Skip to main content

Provision Access to OCI Resources with Resource Groups

After integrating OCI with Lacework, you can create resource groups for OCI resources and manage access to those resources with RBAC. By default, access to OCI resources is not restricted within Lacework. To control and provision access to OCI resources in Lacework with RBAC, follow the optional but recommended steps here.

To configure access, you'll need to create resource groups, users, user groups, and roles with access to the OCI resources collected through the integration.

  1. Create a resource group for the OCI resources collected from the integration. From a conceptual standpoint, resource groups in Lacework align with compartments in OCI. In Lacework, resource groups allow you to manage the scope, compliance views, reporting, and exceptions in Lacework for posture management for resources collectively.

    For more information, see Resource Groups.

  2. Create a role with access to the OCI resource group you created.

  3. Create user accounts and the user groups for those users in Lacework who will have access to OCI resources and detections. Assign the user group access to the role you created that enables access to OCI resources. Generally, the users, user groups, and roles in Lacework should align with the users, users groups, and permissions configured in Azure AD, OCI IAM, or other identity provider you use for OCI.

    See Access Control for more information on provisioning users.