Question 1

Question

You are a DevOps project administrator. You are creating Oracle Cloud Infrastructure (OCI) Identity
and Access Management (IAM) policies that will be used in a DevOps CI/CD pipeline for deployment
to an Oracle Container Engine for Kubernetes (OKE) environment.
Which OCI IAM policy can be used?

Accepted Answer

Allow group  to manage devops-family in compartment

Reese U. · Answer

Option A fits with what the official docs recommend for DevOps CI/CD setups on OCI. Regular groups are preferred for project admin roles managing devops-family resources, not dynamic groups. Saw similar structure on recent Oracle practice tests. Pretty sure it's A, but open if anyone's seen newer guidance.

Sanjay M. · Answer

A

Rowan R. · Answer

Its A here. For a DevOps project admin (a user not an automation), you need a regular group managing devops-family. Dynamic groups like in B are for automated resources, not people. Anyone disagree?

Jordan S. · Answer

B . If the deployment pipeline is fully automated and running as a resource rather than a user, I'd expect a dynamic group (so B) to be common in practice. A lot of folks miss that when pipelines trigger OKE actions, dynamic-group policies are used for permissions. Maybe I'm off if the intent is for actual users, but I don't see why B can't fit here. Open to feedback if I'm missing a subtlety.

Nathan · Answer

Yeah, I'd pick A too. Using a regular group for the deployment pipeline lines up with OCI docs for managing devops-family resources. Dynamic groups are more for automation with compute or functions, not admins. Open to counterpoints if I missed some recent change.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE