Complete information about using the Policy Builder and templates is found in Writing Policy Statements with the Policy Builder.
See also how policies work, policy syntax, and policy reference.
-
Open the navigation menu and click
Identity & Security. Under Identity, click
Policies.
-
Under Compartment, select the compartment where you want the policies to reside.
-
Click Create Policy.
-
In the Create Policy page, enter the following information:
-
Name: Enter a name for the policy, for example, bds-net-admin
.
-
Description: Enter a description for the policy.
-
Compartment: Select a compartment from the list, if you want to create the policy in a different compartment.
-
Policy Builder: Click the toggle on the Policy Builder box. Copy the following and paste it into the text box:
allow service bdsprod to {VCN_READ, VNIC_READ, VNIC_ATTACH, VNIC_CREATE, SUBNET_READ, SUBNET_ATTACH, VNIC_DETACH, VNIC_DELETE, SUBNET_DETACH} in compartment bds-learn
Note
Also, you must grant the VCN_READ
right to the compartment the VCN belongs to, and grant the other rights to the compartment the subnet belongsShow manual editor to.
Additionally, if you're using customer-managed encryption keys, copy and paste them into the text box:
allow service blockstorage to use keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow service bdsprod to use key-delegate in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow service bdsprod to read keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow group <user-group> to use key-delegate in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow service objectstorage to use keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
-
Click Create.
-
To review any policy, click its name.