Facebook Twitter Linkedin Whatsapp Youtube
Start Here

[Recap] Day 1: Identity and Access Management [Oracle Cloud Infrastructure Architect Associate] [1Z0-1072]

  • No Comments
  • 1
Oracle

Share Post Now :

HOW TO GET HIGH PAYING JOBS IN AWS CLOUD

Even as a beginner with NO Experience Coding Language

BOOK YOUR FREE SEAT

Explore Free course Now

Table of Contents

Loading

This blog will share some quick tips, including Q/A and useful links from Day 1 of our previously launched new batch of Oracle Cloud Infrastructure Architect Associate. We have covered 15+ hands-on labs in the course.

On our Day 1 Live Session, we have covered Identity Access Management(OCI) basics in OCI.

So, here are some of the Q/A’s asked during the Live session from Module 2: Identity and Access Management(IAM).

Oracle Cloud Infrastructure (OCI) Architect

An Oracle Cloud Infrastructure(OCI) Architect is responsible for implementing, monitoring and maintaining Oracle Cloud solutions, including major services related to ComputeStorageNetworkingDatabase and Security.

OCI Architect

Cloud Services Model

Cloud computing offers different services based on three delivery models. They follow the order of SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a service).

There are three main types of cloud computing services, sometimes called the cloud computing stack, because they build on top of one another.

Cloud Service Model

Also Read: Our blog post on Oracle Cloud Support.

Identity Access Management (IAM)

IAM is used for Authentication & Authorization purposes for various resources used in the OCI environment. It provides access to appropriate users for handling various resources in OCI or restricting unauthorized access to resources.

IAM

IAM lets you control who has access to what cloud resource in OCI. IAM Components includes:

  • Principals
  • Users
  • Groups & Dynamic Groups
  • Policies
  • Compartments

Principal, Users & Groups

Principals are basically of three types:

  1. Root Users: The first user that gets a cloud account when you sign up for Cloud is a root user.
  2. IAM Users: Users created after the root user are called IAM users.
  3. Instance Principals: Instance Principals lets instances (and applications) make API calls against other OCI services

Users & Groups: The user is an individual or an employee who needs to manage different resources in OCI, and every user belongs to single or multiple groups.

Note: Policies are assigned to groups, not to users.

Also Read: Our blog post on OCI Shielded Instances.

Authentication

Authentication (ATN): The process of Identifying yourself, who you are is called Authentication.

There are three ways through which IAM Service authenticates a Principal:

  • Username/password: Signing in to the web console

authentication

  • API Signing Key: Public/Private key pair

api key

  • Auth Token: Oracle generated token strings

auth token

Authorization

Authorization (ATZ): The process of Identifying what actions an authenticated principal can perform is known as Authorization.

Policies are defined with required privileges, and these policies are then associated with the group.

Least privilege principal is applied, that means by default a new user will not have any access unless attached to a group that has the policy to access resource.

Q1. What is Auth Token? Is it available permanently or for a period of time?

Ans. Auth tokens are Oracle-generated token strings that you can use to authenticate with third-party APIs that do not support Oracle Cloud Infrastructure’s signature-based authentication. Each user created in the IAM service automatically has the ability to create, update, and delete their own auth tokens in the Console or the API.

Auth tokens do not expire. Each user can have up to two auth tokens at a time.

Compartment

The compartment is a logical container in which OCI resources reside. A resource in OCI will definitely belong to a Compartment. It is used to provide appropriate access to various resources in OCI. We can have sub-compartments in a compartment.

compartment

When creating resources (compute, storage..etc.), you can decide which compartment to place.

Compartments are global, meaning they span tenancy-wide across Regions. Each resource belongs to a single compartment, but resources can be shared across compartments.

compartment

Q2. Can the resources of one Compartment be accessed by a resource/compute in another Compartment?

Ans. Yes, the resource of one compartment can be accessed by a resource in another compartment if proper policies are applied to the compartment.

Policy

Policies are the statements that specify which user or group can access what resources in OCI. It also provides access to various services to use different services in OCI.

policy

Policies comprise one or more statements that specify which groups can access what resources and at what level of access. Policies are written in human-readable format, for example:

  • Allow the group to in tenancy
  • Allow the group to in compartment where

A policy can be attached to a Compartment or Tenancy.

policies

Q3. How do we create an IAM policy?

