Options. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.
- If you want to create another policy, select Create Another Policy.
- Click Create.
The new policy will go into effect typically within 10 seconds.