1. Authorization
1.1. Specifies various Actions
1.1.1. an authenticated Principal can perfomr
1.2. OCI Authorization = Policies
2. Policies
2.1. Written in Human-readable
2.2. Remember all resources in a compartment or tenancy are "Denied"
2.3. Eg
2.3.1. Allow group <group name> to <verb><resource-type>in tenancy
2.3.2. Allow group <group_name> to <verb><resource-type>in compartment <compartment_name> [where <conditions>]
2.4. Policy Attachment
2.4.1. Policies can be attached to a compartment or the tenancy
2.4.2. Where you attach it controls who can then modify it or delete it.
2.4.3. Policy Syntax
2.4.4. Policy Reference
3. IAM
3.1. Identities
3.1.1. Who request
3.1.1.1. Groups
3.1.1.1.1. Users
3.1.1.2. Instances
3.2. Principals
3.2.1. IAM entity interact
3.2.1.1. with OCI Resources
3.2.2. 2 Principals
3.2.2.1. IAM users/ Applications
3.2.2.1.1. Individual people
3.2.2.2. Instance Principals/ Applications
3.2.2.2.1. Make API Calls against other OCI services
4. Authentication
4.1. who is this person?
4.2. Is this who he says he is?
4.3. OCI IAM service authentications
4.3.1. a Principal by
4.3.1.1. User name, Password
4.3.1.2. API Signing Key
4.3.1.2.1. Required when using
4.3.1.3. Auth Token
4.3.1.3.1. Oracle-generated token string to authentication 3rd party APIs
4.3.1.3.2. That do no support OCI signature-based authentication