Ans. To create the policies:

  1. In the Oracle Cloud Console, open the navigation menu. Under Governance and Administration, point to Identity, and then click Policies.
  2. On the Identity > Policies in x Compartment page, under List Scope > Compartment, select the compartment where you want the policies to reside.
  3. Click the Create Policy button.
  4. In the Create Policy dialogue box, enter the following information:
    • Name: Enter a name for the policy,
    • Description: Enter a description of the policy.
    • Compartment: Select a compartment from the list if you want to create the policy in a different compartment.
    • Policy Builder: Add the policy here
    • Policy Versioning: Select the Keep Policy Current option.
  5. Click the Create button.
  6. To review any policy, click its name on the Policies in x Compartment page.

Q4. Define Tags. How many types of tags are there?

Ans. Tags in OCI is used to provide metadata to the resources so that it is easy to manage them. It can also use for billing purposes (cost tracking tags). There are 2 types of tags Free Form Tags, Defined Tags.

tags

Federation & Dynamic Groups

Federation: This is the relationship built by the administrator between the identity provider and service provider. In this, we are delegating the authentication of the OCI console to another identity provider like IDCS, Microsoft AD or third-party single sign-on service like OKTA.

Dynamic groups allow you to group Oracle Cloud Infrastructure compute instances as “principal” actors (similar to user groups).

federation

Quiz Time (Sample Exam Questions)!

Our [1Z0-1072] Oracle Cloud Infrastructure Architect Associate training program cover 150+ Sample Exam questions to help you prepare for the certification [1Z0-1072].

Ques: You are responsible for setting up access for all the cloud users of a large enterprise. You log in to the Phoenix region and start creating users and policies. You then realize that some users might be creating resources in the Ashburn region.

A) You can assign a region to each of the users at the time of creation.

B) IAM users are global, and non-admin users can add resources to any region by default.

C) You need to log in to each region separately to create users for that particular region.

D) IAM users are global. As an administrator, make sure that you subscribe to the Ashburn region.

The right answer will reveal in Day 2 recap blog.

Feedback

We always work on improving and being the best version of ourselves from the previous session hence constantly ask feedback from our attendees.

Here’s the feedback that we received from our trainees who had attended the session…

P.S. Here’s the response that we received from our trainees who had attended the session…

Here, 2108 in the below screenshots represents August 2021.

feedback

Related/References

Begin Your Cloud Journey

Begin your journey towards becoming a Certified Oracle Cloud Infrastructure Architect and earning a lot more in 2022 by joining our FREE CLASSYou will also know more about the Roles and ResponsibilitiesJob opportunities for OCI Architects in the market, and what to study Including Hands-On labs you must perform to clear the Oracle Cloud Architect Associate Certification (OCI) certification exam by registering for our FREE Masterclass.

Click on the below image to Register Our FREE Class on Master Oracle Cloud (OCI) and Get a Higher Paying Job!

Oracle Cloud Architect

 

Picture of mike

mike

I started my IT career in 2000 as an Oracle DBA/Apps DBA. The first few years were tough (<$100/month), with very little growth. In 2004, I moved to the UK. After working really hard, I landed a job that paid me £2700 per month. In February 2005, I saw a job that was £450 per day, which was nearly 4 times of my then salary.

Recent Posts

Microsoft Agentic AI Business Solutions Architect [AB-100] | K21 Academy

Microsoft Agentic AI Business Solutions Architect [AB-100] | K21 Academy

November 19, 2025
Interview Introduction: How to Introduce yourself in a Job Interview | K21Academy

Interview Introduction: How to Introduce yourself in a Job Interview | K21Academy

November 11, 2025
CrewAI | K21 Academy

CrewAI | K21 Academy

November 7, 2025

Most Popluar Posts

AWS Salary in India 2026: Freshers and Experienced

AWS Salary in India 2026: Freshers and Experienced

October 13, 2025
Top AWS & Azure Cloud Projects in 2026 | K21 Academy

Top AWS & Azure Cloud Projects in 2026 | K21 Academy

September 29, 2025
AWS Cloud Job Oriented Program: Step-by-Step Hands-on Labs & Projects

AWS Cloud Job Oriented Program: Step-by-Step Hands-on Labs & Projects

September 18, 2025
Categories