OCI-005 Oracle Cloud Infrastructure (OCI)

IAM policies follow least privilege (no broad 'manage all-resources').

IAM policies follow least privilege (no broad 'manage all-resources').

Domain
Oracle Cloud Infrastructure (OCI)
Area
IAM
Automated / manual
Automated

Risk if it fails

Over-broad policies maximise blast radius.

A policy letting a group manage everything means compromising any member of that group hands the attacker the entire tenancy.

How Tess tests it

1 test — each concludes only on cited evidence.

IAM policies follow least privilege (no broad 'manage all-resources').

Automated
Procedure
Enumerate policies and flag 'manage all-resources in tenancy' statements.

Read-only command 

oci iam policy list --compartment-id <tenancy-ocid> --all --query 'data[].{name:name,statements:statements}'

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal.

Want Tess to test OCI-005 against your evidence?

Book a demo