Create an OKE User Group and Policies

In your OCI tenancy that's associated with Compute Cloud@Customer, create a user group and policies that authorize users to use OKE.

You need at least one OKE user group with OKE policies that authorizethe users to use OKE. You need to create separate OKE user groups to authorize different users to use OKE in different compartments.

This procedure assumes the following conditions:

• Your intended OKE administrators already have OCI user accounts.
• You tenancy is configured with Identity Domains. If you're not sure which type of identity service you're using, see Determining the Tenancy Type. If your tenancy isn't using Identity Domains, create a group and policies as described in Managing Groups (without Identity Domains).

1. Create an OKE user group that includes all users who manage OKE resources.

   For instructions, see Creating a Group.

2. Create the following policies for the group.

   See IAM Policies Overview and Creating a Policy.

   Include the manage cluster-family authorization in the user group policy. The following is an example policy for an OKE user group. Depending on your organization, for example if you have a separate team who manage network resources, some of the following "manage" authorizations could be "read" or "use" authorizations, or you might need to add authorizations.

   allow group group-name to read all-resources in tenancy
   allow group group-name to manage cluster-family in compartment compartment-name
   allow group group-name to manage instance-family in compartment compartment-name
   allow group group-name to manage network-load-balancers in compartment compartment-name
   allow group group-name to manage virtual-network-family in compartment compartment-name

What's Next:

Create a Cluster Dynamic Group and Policies