- Resource: A cloud object that a company’s employees create and use when interacting with OCI services, for example, compute instances, block storage volumes, virtual cloud networks (VCNs), subnets, and route tables. Each resource is assigned with a unique, Oracle assigned identifier called Oracle Cloud ID (OCID)
- Policy: A set of authorization rules that define access to resources within a tenancy.
- Compartment: A heterogeneous collection of resources for the purposes of security isolation and access control.
- Tenancy: The root compartment that contains all of an organization’s resources. Within a tenancy, administrators can create one or more compartments, create more users and groups, and assign policies that grant groups the ability to use resources within a compartment.
- User: A human being or system that needs access to manage their resources. Users must be added to groups in order to access resources. Users have one or more credentials that must be used to authenticate to Oracle Cloud Infrastructure services. Federated users are also supported.
- Group: A collection of users who share a similar set of access privileges. Administrators can grant access policies that authorize a group to consume or manage resources within a tenancy. All users in a group inherit the same set of privileges.
- Identity Provider: A trusted relationship with a federated identity provider. Federated users who attempt to authenticate to the Oracle Cloud Infrastructure console are redirected to the configured identity provider. After successfully authenticating, federated users can manage Oracle Cloud Infrastructure resources in the console just like a native IAM user. Currently, Oracle Cloud Infrastructure supports the SAML-2 compliant Oracle Identity Cloud Service (IDCS) and Microsoft Active Directory Federation Service (ADFS) as identity providers. Federated groups are mapped to native IAM groups to define the policies apply to a federated user.
Quick reference terms from OCI IAM
Orama.blog 