Tenancy administrator user with API keys


Tenancy administrator users have full access to the organization's OCI tenancy, and in particular, to all the resources within it. API keys associated with user accounts are used to invoke OCI APIs via custom programs or clients like CLI/SDKs. Clients are typically used for performing day-to-day operations and should never require full tenancy access. It was detected that the tenancy administrator user {OciUser.Name} has an API key associated.
  • Recommended Mitigation

    It is recommended to delete any associated keys for tenancy administrator users. For performing day-to-day operations tenancy administrator access is not needed, service-level administrative users with API keys should be used instead.