This image shows an example of users and groups in Oracle Cloud Infrastructure (OCI). The outside box is the tenancy. The two main inside boxes are IAM Groups and Frankfurt Region. Inside the IAM Groups box, there are 4 boxes: Tenancy Administrators, IT-Compliance, IT-Security, and Data-Safe-Admins. Inside the Frankfurt Region box, there is an Oracle Data Safe box that contains 3 boxes: IT-Compliance, IT-Security, and Data Safe Admins. Suppose you have an IT Compliance and IT Security group created in IAM. The IT Compliance group is responsible for ensuring legal compliance related to data protection and only needs to use Activity Auditing. The IT Security group is responsible for protecting sensitive data and needs to provide data sets to testers and developers. They require access to the Data Discovery and Data Masking features. With this information, a tenancy administrator creates two groups in IAM called IT-Compliance and IT-Security and assigns the users to their appropriate groups. The administrator creates an IAM policy that grants the IT-Compliance group manage access to Activity Auditing resources. The administrator creates another policy in IAM for the IT-Security group that grants the group manage access to the Data Discovery and Data Masking resources. The administrator creates a group in IAM called Data-Safe-Admins for the power users who need to use all Oracle Data Safe features. The administrator creates a third IAM policy that grants the Data-Safe-Admins group manage access on all Oracle Data Safe resources.

Copyright © Oracle and/or its affiliates.