Permission to Access a Specific Resource
Each Oracle Data Safe family resource consists of several resources that pertain to that feature. In most cases, you can grant a user group the inspect
, read
, use
, or manage
permission on any one of those specific resources, rather than grant the group access to all the resources in the family.
- The
inspect
permission allows a user group to view the list of resource objects. For example, if a group hasinspect
permission on thedata-safe-audit-policies
resource, then that group can view the list of audit policies in Security Center. They cannot, however, click on an audit policy and view its details. - The
read
permission allows a user group to view the list of resource objects and view their properties. Using our previous example, the user group can click on an audit policy and view its details. - The
use
permission includes theread
permission plus the ability to work with existing resources (the actions vary by resource type). It includes the ability to update the resource, except for resource-types where the update operation has the same effective impact as the create operation, in which case the update ability is available only with themanage
verb. In general, this verb does not include the ability to create or delete that type of resource. - The
manage
permission generally grants the user group full permission on the resource (list, view, update, create, delete, and move). Using our previous example, if the group has themanage
permission, it can list and view details for audit policies, as well as update, create, delete, and move them.
Keep in mind that all four permissions (inspect, read, use, and manage) may not be available for all resources. And, sometimes the manage
permission grants only a subset of operations (for example: list, read, update, create, delete, and/or move). Therefore, it's best to refer to the resource itself to understand what is possible.
Here are three examples:
- Example 1: Create a policy for a user group that allows the group to list
resource objects in Security Center. For example, the following policy statement
allows a user group named
IT-Security
to view the list of audit profiles in the compartment namedInfo-Tech
.allow group IT-Security to inspect data-safe-audit-profiles in compartment Info-Tech
- Example 2: Create a policy for a user group that allows the group to list and view properties for a resource. For example, the following policy statement allows a user group named
IT-Security
to list and view properties for audit profiles in the compartment namedInfo-Tech
.allow group IT-Security to read data-safe-audit-profiles in compartment Info-Tech
- Example 3: Create a policy for a user group that allows the group to
manage a resource. For example, the following policy statement allows a user
group named
IT-Security
to manage audit profiles in the compartment namedInfo-Tech
.allow group IT-Security to manage data-safe-audit-profiles in compartment Info-Tech