Allow resources (i.e OAC) to be added to group which then can be assigned via policy. This would allow the policy to be written with a group vs any-user.
https://docs.oracle.com/en/cloud/paas/analytics-cloud/acapi/prerequisites.html
Security team will not allow a policy with "any-user" to be written in production environment
