Register an Autonomous AI Database

You can register Autonomous AI Databases as target databases in Oracle Data Safe.

Use the Autonomous AI Databases wizard in Oracle Data Safe to register the following Autonomous AI Databases:

  • Oracle Autonomous AI Database Serverless with secure access from everywhere
  • Oracle Autonomous AI Database Serverless with secure access from allowed IPs and VCNs only
  • Oracle Autonomous AI Database Serverless with Private endpoint access only (requires an Oracle Data Safe private endpoint)
  • Oracle Autonomous AI Database on Dedicated Exadata Infrastructure (requires an Oracle Data Safe private endpoint)
  • Oracle Database@Azure - Oracle Autonomous AI Database (requires an Oracle Data Safe private endpoint)
  • Oracle Database@Google Cloud - Oracle Autonomous AI Database (requires an Oracle Data Safe private endpoint)

Note:

Be sure to complete the preregistration tasks before using the wizard and the post-registration tasks afterward.

Preregistration Tasks

The following table lists the preregistration tasks for an Autonomous AI Database.

Task Number Task Link to Instructions
1 Obtain permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM) to register your target database. Permissions to Register an Autonomous AI Database with Oracle Data Safe
2 (For Autonomous AI Database on Dedicated Exadata Infrastructure) Obtain the ADMIN password for your database because you need it during target database registration. If Database Vault is enabled on the database, connect to your database as a user with the DV_ACCTMGR role and temporarily grant the DV_ACCTMGR role to the ADMIN user. (none)

Run the Autonomous AI Databases Wizard

The following sections detail the workflow in the Autonomous AI Databases registration wizard.

Step 1: Select database

  1. On the Overview page in Oracle Data Safe, find Autonomous AI Databases, and then select Start wizard.
    The wizard opens on Step 1, Select database.
  2. Select the compartment where your database resides.
  3. Select the database that you want to register.
    You can select only one database.
    The wizard automatically fills in the Oracle Data Safe target display name and compartment. If you want to register the database in a compartment other than the compartment where the database is stored, select a different compartment.
  4. Enter a target display name that is meaningful to you. Oracle Data Safe uses this name in its reports.
  5. (Optional) Enter a description that is meaningful to you.
  6. (Optional) To add a tag to organize and track this resource in your tenancy, select Add tag. Select a namespace, select a key, and enter a key value.
  7. (For an Autonomous AI Database on Dedicated Exadata Infrastructure only) Enter the database credentials for the ADMIN user to unlock the Oracle Data Safe service account (DS$ADMIN) in the database. This step does not apply to Oracle Autonomous AI Database Serverless.

    Note:

    The credentials requested here are for the database ADMIN user, not those of the Oracle Data Safe service account in the database.
  8. Select Next.

Step 2: Connectivity option

If you are registering a database that is configured to use a private IP address, then an Oracle Data Safe private endpoint is required.

If an Oracle Data Safe private endpoint for the virtual cloud network (VCN) of the database already exists, the wizard automatically selects it. If none exists, then in the Private endpoint information section, provide the basic information the wizard needs to create a new Oracle Data Safe private endpoint for the database.
  1. Enter a display name for the Oracle Data Safe private endpoint if you don't want to use the preassigned name.
  2. Select a compartment for the private endpoint.
  3. Select the compartment in which the VCN resides, and then select the VCN name.
  4. Select the compartment in which the subnet resides, and then select the subnet name.
  5. (Optional) Enter a Private IP address.
  6. Review all of the parameter values, and then select Next.

Step 3: Add security rule

This step applies if you are using an Oracle Data Safe private endpoint. To allow communication between an Autonomous AI Database and an Oracle Data Safe private endpoint, you must create both an ingress security rule and an egress security rule in Oracle Cloud Infrastructure (OCI). You can allow the wizard to create the rules for you, create them manually in OCI (see Security Rules for Autonomous AI Databases), or skip this step if you already have security rules you want to use. The ingress and egress rules do not need to be in the same security list, network security group (NSG), or compartment. The target database remains inactive in Oracle Data Safe until the required security rules are configured.

See Also:

For more information about security lists and network security groups, see Access and Security in the Oracle Cloud Infrastructure documentation.
  1. To bypass security rule configuration, select No.
  2. To allow the wizard to configure the security rules, select Yes. For both the ingress and egress security rule configuration, select Security list or Network security group, and then select the name of the security list or NSG. You can change the compartment if needed. The wizard displays the rules that will be added.
  3. Select Next to continue in the wizard.

Step 4: Review and submit

The Review and submit page displays the configuration for the previous steps in the wizard.

To review the target database configuration:
  1. If the information is correct, select Register.
  2. If the information is incorrect, select Previous to return to any of the earlier steps, or select Close to cancel the registration.

Step 5: Registration progress

After you select Register in the wizard, you can monitor the progress of the target registration. Each task is listed and processed sequentially. If any errors occur, they are displayed. You can select Previous to return to earlier pages and correct them.

Important:

Do not select the Close button in the wizard, sign out of OCI, or close the browser tab until the wizard shows that all of the tasks listed are resolved. If you close prematurely, then the information for all of the tasks that have not yet been completed is lost and the target database is not registered.

If there is no further work to do, the registration completes, and the wizard presents the Target database information page. Here you can again review the registration details and complete any post-registration tasks as required.

Post Registration Tasks

The following table lists tasks that you need to complete after you run the Autonomous AI Databases registration wizard.

Task Number Task Link to Instructions
1

(Optional) Change which features are allowed for the Oracle Data Safe service account on your target database by granting/revoking roles from the account. You need to be a PDB administrator (ADMIN) or a user that has execute permission on the DS_TARGET_UTIL package. During target registration, all roles are already granted by default, except for DS$DATA_MASKING_ROLE.

Grant Roles to the Oracle Data Safe Service Account on Your Target Database
2

(Optional) Grant users access to Oracle Data Safe features with the target database by configuring policies in Oracle Cloud Infrastructure Identity and Access Management.

Create IAM Policies for Oracle Data Safe Users
3

(Autonomous AI Database on Dedicated Exadata Infrastructure only) If Database Vault is enabled on your target database, connect to your target database as a user with the DV_ACCTMGR role and revoke the DV_ACCTMGR role from the ADMIN user.

(none)