Create an Oracle Data Safe Administrators Group

One of the first administration tasks a tenancy administrator has when implementing Oracle Data Safe in a region, is to create an Oracle Data Safe administrators group in Oracle Cloud Infrastructure Identity and Access Management (IAM). This group is needed so that the administrators can grant privileges to other users from the Oracle Data Safe Console.

  1. As a tenancy administrator, access IAM in Oracle Cloud Infrastructure.
  2. Create a group specifically for Oracle Data Safe administrators and add the users to the group that you want to administer Oracle Data Safe.
  3. Create a policy for the Oracle Data Safe administrators group that allows the group to manage data-safe and inspect groups in the tenancy. The following examples show you different ways to do this.
    • Option 1: To allow the Data-Safe-Admins group to enable and manage Oracle Data Safe in any region of a tenancy, the policy might be as follows. Note that the group cannot manage all resources in the tenancy with this permission.
      Allow group Data-Safe-Admins to manage data-safe in tenancy
      Allow group Data-Safe-Admins to inspect groups in tenancy
    • Option 2: To grant the Data-Safe-Admins group all permissions on all resources in a tenancy, the policy might be:
      Allow group Data-Safe-Admins to manage all-resources in tenancy
      Allow group Data-Safe-Admins to inspect groups in tenancy
    • Option 3: To allow a Data-Safe-Admins group to enable and manage Oracle Data Safe only in the us-phoenix-1 region of a tenancy, include a where clause in your policy statement:
      Allow group Data-Safe-Admins to manage data-safe in tenancy where request.region='phx'
      Allow group Data-Safe-Admins to inspect groups in tenancy