Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Quota Enforcement

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: OCI-FileStorage-005

Ensure Oracle Cloud Infrastructure (OCI) File Storage systems have quota enforcement enabled in order to control costs and manage capacity by limiting the storage consumption of individual users, groups, or the entire file system. This prevents a single user or runaway process from consuming excessive resources and helps with resource allocation and billing management.

Cost
optimisation

Quotas control the amounts of storage space that can be consumed by a specific user, by a group, or at overall file system level. Enabling quota enforcement in Oracle Cloud Infrastructure (OCI) File Storage ensures controlled resource usage by preventing any single user or application from consuming excessive storage, thereby maintaining fairness, avoiding unexpected costs, and protecting service performance across all tenants.

Audit

To determine if OCI File Storage quota enforcement is enabled for your file systems, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to File Storage console available at https://cloud.oracle.com/fss/.

  3. In the left navigation panel, choose File Systems, and select an OCI compartment from the Compartment dropdown menu, to list the file systems provisioned in that compartment.

  4. Click on the name (link) of the file system that you want to examine, listed in the Name column.

  5. Select the File System information tab, and check the Quota enforcement state attribute value, listed in the Quota section, to determine if quota enforcement is enabled for the selected resource. If Quota enforcement state is set to Disabled, the Quota Enforcement feature is not enabled for the selected Oracle Cloud Infrastructure (OCI) File Storage system.

Using OCI CLI

  1. Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:

    oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'

  2. The command output should return the requested OCI compartment identifiers (OCIDs):

    [
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

  3. Run fs file-system list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, to list the ID of each File Storage system provisioned in the selected OCI compartment:

    oci fs file-system list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--availability-domain 'ABC1:AB-ABC123-1-BC-1'
	--all
	--query 'data[]."id"'

  4. The command output should return the requested file system IDs:

    [
	"ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

  5. Run fs file-system get command (Windows/macOS/Linux) to determine if quota enforcement is enabled for the selected OCI File Storage system:

    oci fs file-system get
	--file-system-id 'ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--query 'data."quota-enforcement-state"'

  6. The command output should return the quota enforcement status for the selected file system:

    "DISABLED"

    If the fs file-system get command output returns "DISABLED", as shown in the example above, the Quota Enforcement feature is not enabled for the selected Oracle Cloud Infrastructure (OCI) File Storage system.

Remediation / Resolution

To enable quota enforcement for your Oracle Cloud Infrastructure (OCI) File Storage systems, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to File Storage console available at https://cloud.oracle.com/fss/.

  3. In the left navigation panel, choose File Systems, and select an OCI compartment from the Compartment dropdown menu, to list the file systems provisioned in that compartment.

  4. Click on the name (link) of the file system that you want to configure, listed in the Name column.

  5. Choose Enable quota from the resource top menu, and perform the following actions to enable the Quota Enforcement feature for the selected File Storage system. In the Enable quota confirmation box, choose Enable to turn on the feature.

Using OCI CLI

  1. Run fs file-system toggle-quota-rules command (Windows/macOS/Linux) to enable quota enforcement for your Oracle Cloud Infrastructure (OCI) File Storage system by setting the --are-quota-rules-enabled parameter to true:

    oci fs file-system toggle-quota-rules
	--file-system-id ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd
	--are-quota-rules-enabled true

  2. The command output should return the configuration information (including tags) available for the modified file system:

    {
	"etag": "aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd--gzip"
}

References

Publication date Nov 12, 2025

Related OCI-FileStorage rules