Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Severity :

...

Medium

Description:

...

This control ensures that OCI block volumes are protected against unintended and malicious deletion by unauthorized groups and users. Access privilege for IAM users/groups for resources types in volume-family should be configured with least privilege. Access policies for volumeusers and groups should replace statements for permission for VOLUME_DELETE, VOLUME_BACKUP_DELETE or VOLUME_ATTACHMENT_DELETE with statement request.permission != {VOLUME_DELETE, VOLUME_BACKUP_DELETE, VOLUME_ATTACHMENT_DELETE}.

Remediation Steps:

Perform following to update bucket access policies :

  1. Login to the OCI console at https://www.oracle.com/cloud/sign-in.html .

  2. In the navigation, Click Identity & Security.

  3. Under Identity, click Policies.

  4. Select the compartment and then reported policy .  The policy's details and statements are displayed.

  5. Click Edit Policy Statements.

  6. In Policy Builder Select Basic or Advance editor to update the policy statements with request.permission != {VOLUME_DELETE, VOLUME_BACKUP_DELETE, VOLUME_ATTACHMENT_DELETE}.

  7. Click Save Changes.

Important:

Reference: