Security Policies Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on the following Security policy resources.

data-safe-unified-audit-policy-family Resource

The data-safe-unified-audit-policy-family resource represents all Oracle Data Safe resources that pertain to unified audit policies as part of the Security policies feature. The resources are as follows:

Common resources for which information can be found in the Administering Oracle Data Safe guide:

• data-safe Resource
• data-safe-private-endpoints Resource
• onprem-connectors Resource
• data-safe-work-requests Resource
• target-databases Resource
• data-safe-attribute-sets Resource

Security policy and unified audit policy resources:

• data-safe-unified-audit-policies Resource
• data-safe-unified-audit-policy-definitions Resource
• data-safe-security-policies Resource
• data-safe-security-policy-configs Resource
• data-safe-security-policy-deployments Resource

The following table describes the permissions that you can assign to a group for the data-safe-unified-audit-policy-family resource.

Permission	Description
inspect	The user group can list all unified audit policy, security policy & security policy deployment resources in a specified compartment.
read or use	The user group can list and view properties for all unified audit policy, security policy & security policy deployment resources in a specified compartment.
manage	The user group can do the following: List, view properties for, create, update, delete, and move (to another compartment) all unified audit policy, security policy & security policy deployment resource resources in a specified compartment. Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases Read work requests in Oracle Data Safe.

data-safe-unified-audit-policies Resource

The data-safe-unified-audit-policies resource represents unified audit policies for target database groups and target databases in Security policies.

The following table describes the permissions available for the data-safe-unified-audit-policies resource.

Permission	Description
inspect	The user group can list unified audit policy resources in the specified compartment.
read or use	The user group can list and view all the properties of unified audit policy resources in the compartment.
manage	The user group can create, update, delete, list, view all the properties, import policies from database (bulk create), and move (to another compartment) unified audit policy resources in the compartment.

data-safe-unified-audit-policy-definitions Resource

The data-safe-unified-audit-policy-definitions resource represents the unified audit policy definitions for target databases in Security policies.

The following table describes the permissions available for the data-safe-unified-audit-policy-definitions resource.

Permission	Description
inspect	The user group can list unified audit policy definition resources in the specified compartment.
read or use	The user group can list and view all the properties of unified audit policy definition resources in the compartment.
manage	The user group can create, update, delete, list, view all the properties and move (to another compartment) unified audit policy definition resources in the compartment.

data-safe-security-policies Resource

The data-safe-security-policies resource represents the security policies for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-security-policies resource.

Permission	Description
read or use	The user group can list and view details for database security policies.
inspect	The user group can list database security policies.
manage	The user group can list, view details for, create, update, delete, and move (to another compartment) database security policies.

data-safe-security-policy-configs Resource

The data-safe-security-policy-configs resource represents security configurations, for unified audit policies and SQL Firewall, for target databases in Security policies.

The following table describes the permissions available for the data-safe-security-policy-configs resource.

Permission	Description
inspect	The user group can list security policy configurations.
read or use	The user group can list and view details for security policy configurations.
manage	The user group can list, view details for, update, delete, and move (to another compartment) security policy configurations.

data-safe-security-policy-deployments Resource

The data-safe-security-policy-deployments resource represents the state of the deployment of a security policy on a target. This resource provides mapping for all target databases to all security policies, such as a SQL Firewall policy.

The following table describes the permissions available for the data-safe-security-policy-deployments resource.

Permission	Description
inspect	The user group can list database security policy deployments.
read or use	The user group can list and view details for database security policy deployments.
manage	The user group can list, view details for, create, update, refresh, deploy, delete, and move (to another compartment) database security policy deployments.