👀 Views: 1624 💬 Answers: 1 📅 Created: 2025-06-12

OCI IAM policy bash

Hey everyone, I'm running into an issue that's driving me crazy. I tried several approaches but none seem to work. I'm working with an scenario where my fine-grained IAM policies in OCI don't seem to be taking effect as expected. I've defined a policy that should allow access to a specific compartment for a group, but users in that group are still receiving permission errors. Here's the policy I've created: ```plaintext Allow group myGroup to inspect compartments in compartment myCompartment Allow group myGroup to use instances in compartment myCompartment ``` Despite the policy being defined, when I run a command to list instances using the OCI CLI, I get the following behavior: ``` behavior: You do not have permission to perform the requested operation. ``` I've double-checked the compartment ID and confirmed that users are indeed members of `myGroup`. I've also used the `oci iam policy list` command to verify that my policy is active and correctly applied. To rule out permission issues, I tried using the OCI Console to grant broader permissions temporarily, and that worked without any question. In addition, I made sure that there are no deny rules in any of the policies that might override this allowance. Here's the command I used to list instances: ```bash oci compute instance list --compartment-id <myCompartmentID> ``` I'm not sure where the scenario lies—could it be a delay in policy propagation, or is there something I'm missing in my IAM setup? Any insights would be greatly appreciated! This is part of a larger service I'm building. I'm using Bash 3.10 in this project. Has anyone else encountered this?