OCI Identity and Access Management Flashcards

1
Q

Oracle Identity and Access Management (IAM)

A

Lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Resource

A

The cloud objects that your company’s employees create and use when interacting with Oracle Cloud Infrastructure.

For example: compute instances, block storage volumes, Virtual Cloud Networks (VCNs), subnets, route tables, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

User

A

An individual employee or system that needs to manage or use your company’s Oracle Cloud Infrastructure resources. Users might need to launch instances, manage remote disks, work with your virtual cloud network, etc.

End users of your application are not typically IAM users. Users have one or more IAM credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

User Credentials

A

There are several types of credentials that you manage with Oracle Cloud Infrastructure Identity and Access Management (IAM):

Console password

API signing key (in PEM format)

Auth token

Customer Secret Keys

OAuth 2.0 Client Credentials

SMTP Credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Group

A

A collection of users who all need the same type of access to a particular set of resources or compartment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Dynamic Group

A

A special type of group that contains resources (such as compute instances) that match rules that you define (thus the membership can change dynamically as matching resources are created or deleted).

These instances act as “principal” actors and can make API calls to services according to policies that you write for the dynamic group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network Source

A

A group of IP addresses that are allowed to access resources in your tenancy. The IP addresses can be public IP addresses or IP addresses from a VCN within your tenancy.

After you create the network source, you use policy to restrict access to only requests that originate from the IPs in the network source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Compartment

A

A collection of related resources. Compartments are a fundamental component of Oracle Cloud Infrastructure for organizing and isolating your cloud resources.

You use them to clearly separate resources for the purposes of measuring usage and billing, access (through the use of policies), and isolation (separating the resources for one project or business unit from another).

A common approach is to create a compartment for each major part of your organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Tenancy

A

The root compartment that contains all of your organization’s Oracle Cloud Infrastructure resources. Oracle automatically creates your company’s tenancy for you.

Directly within the tenancy are your IAM entities (users, groups, compartments, and some policies; you can also put policies into compartments inside the tenancy).

You place the other types of cloud resources (e.g., instances, virtual networks, block storage volumes, etc.) inside the compartments that you create.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Policy

A

A document that specifies who can access which resources, and how.

Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself.

If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Home Region

A

The region where your IAM resources reside. All IAM resources are global and available across all regions, but the master set of definitions reside in a single region, the home region.

You must make changes to your IAM resources in your home region. The changes will be automatically propagated to all regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Federation

A

A relationship that an administrator configures between an identity provider and a service provider.

When you federate Oracle Cloud Infrastructure with an identity provider, you manage users and groups in the identity provider. You manage authorization in Oracle Cloud Infrastructure’s IAM service.

Oracle Cloud Infrastructure tenancies are federated with Oracle Identity Cloud Service by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly