Complete information about using the Policy Builder and templates is found in Writing Policy Statements with the Policy Builder.
See also how policies work, policy syntax, and policy reference.
Name: Enter a name for the policy, for example, bds-net-admin.
Description: Enter a description for the policy.
Compartment: Select a compartment from the list to create the policy in a different compartment.
Policy Builder: Select the toggle on the Policy Builder box. Copy the following and paste it into the text box:
allow service bdsprod to {VCN_READ, VNIC_READ, VNIC_ATTACH, VNIC_CREATE, SUBNET_READ, SUBNET_ATTACH, VNIC_DETACH, VNIC_DELETE, SUBNET_DETACH} in compartment bds-learnVCN_READ right to the compartment the VCN belongs to, and grant the other rights to the compartment the subnet belongs Show manual editor to.Additionally, if you're using customer-managed encryption keys, copy and paste them into the text box:
allow service blockstorage to use keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow service bdsprod to use key-delegate in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow service bdsprod to read keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow group <user-group> to use key-delegate in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'
allow service objectstorage to use keys in compartment <name_of_compartment> where target.key.id='<ocid_of_key>'For more information about creating groups, users, and policies, see Overview of Oracle Cloud Infrastructure Identity and Access Management in the Oracle Cloud Infrastructure documentation.