Your company has been running several small applications in Oracle Cloud Infrastructure and is planning a proof-of-concept (POC) to deploy Oracle PeopleSoft.
If your existing resources are being maintained in the root compartment, what is the recommended approach for defining security for the upcoming POC?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Sure, I'd be happy to help you understand the answer to this question!
Oracle Cloud Infrastructure (OCI) allows you to organize your resources using compartments, which are logical containers that enable you to control access to your resources. Compartments are typically used to group resources that have similar attributes, such as cost center, team, or application.
In this scenario, the company has been running several small applications in OCI and is planning a proof-of-concept (POC) to deploy Oracle PeopleSoft. If the existing resources are being maintained in the root compartment, the recommended approach for defining security for the upcoming POC is to create a new compartment for the POC and grant appropriate permissions to create and manage resources within the compartment.
Option A is therefore the correct answer.
Creating a new compartment for the POC allows you to isolate the POC resources from other resources in the root compartment. This is important for security reasons, as it limits the scope of access that needs to be granted to users and groups. By granting appropriate permissions to create and manage resources within the new compartment, you can ensure that users can only interact with the resources that are relevant to the POC.
Option B, creating a new tenancy, is not necessary in this scenario. A tenancy is a top-level container that OCI creates when you sign up for an account. It is unlikely that the company would need to create a new tenancy just for a POC.
Option C, provisioning all new resources into the root compartment and using defined tags to separate resources that belong to different applications, is not the best approach for this scenario. While defined tags are useful for organizing resources, they do not provide the same level of isolation and control as compartments.
Option D, provisioning all new resources into the root compartment and granting permissions that only allow for creation and management of resources specific to the POC, is also not the best approach for this scenario. By provisioning resources into the root compartment, you are effectively giving users access to all resources in the compartment. This can lead to confusion and potential security risks, as users may accidentally modify or delete resources that are not related to the POC. Creating a new compartment provides a more targeted and secure approach.