User Guide
English
日本語한국어English
English
日本語한국어English
  • Welcome aboard to SpaceONE
  • About SpaceONE
    • SpaceONE
    • Key Differentiators
  • Getting Started
  • Basic Setup
  • Power Scheduler Quick Start
  • ADVANCED TOPIC
    • Excel Export
    • Custom Table
  • Dashboard
    • Domain Dashboard
  • Project
    • Project Group Management
    • Project Management
  • Inventory
    • Server
    • CloudService
  • Identity
    • Service Account
      • (AWS) Service Account Policy Management
      • (Google Cloud) Service Account Policy Management
      • (Azure) Access Control (IAM) Policy Management
      • (Oracle Cloud Infrastructure) Identity and Access Management(IAM) Policy Management
      • (Alibaba Cloud) Service Account Policy Management
  • Monitoring
    • Alert Manager
      • Webhook Settings
        • AWS SNS
        • Grafana
  • Automation
    • Power Scheduler
  • ETC
    • Profile
  • Reference Link
  • Admin Guide
  • API Guide
  • FAQ
    • FAQs
Powered by GitBook
On this page
  • IAM Policy
  • General Collector

Was this helpful?

  1. Identity
  2. Service Account

(Oracle Cloud Infrastructure) Identity and Access Management(IAM) Policy Management

Details of API Security policy to use SpaceONE plugin

Previous(Azure) Access Control (IAM) Policy ManagementNext(Alibaba Cloud) Service Account Policy Management

Last updated 3 years ago

Was this helpful?

IAM Policy

SpaceONE highly recommends to set appropriate permissions to access your cloud resources for each purpose.

Please, Set service account, To Create API for each use case

  • General Collector

General Collector

Collector requires appropriate authorities to collect cloud resources. We strongly recommend to limit collector's service account its permission to read only access.

Otherwise, you can add more restrictions per resources or actions. One of the useful example is to restrict its rights within region.

STEP 1. Log in Oracle Cloud Infrastructure Console > Identity

Go to Identity > Users and Click CREATE USER

STEP 2. Set IAM User details

Click IAM Userand Enter User name and Description

STEP 3. Set API Keys to IAM User

Go to Identity > Users > User > Details > API Keys. Click Add API Key and add or Generate API Key.

STEP 4. Create Group for IAM User

Go to Identity > Groups and Click Create Group Button. Enter Name and Description.

STEP 5. Add IAM User to Group

Go to Group that you made and Click Add User to Group Button and add IAM User.

STEP 6. Set Policies to Group

Go to Identity > Policies and Click Create Policy Button.

Enter Name and Description and Policies by manually.

Entering statements directly in the text box, ensure that you follow the Policy Syntax rules.

When using General Collector, the following two policies are required:

Allow group {group_name} to inspect compartments in tenancy
Allow group {group_name} to inspect tenancies in tenancy