Example Security Configuration for Oracle Data Safe
In this example you can follow Susan, who is a tenancy administrator, while she creates an Oracle Data Safe environment to support two internal projects in her organization.
A company has a tenancy in Oracle Cloud Infrastructure. The tenancy's home region is Germany Central (Frankfurt). A department in the United States has two projects, Project A and Project B, that require Oracle Data Safe to help with auditing and data masking activities respectively. Susan, who is a tenancy administrator, is asked to create an Oracle Data Safe environment to support these projects.
Step 1: Subscribe to the Phoenix region
Susan
signs in to Oracle Cloud Infrastructure and subscribes to the US West (Phoenix) region so that the projects can use a data center based in the United States. Now the tenancy is subscribed to two regions: Frankfurt and Phoenix.
Step 2: Create groups in Oracle Cloud Infrastructure Identity and Access Management (IAM)
In IAM, Susan
creates the following groups:
Data-Safe-Admins
: Members of this group are power users and can access all features and resources in Oracle Data Safe.Susan
adds the user namedAdam
to this group.A-Admins
: Members of this group are responsible for managing Activity Auditing resources for Project A in Oracle Data Safe.Susan
adds the user namedJorge
to this group.B-Admins
: Members of this group are responsible for managing Data Masking resources for Project B in Oracle Data Safe.Susan
adds the user namedCheri
to this group.
Step 3: Designate two compartments for Oracle Data Safe resources
In IAM, Susan
creates two compartments specifically for
Oracle Data Safe resources:
- Project-A
- Project-B
Step 4: Create IAM policies
In IAM, Susan
creates the following policies in the
root
compartment of the tenancy:
- Data-Safe-Admins: This policy is needed so that members of the
Data-Safe-Admins
group can oversee and manage all Oracle Data Safe resources. The policy includes the following statement:Allow group Data-Safe-Admins to manage data-safe-family in tenancy
- Project-A: This policy is needed so that the
A-Admins
group can oversee and manage the Activity Auditing resources for Project A. The policy includes the following statement:Allow group A-Admins to manage data-safe-audit-family in compartment Project-A
- Project-B: This policy is needed so that the
B-Admins
group can oversee and manage the Data Masking resources for Project B. The policy includes the following statement:Allow group B-Admins to manage data-safe-masking-family in compartment Project-B
Step 5: Perform user tasks
Jorge
, who is a member of the A-Admins
group, accesses Activity Auditing in Security Center. He updates an audit policy for a
target database.
Cheri
, who is a member of the B-Admins
group, accesses Data Masking in Security Center. She creates a masking policy using an
existing sensitive data model and masks sensitive data on a target database.