Security Assessment and User Assessment Resources
An administrator in Oracle Cloud Infrastructure Identity and Access
Management (IAM) can grant permissions as needed on individual Security Assessment
and User Assessment resources. As an alternative to selectively granting
permissions, you can grant permissions on the
data-safe-assessment-family resource in relevant
compartments, which includes permissions on all Security Assessment and User
Assessment related resources.
data-safe-assessment-family Resource
The data-safe-assessment-family resource includes all
Oracle Data Safe resources related to Security Assessment and User Assessment as
well as target registration, security policies, and common resources.
Security Assessment and User Assessment resources:
Target registration resources:
Common resources:
data-safedata-safe-work-requests
The following table describes the permissions that you can assign to a group for the data-safe-assessment-family resource.
| Permission | Description |
|---|---|
inspect |
The user group can list all Security Assessment and User Assessment resources in a specified compartment. |
read or use |
The user group can list and view properties for all Security Assessment and User Assessment resources in a specified compartment. |
manage |
The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) Security Assessment and User Assessment resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe. |
data-safe-security-policy-reports Resource
The data-safe-security-policy-reports resource represents
the security policy reports that provide you with the details about the schemas and
tables that a user has access to as well as what privileges the user was granted on
these schemas and tables. This information is available in User Assessment in Oracle Data Safe.
The following table describes the permissions available for the
data-safe-security-policy-reports resource.
| Permission | Description |
|---|---|
inspect |
The user group can list the security policy reports available in User Assessment. |
read or use |
The user group can list and view properties for the security policy reports available in User Assessment. |
security-assessments Resource
The security-assessments resource represents all
Security Assessment resources in Oracle Data Safe.
The following table describes the permissions available for the
security-assessments resource.
| Permission | Description |
|---|---|
inspect |
The user group can list Security Assessment resources. |
read or
use |
The user group can list and view properties for Security Assessment resources. |
manage |
The user group can perform all tasks in Security Assessment, including the following: 1) List and view properties for Security Assessment resources. 2) Create, update, delete, and move (to another compartment) security assessments. Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports. |
user-assessments Resource
The user-assessments resource represents all User
Assessment resources in Oracle Data Safe.
The following table describes the permissions available for the
user-assessments resource.
| Permission | Description |
|---|---|
inspect |
The user group can list User Assessment resources. |
read or
use |
The user group can list and view properties for User Assessment resources. |
manage |
The user group can perform all tasks in User Assessment, including the following: 1) List and view properties for User Assessment resources. 2) Create, update, delete, and move (to another compartment) user assessments. 3) Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports. |