Aqua CSPM

Excessive Policy Statements

Quick Info

Plugin TitleExcessive Policy Statements
CloudORACLE
CategoryIdentity
DescriptionDetermine if there are an excessive number of policy statements in the account
More InfoKeeping the number of policy statements to a minimum helps reduce the chances of compromised accounts causing catastrophic damage to the account. Common statements should be grouped under the same policy.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/policygetstarted.htm
Recommended ActionLimit the number of policy statements to prevent accidental authorizations

Detailed Remediation Steps

  1. Log in to the Oracle Cloud Platform Console.
  2. Scroll down the left navigation panel and choose the “Identity” under the “Governance and Administration.”
  3. On the Identity menu, select the “Policies” option.
  4. On the “Policy” page select the policy by clicking on the “Name” as a link to check the “Policy Statement."
  5. On the “Policy Statement” page, check whether we need all the same “Policy Statement” or not or if there is any duplicacy in the policy statement.
  6. Repeat steps number 2 - 5 to check other “Policies” in the account.
  7. Navigate to “Identity” under the “Governance and Administration” and select the “Policies” settings to remove the “Excessive Policy Statements”.
  8. On the “Policy” page, access the policy by clicking on the “Name” as a link.
  9. On the “Policy Statement” page, click on the “Edit Policy Statements” button to remove the excessive policy statements.
  10. On the “Edit Policy Statements” page, click on the remove icon at the extreme right of the policy statement to remove the selected statement. <img src="/resources/oracle/identity/excessive-policy-statements/step10.png)
  11. Click on the “Save Changes” button at the bottom to make the changes.
  12. Repeat steps number 7 - 11 to limit the number of policy statements to prevent accidental authorizations.