IAM policies should grant only the tenancy administrator group permissions to administer all resources
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
This rule verifies that only the Administrators group has permissions to manage all resources in the tenancy. This permission should be limited to a small number of users for break-glass situations and initial tenancy setup. Granting “manage all-resources” permissions to other groups violates the principle of least privilege and increases the risk of unauthorized access or accidental misconfiguration.
Review and update IAM policies to ensure that only the default Administrators group has permissions to manage all resources at the tenancy level. Remove or modify any policy statements that grant manage all-resources in tenancy permissions to other groups or service principals. For guidance on managing IAM policies, refer to the Managing Policies section of the Oracle Cloud Infrastructure documentation.
