Q: 6
In Oracle Cloud Infrastructure (OCI), how can an administrator enforce fine-grained access control to
OCI resources for a group of users, ensuring that they can only manage resources within a specific
compartment?
Options
Discussion
Option A. IAM policies scoped to compartments are the best for this. Clear and matches what I've seen in practice.
I don't think it's D. A is the one that gives you fine-grained control over a specific compartment by using OCI IAM policies. D would apply policy at the root, which is too broad in this case. Pretty sure about this, but open if anyone sees a flaw.
A tbh, NSGs (option C) are only for network traffic, not access control at resource level.
A tbh. IAM policies on the compartment are how you get that fine-grained control from what I remember, but not 100% sure.
A is wrong, B. IAM policies scoped to a specific compartment are the way to enforce that level of access, at least from what I saw in the official guide and some practice tests. Not totally sure though, open to corrections.
Its A, saw something just like this in practice tests. IAM policies scoped to the compartment are what actually does fine-grained access.
I don’t think it’s C. A is right since only IAM policies let you restrict a group’s access to just one compartment. NSGs only affect network traffic, not permissions. Pretty common trap with these types of options.
Pretty sure it's A, IAM policies let you control who can do what in a specific compartment. NSGs and Cloud Guard don't handle user permissions like that. Has anyone seen a scenario where B or C would apply here? Open to corrections.
Be respectful. No spam.
