💼 1.2 Ensure permissions on all resources are given only to the tenancy administrator group - Level 1 (Automated)

ID: /frameworks/cis-oracle-v3.1.0/01/02

Description

There is a built-in OCI IAM policy enabling the Administrators group to perform any action within a tenancy. In the OCI IAM console, this policy reads:

Allow group Administrators to manage all-resources in tenancy

Administrators create more users, groups, and policies to provide appropriate access to other groups.

Administrators should not allow any-other-group full access to the tenancy by writing a policy like this -

Allow group any-other-group to manage all-resources in tenancy

The access should be narrowed down to ensure the least-privileged principle is applied.

Similar

Internal
- ID: dec-c-8c6bbd38

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Description​

Similar​

Sub Sections​

Description

Similar

Sub Sections