Creating compartments and policies in OCI

Compartments make it easier to manage cloud resources because the resources within it can only be accessed or managed by users who have permissions. For example, you can organize compartments by project or cost center. Policies are used to grant permissions to users / groups / etc, to manage resources within a compartment.

Before creating the compartments, we need to create a new user.

Create a new group, too.

Don’t forget to associate them.

Generate a new temporary password, too.

To create a new compartment, on the main menu click Identity, then select Compartments.

Click Create Compartment.

In the Create Compartment dialog box, enter the Name and Description.
Click Create Compartment.

Create another compartment.

The compartments were created!

To create a new policy for mycompartment1, from the main menu click Identity, then select Policies.

Click Create Policy.

In the Create Policy dialog box, type the Name, Description and Statement.
This statement permits that mygroup1 manages all resources inside mycompartment1. To learn how policies work and the basic features, read the OCI Documentation.
Click Create.

Create another policy for mycompartment2.
This statement permits that mygroup2 manages all resources inside mycompartment2.

The policies have been created!

Great! Let’s test the policies created!
On the user menu, click Sign Out and log out the administrator user account.

First, log in as myuser1.
Click Sign In.

In the main menu click Object Storage, then select Object Storage.

Policies are working, myuser1 only can manage mycompartment1. (Ignore the ManagedCompartmentForPaaS, because it is a default compartment for all users).

Repeat the previous steps using myuser2 to verify that this user only can manage mycompartment2.

Good job!
In this post, you learned how to create new compartments and policies.
See you in the next blog post!

Have a good time!