Examples of IAM Policy Definitions for Disaster Recovery
You can create policy statements to allow a group of users to administer Disaster Recovery (DR) operations, create DR configurations, and execute prechecks.
The following example allows a group of users to administer all aspects of DR operations in the entire tenancy.
Allow group DRUberAdmins to manage disaster-recovery-family in tenancy
These policy statements allow the group DRUberAdmins
to be superusers for all disaster recovery operations.
The following example allows a group of users to create DR configurations and execute prechecks.
Allow group DRMonitors to manage disaster-recovery-protection-groups in compartment ApplicationERP
Allow group DRMonitors to manage disaster-recovery-plans in compartment ApplicationERP
Allow group DRMonitors to manage disaster-recovery-prechecks in compartment ApplicationERP
These policy statements allow the group DRMonitors
to create DR configurations and plans, and also execute prechecks but not actually execute DR operations. This ability is limited to just the ApplicationERP
compartment.
The following example allows a group of users to create DR configurations in a specific compartment.
Allow group DRConfig to manage disaster-recovery-protection-groups in compartment ApplicationERP
Allow group DRConfig to manage disaster-recovery-plans in compartment ApplicationERP
These policy statements allow the group DRConfig
to create DR configurations and plans only but not execute any DR operations. This ability is limited to one compartment.
Parent topic: Policies for Full Stack Disaster Recovery