Permissions to Register an Oracle Cloud Database with Oracle Data Safe

To register an Oracle Cloud Database with Oracle Data Safe, a user group requires permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM) to do the following:

• Access the Oracle Cloud Database:

  allow group <group-name> to manage database-family in compartment <compartment-name>
  allow group <group-name> to inspect vnics in tenancy

• (Exadata Cloud Service only) Inspect cloud virtual machine clusters in the tenancy:

  allow group <group-name> to inspect cloud-vmclusters in tenancy

• Register a target database with Oracle Data Safe:

  allow group <group-name> to manage target-databases in compartment <compartment-name>

• (Target database with private IP address) Use or create an Oracle Data Safe private endpoint: The user group requires at least the use permission on an Oracle Data Safe private endpoint and on the underlying virtual networking resources of the private endpoint for the relevant compartments. For example, the following statements allow a group to create a private endpoint:

  allow group <group-name> to manage data-safe-private-endpoints in compartment <compartment-name>
  allow group <group-name> to manage virtual-network-family in compartment <compartment-name>

  If the group already has an Oracle Data Safe private endpoint and wants to reuse it, then replace manage with use in the statements above.

For more information about the resources and their permissions, see OCI Resources for Oracle Data Safe.