IAM misconfigurations

IAM policy allows full tenancy access to a non-admin group or a service


Permission to manage all resources in a tenancy should be limited to a small number of users in the Administrators group for break-glass situations and to set up users/groups/policies when a tenancy is created. It was detected that IAM policy {OciIamPolicy.Name} allows a non-admin group or service full access to the tenancy. No group other than Administrators in a tenancy and no service should need access to all resources in a tenancy, as this violates the enforcement of the least privilege principle.