You can use Oracle Data Safe to identify and protect sensitive and regulated data in Autonomous Transaction Processing dedicated databases. You do this by registering your dedicated database with Data Safe. Then, you can go to the Data Safe console directly from the Details page of your dedicated database.
Oracle Data Safe helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements. It provides the following set of features in a single, easy-to-use management console:
Security Assessment helps you assess the security of your database configuration.
User Assessment helps you assess the security of your database users and identify high risk users.
Data Discovery helps you find sensitive data in your database.
Data Masking provides a way for you to mask sensitive data so that the data is safe for non-production purposes.
Activity Auditing lets you audit user activity on your database so you can monitor database usage and be alerted of unusual database activities.
For more information about using Data Safe, see Oracle Data Safe Overview.
Register or Deregister a Dedicated Database with Data Safe
To use Oracle Data Safe, you register your dedicated database with Oracle Data Safe. To discontinue using it, you deregister your dedicated database.
Before You Begin
Before you can register your dedicated database with Data Safe, Data Safe must be configured to access databases in your dedicated infrastructure configuration, as described in Create an Oracle Data Safe Private Endpoint. Usually this one-time configuration is performed by the fleet administrator of the dedicated infrastructure configuration in coordination with the network administrator of the tenancy.
If Database Vault is enabled on the dedicated database you are registering or deregistering, you need to perform special steps to accommodate the additional database security provided by Database Vault:
To register or deregister, the Database Vault Account Manager must first grant specific access rights to the
ADMINdatabase user, as described in Register an Autonomous Database on Dedicated Exadata Infrastructure. After the registration or deregistration operation completes, the Database Vault Account Manager can revoke these rights and so restore the Database Vault configuration to its previous state.
After registering, the Database Vault Owner must grant specific access rights to the
DS$ADMINdatabase user, as described in Grant Roles to the Oracle Data Safe Service Account on Your Autonomous Database.
Go to the Details page of the Autonomous Transaction Processing dedicated database you want to register or deregister with Oracle Data Safe.
For instructions, see View Details of an Autonomous Transaction Processing Dedicated Database.
On the Details page, under Data Safe, click register or deregister depending on the status of the database.
A confirmation dialog box is displayed.
Enter the password of the
ADMINdatabase user and then click Confirm to start the registration or deregistration operation.
You can track completion of the operation using its work request, as described in Use Work Requests to Monitor Long-Running Operations.