Register an Autonomous Database
You can register Autonomous Databases as target databases for Oracle Data Safe.
In Oracle Data Safe, use the Autonomous Databases wizard to register the following Autonomous Databases:
- Oracle Autonomous Database Serverless with Secure Access from Everywhere
- Oracle Autonomous Database Serverless with Secure Access from allowed IPs and VCNs only
- Oracle Autonomous Database Serverless with Private VCN Access (requires a Data Safe private endpoint)
- Autonomous Database on Dedicated Exadata Infrastructure (requires a Data Safe private endpoint)
Note:
Be sure to complete the preregistration tasks before using the wizard and the post registration tasks after using the wizard.Preregistration Tasks for an Autonomous Database
The following table lists the preregistration tasks.
Task Number | Task | Link to Instructions |
---|---|---|
1 | Obtain permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM) to register your target database. | Permissions to Register an Autonomous Database with Oracle Data Safe |
2 | (For Autonomous Database on Dedicated Exadata Infrastructure)
|
(none) |
Run the Autonomous Databases Wizard
There is some variation in the workflow in the wizard, depending on whether the Autonomous Database you select is configured to run on serverless or dedicated Exadata infrastructure and (in the case of serverless infrastructure) if network access is via public or private IP. The wizard detects these configuration settings in the Autonomous Database you have selected and adjusts the steps accordingly. For example, if the database is configured with a public IP to be securely accessible from everywhere, then the steps to select a connectivity option and add a security rule are not needed and are skipped.
This is the Autonomous Database registration workflow:
Step 2: Connectivity Option
If you are registering a target database that is configured to use a private IP address, then an Oracle Data Safe private endpoint is required.
If an Oracle Data Safe private endpoint for the VCN of the database already exists, the wizard automatically selects it for you. If none exists, then in the Private Endpoint Information form the wizard prompts for the basic information in needs to create a new Oracle Data Safe private endpoint for the target database. The name, VCN, and subnet are preassigned. You can change any of the parameters entered into the form.Step 3: Add Security Rule
In this step, add the required security rules. To allow communication from Oracle Data Safe to your database, you need to add two security rules:
- Ingress rule for the database: Allow the database to receive incoming traffic on its port from the private IP address of the Oracle Data Safe private endpoint (from any port).
- Egress rule for the Oracle Data Safe private endpoint: Allow the Oracle Data Safe private endpoint (from any port) to send requests to the database IP address(es) on the database's port.
The ingress and egress rules do not need to be stored within the same security list, network security group, or same compartment. If you already created the necessary security rules, you can choose to skip this step.
See Also:
For more information about security lists and network security groups, see Access and Security in the Oracle Cloud Infrastructure documentation.Step 4. Review and Submit
If you configured a target database that uses a private IP address, the Review and Submit page displays the configuration for Target Database Information, Connectivity Option, and Security Rules.
If you configured a target database that uses a public IP address, you did not need to configure a connectivity option or security rules, so this summary of the configuration shows only the following information, all of which you selected in Step 1:
- Display Name of Selected Database
- Compartment for Target
- Data Safe Target Display Name
- Description
- Review the target database configuration.
- If the information is correct, click Register. If not, click Previous to return to any of the earlier steps, or click Cancel.
Step 5. Registration Progress
Important:
Do not click the Close button in the wizard, sign out of OCI, or close the browser tab until the wizard shows that all of the tasks listed are resolved. If you close prematurely, then the information for all of the tasks that have not yet been completed is lost and the target database is not registered. Use the Close button to exit the page if an error occurs in the registration process.When Registration is Complete
The wizard presents the Target Database Details page when the registration is finished. On this page you can again review the registration details. Options on this page that are not available for the selected target database are grayed out. For Autonmous Database, the options available are on the More Actions tab. You can change the compartment where the registration is store, add tags, or deregister the target database.
The database icon on the left indicates the current status of the registration process.
Post Registration Tasks for an Autonomous Database
The following table lists tasks that you need to complete after you run the Autonomous Databases wizard.
Task Number | Task | Link to Instructions |
---|---|---|
1 |
(Optional) Change which features are allowed for the Oracle Data Safe service account on your target database by granting/revoking
roles from the account. You need to be a PDB administrator
( Note: During target registration, all roles are already granted by default, except forDS$DATA_MASKING_ROLE .
|
Grant Roles to the Oracle Data Safe Service Account on Your Target Database |
2 |
(Optional) Grant users access to Oracle Data Safe features with the target database by configuring policies in Oracle Cloud Infrastructure Identity and Access Management. |
Create IAM Policies for Oracle Data Safe Users |
3 |
(Autonomous Database on Dedicated Exadata Infrastructure only) If
Database Vault is enabled on your target database, connect to your
target database as a user with the |
(none) |