You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named “input-bucket” in compartment “qa-compartment”. Your corporate security standards mandate the use of Resource Principals for this use case.
Which two statements are needed to implement this use case? (Choose two.)
Select all that apply, then click Submit answer.
-
○
Set up a policy with the following statement to grant read access to the bucket:
allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name='input-bucket' -
○
No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy
-
○
Set up a policy to grant your user account read access to the bucket:
allow user XYZ to read objects in compartment qa-compartment where target.bucket.name='input-bucket' -
○
Set up a policy to grant all functions read access to the bucket:
allow all functions in compartment qa-compartment to read objects in target.bucket.name='input-bucket' -
○
Set up the following dynamic group for your function’s OCID:
Name: read-file-dg
Rule: resource.id = 'ocid1. fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da'
