Identity domain users with tenancy administrator permissions should not have API keys

oracle-cloud-infrastructure
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Oracle Cloud identity domain users with tenancy administrator permissions should not have API keys. Administrator accounts with API keys present an elevated security risk, as compromised keys provide programmatic access with full administrative privileges. Removing API keys from administrator accounts reduces the attack surface and enforces the principle of least privilege.

Note: Only active users in a default identity domain who are members of the Administrators group are assessed.

Remediation

Remove API keys from users with tenancy administrator permissions. Consider using alternative authentication methods or creating separate service accounts with limited permissions for programmatic access. For guidance on managing API keys, refer to the Working with API Keys section in the Oracle Cloud Infrastructure Documentation.