Updated Using Oracle Cloud Infrastructure DNS (markdown)

Using-Oracle-Cloud-Infrastructure-DNS.md

@@ -45,6 +45,22 @@ To issue a wildcard certificate, use::
 acme.sh --issue --dns dns_oci -d example.com -d *.example.com
 ```
 
+## Required IAM service policy
+
+Permissions are required to add and remove DNS records from DNS. Ensure that 
+a policy exists that grants the specified user sufficient permission to create 
+and remove `TXT` records in the target zone(s) in the tenancy.
+
+Here is an example policy that grants all DNS operations in all zones in the 
+tenancy for all members of a specific user group: 
+
+```
+Allow group <GroupName> to manage dns in tenancy <TenancyName>
+```
+
+If you're new to policies, see [Getting Started with Policies][POLS] and [Common Policies][CPOLS]. 
+For more details about policies for DNS, see [Details for the DNS Service][DNSPOL].
+
 ## Security recommendations
 
 The **[Oracle Cloud Infrastructure Security Guide][OSG]** details the recommended
@@ -72,3 +88,7 @@ any issues or bugs.
 [GHS]: https://docs.github.com/en/actions/reference/encrypted-secrets
 [REGS]: https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm#top
 [CLIVARS]: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clienvironmentvariables.htm
+[IAM]: https://docs.oracle.com/en-us/iaas/Content/DNS/Concepts/dnszonemanagement.htm#Required_IAM_Service_Policy
+[POLS]: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm#Getting_Started_with_Policies
+[CPOLS]: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/commonpolicies.htm#top
+[DNSPOL]: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/dnspolicyreference.htm#Details_for_the_DNS_Service