IAM policies should grant only the tenancy administrator group permissions to administer all resources

oracle-cloud-infrastructure
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This rule verifies that only the Administrators group has permissions to manage all resources in the tenancy. This permission should be limited to a small number of users for break-glass situations and initial tenancy setup. Granting “manage all-resources” permissions to other groups violates the principle of least privilege and increases the risk of unauthorized access or accidental misconfiguration.

Remediation

Review and update IAM policies to ensure that only the default Administrators group has permissions to manage all resources at the tenancy level. Remove or modify any policy statements that grant manage all-resources in tenancy permissions to other groups or service principals. For guidance on managing IAM policies, refer to the Managing Policies section of the Oracle Cloud Infrastructure documentation.