Oracle Cloud Infrastructure Documentation

Creating User Permissions

Learn how to create a policy to allow a group to manage email-family resources.

Using the Console

  1. Open the navigation menu  and select Identity & Security. Under Identity, select Policies. A list of the policies in the compartment you're viewing is displayed.
  2. To attach the policy to a different compartment, use the Compartment filter to switch compartments. You must have permission to work in a compartment to see the resources in it. If you're not sure which compartment to use, contact an administrator. Where the policy is attached controls who can later change or delete it (see IAM Policies Overview). For more information, see Understanding Compartments.
  3. Click Create Policy.
  4. Enter the following:
    1. Name: A unique name for the policy. The name must be unique across all policies in your tenancy. You can't change this later.
    2. Description: A friendly description.
    3. Compartment: Select a compartment you want to create the policies in, if not already selected.
    4. Policy Builder: Enter Email Management as the policy use case.
    5. Select a default policy template listed under Common policy templates.
    6. Select Group or Dynamic groups, and the location.
      Note

      To change the policy statements, enable the Show manual editor slider next to Policy Builder.

      Enter the following policy statements under Policy Statements:

      Allow group '<identity domain name>'/'<group name>' to use email-family in compartment <compartment name>
Allow group '<identity domain name>'/'<group name>' to manage credentials in compartment <compartment name> where target.credential.type = 'smtp'
Allow group '<identity domain name>'/'<group name>' to manage email-family in compartment <compartment name>
Allow group '<identity domain name>'/'<group name>' to manage suppressions in tenancy
Allow group '<identity domain name>'/'<group name>' to manage log-groups in compartment <compartment name>
Allow group '<identity domain name>'/'<group name>' to read log-content in compartment <compartment name>

      For more information about policies and policy syntax, see Policy Basics.

      Note

      If you're using SMTP credentials of users who aren't in the "Default" Identity Domain, you need to include the name of your Identity Domain in your policy statement. For more information, see How Policies Work (with Identity Domains).

  5. Select Create.
    The new policy goes into effect typically within 10 seconds.