Oracle Cloud Platform Data Integration 2020 Specialist — Question 46

You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa-compartment". Your corporate security standards mandate the use of Resource
Principals for this use case.
Which two statements are needed to implement this use case? (Choose two.)

Answer options

• A. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name= "˜input-bucket'
• B. Set up the following dynamic group for your function's OCID: Name: read-file-dg Rule: resource.id = "˜ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da'
• C. Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects in target.bucket.name= "˜input-bucket'
• D. Set up a policy to grant your user account read access to the bucket: allow user XYZ to read objects in compartment qa-compartment where target.bucket.name= "˜input-bucket'
• E. No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy.

Correct answer: A, C

Explanation

The correct answers, A and C, provide the necessary policies to grant read access to the specific Object Storage bucket for Resource Principals and all functions, respectively. Option B does not directly address access for the function to the bucket, while option D pertains to user access rather than Resource Principals. Option E is inaccurate as default permissions do not apply in this context due to the security requirements.