User Guide
This guide is the starting point for using OCI Policy Analysis after the application is installed. The root README is intentionally a short launch guide; this page and the linked references contain the detail.
Choose an application mode
Desktop application: local Tkinter workflow with the full tabbed interface.
Web application: browser workflow for local or server-hosted use.
CLI: scripted loading, filtering, and export.
MCP: policy and identity queries for MCP clients.
For a capability comparison and the relationship between the modes, see the overview.
First run
Complete the general setup.
Configure OCI authentication and load a tenancy or an existing cache.
Start with the policy analysis workflow described in UI usage.
Core workflows
Policy and identity analysis
The UI supports policy browsing, principal analysis, policy history, workload principals, permissions reports, and cross-tenancy analysis. The UI usage guide describes the available desktop tabs and web pages.
Advanced policy analysis
Simulation evaluates policy statements against OCI API operations.
Recommendations explains risk, overlap, cleanup, and consolidation analysis.
Tag-based policy search covers parsed tag conditions and policy metadata.
OKE workload identity covers namespace and service-account queries.
Limited mode documents restricted web access profiles.
Troubleshooting and deployment
Use logging and troubleshooting for runtime diagnostics. For server deployments, see web setup, MCP container deployment, and MCP OAuth.
Reference map
The architecture page explains the runtime layers and data flow. The API reference documents the maintained Python surface. The MCP examples provide concrete query patterns.