OCI: PSM and OCI subnet policies

To allow a subnet to be referenced from PSM, for example when provisioning a DBCS, navigate to the OCI console and:

Set the compartment context.

Navigate in Governance => Identity => Policy and create the following 4 statements

Allow service PSM to inspect vcns in compartment <compartment>
Allow service PSM to use subnets in compartment <compartment>
Allow service PSM to use vnics in compartment <compartment>
Allow service PSM to manage security-lists in compartment <compartment>

Reference:

https://docs.cloud.oracle.com/iaas/Content/General/Reference/PaaSprereqs.htm#prereqs