Oracle  

Understanding Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM)

Oracle Cloud Infrastructure (OCI) has a service called Identity and Access Management (IAM). This service controls who can use your cloud resources and what they are allowed to do. It is also called role-based access control.

Two Main Jobs of IAM

IAM has two main jobs

  • Authentication (AuthN): This checks who you are. It makes sure the person logging in is really who they say they are.

  • Authorization (AuthZ): This checks what you can do. It decides what actions a user can take on resources in the cloud.

Think of it like this: authentication answers “Who are you?” and authorization answers “What can you do?”

Key Parts of IAM

Some important parts of IAM are

  • Identity Domains: A container for your users and groups. It helps manage a group of users and their security settings.

  • User: Individual accounts for people.

  • Groups: A collection of users. You can give permissions to a group instead of each user.

  • Policies: Rules that decide what a group can do.

  • Compartments: Logical containers for cloud resources. They help organize and isolate resources.

How it works

  • Create an identity domain.

  • Create users and groups inside the domain.

  • Write policies for the groups.

  • Assign users to groups, so they get the right permissions.

Resources and OCIDs

Every resource in OCI—like a compute instance, storage, database, or network—has a unique ID called an Oracle Cloud ID (OCID).

OCI creates this automatically. An OCID looks like this

ocid1.<resource_type>.<realm>.<region>.<unique_ID>

  • Resource type – Shows what kind of resource it is.

  • Realm – The type of environment (commercial or government).

  • Region – The cloud region where the resource is.

  • Unique ID – A unique string for that resource.

OCIDs are mostly used when working with CLI or SDK. You usually don’t need them in the web console.

Summary

OCI IAM helps keep your cloud safe and secure. Remember:

  • Authentication – Checks who you are.

  • Authorization – Checks what you can do.

By using identity domains, users, groups, policies, and compartments, you can control access to resources in a simple and secure way.

OCI IAM makes sure the right people can access the right resources while keeping your cloud environment safe.

Membership not found