Allow Group "group 1, 2, 3..." to "action" "resource name" in compartment "compartment_name"
Action options: inspect (list only), read (read metadata and and list resources), use (access resources), manage (full access)
Resource names: objects, load balancers, virtual network family (vcn, subnet, route tables, security lists), instance family, and volume family)
You can use this feature to create multiple sub accounts with in your account/tenancy. The second highest level of access within your Oracle cloud is compartment. The compartments are typically used to separate your production, test, etc. environment. This level allows you to completely separate firewall, network, storage, and servers.
Here are some examples on how to separate your Oracle cloud account into multiple sub accounts: