| Plugin Title | Excessive Policy Statements |
| Cloud | ORACLE |
| Category | Identity |
| Description | Determine if there are an excessive number of policy statements in the account |
| More Info | Keeping the number of policy statements to a minimum helps reduce the chances of compromised accounts causing catastrophic damage to the account. Common statements should be grouped under the same policy. |
| ORACLE Link | https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/policygetstarted.htm |
| Recommended Action | Limit the number of policy statements to prevent accidental authorizations |
- Log in to the Oracle Cloud Platform Console.
- Scroll down the left navigation panel and choose the "Identity" under the "Governance and Administration."
- On the Identity menu, select the "Policies" option.
- On the "Policy" page select the policy by clicking on the "Name" as a link to check the "Policy Statement."
- On the "Policy Statement" page, check whether we need all the same "Policy Statement" or not or if there is any duplicacy in the policy statement.
- Repeat steps number 2 - 5 to check other "Policies" in the account.
- Navigate to "Identity" under the "Governance and Administration" and select the "Policies" settings to remove the "Excessive Policy Statements".
- On the "Policy" page, access the policy by clicking on the "Name" as a link.
- On the "Policy Statement" page, click on the "Edit Policy Statements" button to remove the excessive policy statements.
- On the "Edit Policy Statements" page, click on the remove icon at the extreme right of the policy statement to remove the selected statement.
- Click on the "Save Changes" button at the bottom to make the changes.
- Repeat steps number 7 - 11 to limit the number of policy statements to prevent accidental authorizations.
