Forum Stats

  • 3,838,832 Users
  • 2,262,403 Discussions


You are not authorized to access Cloud Shell. The tenancy admin must add a policy to grant your acce

User602170-Oracle Member Posts: 9 Employee

Trying to start the lab. 1st step is to create the SSH keys. For doing that I need to open the Cloud Shell so I select the workshop compartment and click on the Cloud Shell button.

The issue is that I cannot open the Cloud shell due to this reason:

"You are not authorized to access Cloud Shell. The tenancy admin must add a policy to grant your access."

I guess all grants should be already applied in order to start asap with the lab.

How I can get this grant?

Could you please help?




  • floo_bar
    floo_bar Member Posts: 55 Blue Ribbon


    I am not sure we tried the same lab but I got the same error when using "Get Started with Oracle Cloud Infrastructure Core Services Workshop" with option "Reserve Workshop on LiveLabs".

    Is anybody aware of any problem regarding this workshop?

    Thank you for your help :-)

  • User_5QHGV
    User_5QHGV Member Posts: 1 Red Ribbon

    Hey try adding this command in your oci-admin-group policy by logging into your root

    Allow group <group-name> to use cloud-shell in tenancy

  • User_Y9C19
    User_Y9C19 Posts: 1 Employee

    Hello everyone, I am also new employee of Oracle,

    1) You need to go in the hamburger menu on the top-left corner and pick a "Identy & Security"

    2) Find on the screen Policies and go in

    3) On the left side from drop-down menu chose your root compartment "IMPORTANT"

    4) Then click "create policy"

    5) Write your name and description like you want

    6) Chose from drop-down list root Compartment , it's very important .

    7)check manual editor and type command inside "Allow group <group-name> to use cloud-shell in tenancy"

    Note: If you don't remember you can come back and check it your group Name , and paste inside " < >"

  • User_YATK6
    User_YATK6 Member Posts: 1 Green Ribbon

    Hello, I'm having the same problem, even when I create the policy, doesn't allow me to use cloud-shell, I can use all the other resources but not the cloud-shell some one know how to solve this.

  • kenan z
    kenan z Member Posts: 6 Blue Ribbon
    edited Nov 27, 2021 8:05PM

    Hello. I faced up the same problem, and I found the solution.

    My Scenario

    • user: test_user
    • group: test_group
    • compartment: test_compartment

    The test_user is member of test_group and MANAGE resources in test_compartment. Problem: test_user cannot use cloud-shell.


    First connect as administrator to OCI. Administrators group can also do anything in any of the compartments in the tenancy.

    Create policy in root compartment: allow group test_group to use cloud-shell in tenancy

    By the concept of policy inheritance test_compartment will inherit policy from root compartment. In other words user test_user will get permission to use cloud-shell from parent compartment.

    I hope you will find this useful.


  • Raul
    Raul Member Posts: 19 Blue Ribbon

    Hi everyone!

    I've spent some time to realize that we have to issue the command above in the root compartment (which means).

    Menu > Identity > Policies > Compartment. Here you pick the root compartment and finally click [Create Policy]

    Thank you every body for the question and for the answers!

    = )

  • Raul
    Raul Member Posts: 19 Blue Ribbon