Adding Users

This topic provides a quick hands-on tutorial for adding users and groups and creating simple policies to grant them permissions to work with Oracle Cloud Infrastructure resources.

Use these instructions to quickly add some users to try out features. See Overview of IAM to fully understand the features of the IAM service and how to manage access to your cloud resources.

Can I use these procedures if my tenancy is federated with Oracle Identity Cloud Service?

These procedures add users and groups to the Oracle Cloud Infrastructure IAM service. Users that you create here can sign in directly to the Oracle Cloud Infrastructure Console, but do not exist in Oracle Identity Cloud Service. If the users you want to add need access to the Oracle Cloud Infrastructure Console only, then, yes, you can use these procedures.

To add users to Oracle Identity Cloud Service, see Adding Groups and Users for Tenancies Federated with Oracle Identity Cloud Service.

About Users, Groups, and Policies

A user's permissions to access services comes from the groupsA collection of users who all need a particular type of access to a set of resources or compartment. to which they belong. The permissions for a group are defined by policiesA document in the IAM that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources.. Policies define what actions members of a group can perform, and in which compartments. Users can then access services and perform operations based on the policies set for the groups they are members of.

To help you understand how to set up users with the access permissions they need, you can follow these tasks to set up these basic types of users:

  • A user with full permissions on one compartment only
  • A user with full administrator permissions

Create a Compartment and Add a User with Access to It

In this example, create a compartment called "Sandbox" and grant a user access to it.

To grant users access to the Sandbox compartment and all the resources in it, you will create a group ("SandboxGroup") and then create a policy ("Sandbox_Policy") to define the access rule. Finally, add the user to this group to grant them access to the Sandbox compartment.

When this user signs in they can see all the compartments, but they can only view, create, and manage resources in the Sandbox compartment. This user cannot create compartments or create other users. Ensure to let the user know which compartments they have access to.

Add a User with Administrator Permissions

The user you create in this task will have full administrator permissions. This means that the user has full access to all compartments and can create and manage all resources as well as users, groups, policies, and compartments.