OCI IAM Console: Best Practice for EPM Group Creation
Summary: Recommended setup for group security in OCI IAM Console
Content (required): We would like to start setting up groups for when our Classic EPM Gen1 users get imported into the Gen2 OCI IAM Console and transition them out of the individually assigned cloud service instances and into the groups .
Our current strategy is to form the groups based on EPM's predefined roles; user, viewer, power user, and service admin.
All groups would inherit access to all applications and since EPM application security is derived from teams and groups, the user will only see data to the applicable application if they are assigned to a team via that app's Access Control.