Skip to main content


Identity and Access Management (IAM) group has too few members (Automated)


Alert when an IAM group has no members. Increase the number of group members. IAM group membership frequently grants access to resources and features. Group memberships that have too few members might represent excess privileges being "orphaned" (no longer available to any users).


From Console:

  1. Login to OCI console.
  2. Select Identity from Services menu.
  3. Select Groups from Identity menu, or select Domains, select a domain, and select Groups.
  4. Click the name of a group with no members.
  5. Click Assign user to groups.
  6. Select users to assign to the group.
  7. Click Add.
  8. Repeat steps 3-7 for all groups with no members.

From CLI:

  1. Execute the following command to locate user IDs:

    oci iam user list --query 'data[].{"ID":id,"Name":name}' --output table
  2. For each group with no members, execute the following command to assign a user to the group:

    oci iam group add-user --group-id <group_id> --user-id <user_id>