An Oracle Cloud Infrastructure tenancy administrator is not able to delete a user in the tenancy.
What can cause this issue?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
In Oracle Cloud Infrastructure (OCI), the tenancy administrator is responsible for managing the tenancy and its resources. This includes creating and managing users, groups, policies, and other IAM-related resources. However, in some cases, the tenancy administrator may not be able to delete a user in the tenancy. Let's go through the options given in the question to understand what could be causing this issue:
A. User has multi-factor authentication (MFA) enabled: If a user has MFA enabled, it means that the user has an extra layer of security for their account. This could be a hardware token or a software application that generates a one-time password. If a user has MFA enabled, the tenancy administrator cannot delete the user directly. Instead, the user needs to disable MFA first and then the tenancy administrator can delete the user.
B. User is a member of an Identity and Access Management (IAM) group: In OCI, IAM groups are used to group users and define policies that apply to all users in the group. If a user is a member of an IAM group, the tenancy administrator cannot delete the user directly. Instead, the user needs to be removed from the group first and then the tenancy administrator can delete the user.
C. Users can be blocked but not deleted: This option is incorrect. In OCI, users can be deleted, but there may be certain conditions that need to be met before a user can be deleted (as mentioned in options A and B).
D. User needs to be deleted from federation Identity Provider (IdP) before deleting from IAM: If a user is created using a federation IdP, such as Microsoft Active Directory Federation Services (ADFS), the user cannot be deleted directly from OCI. Instead, the user needs to be deleted from the IdP first and then the tenancy administrator can delete the user from OCI.
In summary, options A, B, and D could all cause the tenancy administrator to not be able to delete a user in the tenancy. However, the most likely scenario is that the user has MFA enabled or is a member of an IAM group. The tenancy administrator needs to disable MFA or remove the user from the group before being able to delete the user.