How to Create a read-only user in Oracle Cloud Infrastructure (OCI)

You may require to give read-only user for OCI access to external providers only read privileges on all your Infrastructure resources. 

In this article I will show how to create a user with read-only  privileges.

1. Connect in you Oracle Cloud Infrastructure web console with a administrator user.

2. Create A User.

First step is to create a new read-only user. Go to Sandwitched Menu -> Identity & Security -> Users and click "Create User".

3.  Create A Group.

In OCI, privileges are given to a group, not an user. So you must create a new group to place this account and later we will give the accesses to the group using Policy.

Go to Menu -> Identity & Security -> Group and click "Create Group".

Give the group a Name and a Description.

4. Create Policy.

Now let's create the policies and assign it to the group. Change the compartment root.

Go to Menu -> Identity & Security  -> Policies.

Click "Create Policy" and give the policy a Name, Description.

If you want to give read access to ALL resources, you can simply add the statement:

Allow group group_name to read all-resources in tenancy

Allow group test to read all-resources in tenancy

Our group is test here.

Find Articles on troubleshooting Other OCI issues.

5. Add User to Group.

Go again in Menu -> Identity & Security -> Users, click on the created user. select "Add User to Group".

YOU ARE DONE.