Creating a Policy Using the Console

Complete information about using the Policy Builder and templates is found in Writing Policy Statements with the Policy Builder.

See also how policies work, policy syntax, and policy reference.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Policies.
  2. Under Compartment, select the compartment where you want the policies to reside.
  3. Click Create Policy.
  4. In the Create Policy page, enter the following information:
    • Name: Enter a name for the policy, for example, bds-net-admin.

    • Description: Enter a description for the policy.

    • Compartment: Select a compartment from the list, if you want to create the policy in a different compartment.

    • Policy Builder: Click the toggle on the Policy Builder box. Copy the following and paste it into the text box:

      allow service bdsprod to {VCN_READ, VNIC_READ, VNIC_ATTACH, VNIC_CREATE, SUBNET_READ, SUBNET_ATTACH, VNIC_DETACH, VNIC_DELETE, SUBNET_DETACH} in compartment bds-learn
      Note

      Also, you must grant the VCN_READ right to the compartment the VCN belongs to, and grant the other rights to the compartment the subnet belongsShow manual editor to.

      Additionally, if you're using customer-managed encryption keys, copy and paste them into the text box:

      allow service blockstorage to use keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
      allow service bdsprod to use key-delegate in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
      allow service bdsprod to read keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
      allow group <user-group> to use key-delegate in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
      
      allow service objectstorage to use keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
  5. Click Create.
  6. To review any policy, click its name.

For more information about creating groups, users, and policies, see Overview of Oracle Cloud Infrastructure Identity and Access Management in the Oracle Cloud Infrastructure documentation.