1. Administering Oracle Data Safe
  2. Oracle Data Safe Security
  3. Example Security Configuration for Oracle Data Safe

Example Security Configuration for Oracle Data Safe

In this example you can follow Susan, who is a tenancy administrator, while she creates an Oracle Data Safe environment to support two internal projects in her organization.

A company has a tenancy in Oracle Cloud Infrastructure. The tenancy's home region is Germany Central (Frankfurt). A department in the United States has two projects, Project A and Project B, that require Oracle Data Safe to help with auditing and data masking activities respectively. Susan, who is a tenancy administrator, is asked to create an Oracle Data Safe environment to support these projects.

Step 1: Subscribe to the Phoenix region

Susan signs in to Oracle Cloud Infrastructure and subscribes to the US West (Phoenix) region so that the projects can use a data center based in the United States. Now the tenancy is subscribed to two regions: Frankfurt and Phoenix.

Step 2: Create groups in Oracle Cloud Infrastructure Identity and Access Management (IAM)

In IAM, Susan creates the following groups:

  • Data-Safe-Admins: Members of this group are power users and can access all features and resources in Oracle Data Safe. Susan adds the user named Adam to this group.
  • A-Admins: Members of this group are responsible for managing Activity Auditing resources for Project A in Oracle Data Safe. Susan adds the user named Jorge to this group.
  • B-Admins: Members of this group are responsible for managing Data Masking resources for Project B in Oracle Data Safe. Susan adds the user named Cheri to this group.

Step 3: Designate two compartments for Oracle Data Safe resources

In IAM, Susan creates two compartments specifically for Oracle Data Safe resources:

  • Project-A
  • Project-B

Step 4: Create IAM policies

In IAM, Susan creates the following policies in the root compartment of the tenancy:

  • Data-Safe-Admins: This policy is needed so that members of the Data-Safe-Admins group can oversee and manage all Oracle Data Safe resources. The policy includes the following statement: 
    Allow group Data-Safe-Admins to manage data-safe-family in tenancy
  • Project-A: This policy is needed so that the A-Admins group can oversee and manage the Activity Auditing resources for Project A. The policy includes the following statement:
    Allow group A-Admins to manage data-safe-audit-family in compartment Project-A
  • Project-B: This policy is needed so that the B-Admins group can oversee and manage the Data Masking resources for Project B. The policy includes the following statement:
    Allow group B-Admins to manage data-safe-masking-family in compartment Project-B

Step 5: Perform user tasks

Jorge, who is a member of the A-Admins group, accesses Activity Auditing in Security Center. He updates an audit policy for a target database.

Cheri, who is a member of the B-Admins group, accesses Data Masking in Security Center. She creates a masking policy using an existing sensitive data model and masks sensitive data on a target database.