1z0-1072-23 Exam QuestionsBrowse all questions from this exam
Go to Exam

1z0-1072-23 Exam - Question 21

You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins.

Each admin group has full access over their respective compartments as shown in the graphic below.

Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.

You want to set up a Test compartment for members of the three projects to share. You also need to provide admin access to all three of your existing admin groups.

Which policy would you write to accomplish this task?

Show Answer
Correct Answer: AD

In Oracle Cloud Infrastructure (OCI), there is no recognized entity called 'all-group,' hence options involving it are invalid. To meet the requirement of giving admin access to multiple groups tagged as 'Admin,' you should use 'any-group,' which is valid OCI policy syntax. This syntax ensures that any group tagged as 'Admin' gets administrative rights over the 'Test' compartment.

Discussion

11 comments
Sign in to comment
kaka321Option: D
Sep 24, 2023

A is wrong. D is correct. following the policy syntax. note all-group does not exist but any-group

iggyboo
Sep 26, 2023

Unless I'm missing something, there is no "all-group" in the syntax reference (as poor as Oracle has it though I might have missed it). There are however all-resources/all-<resource> style selectors that can be found. This is concerning though because this isn't the first time that an "Actual" test question had the wrong answer so I suspect there are landmines all over the certification test OR the writers of said test are just as confused because the documentation is all over the place.

SherifciOption: C
Sep 25, 2023

C is the correct answer

antoniosilvanoOption: C
Sep 27, 2023

I think the correct response is "C". Here the documentation: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policysyntax.htm Use any-user with specific role ADMIN

gashforingOption: D
Sep 28, 2023

D is correct answer

alejodazamOption: C
Sep 29, 2023

is in the documentation: https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingaccesswithtags.htm#ariaid-title3#ariaid-title4#ariaid-title32

Hotman1987Option: C
Oct 6, 2023

There is NOTHING called all-group. Search the Oracle Training Guide and check for yourself C is the correct answer (any-user)

gsakeOption: C
Oct 13, 2023

https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingaccesswithtags.htm#ariaid-title3#ariaid-title4#ariaid-title32

AnkojiOption: C
Sep 28, 2023

The answer is "C" refer#https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingaccesswithtags.htm

MopoOption: B
Mar 18, 2024

This policy grants permissions to a dynamic group named "dynamic-group" to manage all resources (all-resources) within the "Test" compartment. The condition "where request.principal.group.tag.EmployeeGroup.Role='Admin'" ensures that only members of the admin groups with the role tag 'Admin' are granted access to manage resources within the Test compartment. Using a dynamic group allows for flexibility as members can be added or removed dynamically based on the group's rules.

a31c737Option: D
Jun 5, 2024

D. There is no all-group syntax in oci

a31c737Option: C
Jun 6, 2024

c. Allow any-user who belongs to a group that has been tagged - admin'