Identity and Access Management - IAM INTRO Flashcards
Fine-grained access control or role-based access control service.
Identity and Access Management Service - IAM
Authentication
identity or who someone is
AuthN
Authorization
permissions or what someone is allowed to do
AuthZ
AuthN
Ensures that a person is who they claim to be.
AuthZ
Allows a user to be assigned one or more pre-determined roles and each role comes with a set of permissions.
A container for your users and groups - a construct that represents a user population in OCI along with associated configurations and security settings.
Identity Domains
1st Step with IAM
We create an identity domain, create users and groups within that identity domain.
2nd Step with IAM
We write policies against the groups and policies are scoped to a tenancy, account or compartment.
A kind of logical isolation for resources
Compartment
How is authentication done
By common mechanisms like username and password
The mechanism whereby you provide role-based access control.
Policy
Resources include (objects)
block storage, compute instances, file storage, databases
Unique identifier assigned by Oracle
Cloud ID - OCID
OCID SYNTAX - ocid1
ocid1.<RESOURCE>.<REALM>.[REGION] [.Future Use].<UNIQUE></UNIQUE></REALM></RESOURCE>
Starts with ocid1 and that is the type of resource
OCID SYNTAX - Resource type
ocid1.<RESOURCE>.<REALM>.[REGION] [.Future Use].<UNIQUE></UNIQUE></REALM></RESOURCE>
Resource Type - self explanatory
compute instance, block storage device etc
OCID SYNTAX Realm
ocid1.<RESOURCE>.<REALM>.[REGION] [.Future Use].<UNIQUE></UNIQUE></REALM></RESOURCE>
Realm - set of regions that share the same characteristics
OCID SYNTAX Region
ocid1.<RESOURCE>.<REALM>.[REGION] [.Future Use].<UNIQUE></UNIQUE></REALM></RESOURCE>
Region - region code here that is unique to the resource you create
When do you interact with OCIDS
When using CLI or SDK
How are the OCIDS generated?
Automatically by Oracle
