Identity domain users with tenancy administrator permissions should not have API keys

oracle-cloud-infrastructure
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

Oracle Cloud identity domain users with tenancy administrator permissions should not have API keys. Administrator accounts with API keys present an elevated security risk, as compromised keys provide programmatic access with full administrative privileges. Removing API keys from administrator accounts reduces the attack surface and enforces the principle of least privilege.

Note: Only active users in a default identity domain who are members of the Administrators group are assessed.

Remediation

Remove API keys from users with tenancy administrator permissions. Consider using alternative authentication methods or creating separate service accounts with limited permissions for programmatic access. For guidance on managing API keys, refer to the Working with API Keys section in the Oracle Cloud Infrastructure Documentation.