Security Zone Integration

This topic describes the Database service's support of security zones. Security zones are compartments in your tenancy created with a set of security policies called a security recipe. This topic concentrates on the Oracle-managed Maximum Security Recipe, which provides the highest level of protection for your Database resources. The policies of a particular security recipe are applied to any resource that is provisioned or moved into a security zone compartment that uses the recipe. Thus, the only way to apply security zone policies is to control the compartment assignments of your Oracle Cloud Infrastructure resources.

For a complete overview of security zones, see the Security Zone section of the Oracle Cloud Infrastructure user guide.

Restrictions on Database Service Resources Located in Maximum Security Recipe Compartments

The Maximum Security Recipe includes all available security zone policies. For example, restrictions placed on a databases in a Maximum Security Recipe compartments include:

    • The database cannot allow public network access
    • The database must have automatic backups enabled
    • The database cannot have Data Guard associations that aren't located in security zone compartments
For a complete list of the Database restrictions implemented by the Maximum Security Recipe, see the Security Zone Policies topic.

Supported Database Service Resources

The following Database service resources can be provisioned and managed in security zones that use the Maximum Security Recipe:

  • Autonomous Database: Databases using dedicated Exadata infrastructure and using shared Exadata infrastructure with private endpoint access
  • Bare metal and virtual machine DB systems
  • Exadata Cloud DB systems

Always Free Autonomous Databases, Autonomous Database configured with public endpoints, and the Exadata Cloud@Customer service are not compatible with Maximum Security Recipe compartments.