1. IAM
1.1. Identities
1.1.1. Who request
1.1.1.1. Groups
1.1.1.1.1. Users
1.1.1.2. Instances
1.2. Principals
1.2.1. IAM entity interact
1.2.1.1. with OCI Resources
1.2.2. 2 Principals
1.2.2.1. IAM users/ Applications
1.2.2.1.1. Individual people
1.2.2.2. Instance Principals/ Applications
1.2.2.2.1. Make API Calls against other OCI services
2. Authentication
2.1. who is this person?
2.2. Is this who he says he is?
2.3. OCI IAM service authentications
2.3.1. a Principal by
2.3.1.1. User name, Password
2.3.1.2. API Signing Key
2.3.1.2.1. Required when using
2.3.1.3. Auth Token
2.3.1.3.1. Oracle-generated token string to authentication 3rd party APIs
2.3.1.3.2. That do no support OCI signature-based authentication
3. Authorization
3.1. Specifies various Actions
3.1.1. an authenticated Principal can perfomr
3.2. OCI Authorization = Policies
4. Policies
4.1. Written in Human-readable
4.2. Remember all resources in a compartment or tenancy are "Denied"
4.3. Eg
4.3.1. Allow group <group name> to <verb><resource-type>in tenancy
4.3.2. Allow group <group_name> to <verb><resource-type>in compartment <compartment_name> [where <conditions>]
4.4. Policy Attachment
4.4.1. Policies can be attached to a compartment or the tenancy
4.4.2. Where you attach it controls who can then modify it or delete it.
4.4.3. Policy Syntax
4.4.4. Policy Reference