You want to create a policy to allow the NetworkAdmins group to manage Virtual Cloud Network (VCN) in compartment C. You want to attach this policy to the tenancy. The compartment hierarchy is shown below.
Which policy statement can be used to accomplish this task?
To create a policy that allows the NetworkAdmins group to manage the Virtual Cloud Network (VCN) in compartment C, the policy statement should directly reference compartment C since that is the specific compartment where you want to grant permissions. The correct policy statement is: 'Allow group NetworkAdmins to manage virtual-network-family in compartment C.' This is the required format when you want to specify a single compartment directly, regardless of the nesting hierarchy.
If you attach the policy further up the hierarchy, you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated by a colon: <compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n> To attach this policy to the tenancy, write this policy statement that specifies the path from CompartmentA to CompartmentC: B Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:Compart
B is correct. you have to specify the path if the compartment is further down the hierarchy. If you are assigning the policy to root, you can just simply specify the name of the compartment. https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policies.htm#Policy3
I could not see the diagram but want to believe its a nested compartment scenario A-B-C so if the question only talked about managing compartment C then no need specifying a:b:c compartment