Security and User Assessment Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on the following Activity Auditing resources. The data-safe-work-requests resources is required if a user group needs to set baselines or compare assessments. As an alternative to selectively granting permissions, you can grant permissions on data-safe-assessment-family in the relevant compartments, which would include permissions on all of the resources below and target registration permissions.

data-safe-assessment-family Resource

The data-safe-assessment-family resource represents all the Oracle Data Safe resources that pertain to User Assessment and Security Assessment. The resources are as follows:

  • data-safe
  • data-safe-private-endpoints
  • onprem-connectors
  • target-databases
  • user-assessments
  • security-assessments
  • data-safe-work-requests
  • data-safe-security-policy-reports

The following table describes the permissions that you can assign to a group for the data-safe-assessment-family resource.

Permission Description
inspect The user group can list all Security Assessment and User Assessment resources in a specified compartment.
read or use The user group can list and view properties for all Security Assessment and User Assessment resources in a specified compartment.
manage The user group can do the following:
  • List, view properties for, create, update, delete, and move (to another compartment) Security Assessment and User Assessment resources in a specified compartment.
  • Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases.
  • Read work requests in Oracle Data Safe.

security-assessments Resource

The security-assessments resource represents all Security Assessment resources in Oracle Data Safe.

The following table describes the permissions available for the security-assessments resource.

Permission Description
inspect

The user group can list Security Assessment resources.
read or use

The user group can list and view properties for Security Assessment resources.
manage

The user group can perform all tasks in Security Assessment, including the following:

  • List and view properties for Security Assessment resources
  • Create, update, delete, and move (to another compartment) security assessments
  • Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports

user-assessments Resource

The user-assessments resource represents all User Assessment resources in Oracle Data Safe.

The following table describes the permissions available for the user-assessments resource.

Permission Description
inspect

The user group can list User Assessment resources.
read or use

The user group can list and view properties for User Assessment resources.
manage

The user group can perform all tasks in User Assessment, including the following:

  • List and view properties for User Assessment resources
  • Create, update, delete, and move (to another compartment) user assessments
  • Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports

data-safe-security-policy-reports Resource

The data-safe-security-policy-reports resource represents the security policy reports that provide you with the details about the schemas and tables that a user has access to as well as what privileges the user was granted on these schemas and tables. This information is available in User Assessment in Oracle Data Safe.

The following table describes the permissions available for the data-safe-security-policy-reports resource.

Permission Description
inspect

The user group can list the security policy reports available in User Assessment.
read or use

The user group can list and view properties for the security policy reports available in User Assessment.