Activity Auditing Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on individual Activity Auditing resources. As an alternative to selectively granting permissions, you can grant permissions on the data-safe-audit-family resource in relevant compartments, which includes permissions on all Activity Auditing related resources.

data-safe-audit-family Resource

The data-safe-audit-family resource includes all Oracle Data Safe resources related to Activity Auditing as well as target registration, security policies, and common resources.

Activity Auditing resources:

Target registration resources:

Security policies resources:

Common resources:

The following table describes the permissions that you can assign to a group for the data-safe-audit-family resource.

Permission Description
inspect The user group can list all Activity Auditing resources in a specified compartment.
read or use The user group can list and view properties for all Activity Auditing resources in a specified compartment.
manage The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) all Activity Auditing resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe.

data-safe-archive-retrievals Resource

The data-safe-archive-retrievals resource represents archive data retrieval objects in Activity Auditing.

The following table describes the permissions available for the data-safe-archive-retrieval resource.

Permission Description
inspect

The user group can list archive data retrievals.
read or use

The user group can list and view details for archive data retrievals.
manage The user group can list, view details for, create, update, delete, and move (to another compartment) archive data retrievals. The group can also retrieve archive audit data and return it back to the archive.

data-safe-audit-events Resource

The data-safe-audit-events resource represents audit events for target databases in Activity Auditing.

The following table describes the permissions available for the data-safe-audit-events resource.

Permission Description
inspect

The user group can list audit events.
read

The user group can list and view details for audit events.

data-safe-audit-policies Resource

The data-safe-audit-policies resource represents audit policies for target databases in Activity Auditing.

The following table describes the permissions available for the data-safe-audit-policies resource.

Permission Description
inspect The user group can list audit policies.
read or use The user group can list and view details for audit policies.
manage The user group can list, view details for, create, update, delete, and move (to another compartment) audit policies.

data-safe-audit-profiles Resource

The data-safe-audit-profiles resource represents audit profiles for target databases in Activity Auditing.

The following table describes the permissions available for the data-safe-audit-profiles resource.

Permission Description
inspect The user group can list audit profiles.
read or use The user group can list and view details for audit profiles.
manage The user group can list, view details for, create, update, delete, and move (to another compartment) audit profiles. A user can update the online and offline retention periods and paid usage setting.

data-safe-audit-trails Resource

The data-safe-audit-trails resource represents audit trails for target databases in Activity Auditing.

The following table describes the permissions available for the data-safe-audit-trails resource.

Permission Description
inspect The user group can list audit trails.
read or use The user group can list and view details for audit trails.
manage The user group can list, view details for, create, update, delete, and move (to another compartment) audit trails.