Security Policy Resources
An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on individual security policy resources. As an alternative to selectively granting permissions, you can grant permissions on the data-safe-unified-audit-policy-family resource in relevant compartments, which includes permissions on all security policy related resources.
data-safe-unified-audit-policy-family Resource
The data-safe-unified-audit-policy-family resource includes all Oracle Data Safe resources related to security policies as well as target registration and common resources.
Security policy resources:
Target registration resources:
Common resources:
The following table describes the permissions that you can assign to a group for the data-safe-unified-audit-policy-family resource.
| Permission | Description |
|---|---|
inspect |
The user group can list all unified audit policy, security policy and security policy deployment resources in a specified compartment. |
read or use |
The user group can list and view properties for all unified audit policy, security policy and security policy deployment resources in a specified compartment. |
manage |
The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) all unified audit policy, security policy and security policy deployment resource resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe. |
data-safe-unified-audit-policies Resource
The data-safe-unified-audit-policies resource represents unified audit policies for target database groups and target databases in Security policies.
The following table describes the permissions available for the data-safe-unified-audit-policies resource.
| Permission | Description |
|---|---|
inspect |
The user group can list unified audit policy resources in the specified compartment. |
read or use |
The user group can list and view all the properties of unified audit policy resources in the compartment. |
manage |
The user group can create, update, delete, list, view all the properties, import policies from database (bulk create), and move (to another compartment) unified audit policy resources in the compartment. |
data-safe-unified-audit-policy-definitions Resource
The data-safe-unified-audit-policy-definitions resource represents the unified audit policy definitions for target databases in Security policies.
The following table describes the permissions available for the data-safe-unified-audit-policy-definitions resource.
| Permission | Description |
|---|---|
inspect |
The user group can list unified audit policy definition resources in the specified compartment. |
read or use |
The user group can list and view all the properties of unified audit policy definition resources in the compartment. |
manage |
The user group can create, update, delete, list, view all the properties and move (to another compartment) unified audit policy definition resources in the compartment. |
data-safe-security-policies Resource
The data-safe-security-policies resource represents the security policies for target databases in SQL Firewall.
The following table describes the permissions available for the data-safe-security-policies resource.
| Permission | Description |
|---|---|
read or use |
The user group can list and view details for database security policies. |
inspect |
The user group can list database security policies. |
manage |
The user group can list, view details for, create, update, delete, and move (to another compartment) database security policies. |
data-safe-security-policy-configs Resource
The data-safe-security-policy-configs resource represents security configurations, for unified audit policies and SQL Firewall, for target databases in Security policies.
The following table describes the permissions available for the data-safe-security-policy-configs resource.
| Permission | Description |
|---|---|
inspect |
The user group can list security policy configurations. |
read or use |
The user group can list and view details for security policy configurations. |
manage |
The user group can list, view details for, update, delete, and move (to another compartment) security policy configurations. |
data-safe-security-policy-deployments Resource
The data-safe-security-policy-deployments resource represents the state of the deployment of a security policy on a target. This resource provides mapping for all target databases to all security policies, such as a SQL Firewall policy.
The following table describes the permissions available for the data-safe-security-policy-deployments resource.
| Permission | Description |
|---|---|
inspect |
The user group can list database security policy deployments. |
read or use |
The user group can list and view details for database security policy deployments. |
manage |
The user group can list, view details for, create, update, refresh, deploy, delete, and move (to another compartment) database security policy deployments. |