Security Policy Resources
An administrator in Oracle Cloud Infrastructure Identity and Access
Management (IAM) can grant permissions as needed on individual security policy
resources. As an alternative to selectively granting permissions, you can grant
permissions on the data-safe-unified-audit-policy-family resource
in relevant compartments, which includes permissions on all security policy related
resources.
data-safe-unified-audit-policy-family Resource
The data-safe-unified-audit-policy-family resource includes
all Oracle Data Safe resources related to security policies as well as target
registration and common resources.
Security policy resources:
data-safe-unified-audit-policiesdata-safe-unified-audit-policy-definitionsdata-safe-security-policiesdata-safe-security-policy-configsdata-safe-security-policy-deployments
Target registration resources:
Common resources:
The following table describes the permissions that you can assign to a group
for the data-safe-unified-audit-policy-family resource.
| Permission | Description |
|---|---|
inspect |
The user group can list all unified audit policy, security policy and security policy deployment resources in a specified compartment. |
read or use |
The user group can list and view properties for all unified audit policy, security policy and security policy deployment resources in a specified compartment. |
manage |
The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) all unified audit policy, security policy and security policy deployment resource resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe. |
data-safe-unified-audit-policies Resource
The data-safe-unified-audit-policies resource represents
unified audit policies for target database groups and target databases in Security
policies.
The following table describes the permissions available for the
data-safe-unified-audit-policies resource.
| Permission | Description |
|---|---|
inspect |
The user group can list unified audit policy resources in the specified compartment. |
read or use |
The user group can list and view all the properties of unified audit policy resources in the compartment. |
manage |
The user group can create, update, delete, list, view all the properties, import policies from database (bulk create), and move (to another compartment) unified audit policy resources in the compartment. |
data-safe-unified-audit-policy-definitions Resource
The data-safe-unified-audit-policy-definitions resource
represents the unified audit policy definitions for target databases in Security
policies.
The following table describes the permissions available for the
data-safe-unified-audit-policy-definitions resource.
| Permission | Description |
|---|---|
inspect |
The user group can list unified audit policy definition resources in the specified compartment. |
read or use |
The user group can list and view all the properties of unified audit policy definition resources in the compartment. |
manage |
The user group can create, update, delete, list, view all the properties and move (to another compartment) unified audit policy definition resources in the compartment. |
data-safe-security-policies Resource
The data-safe-security-policies resource represents the security
policies for target databases in SQL Firewall.
The following table describes the permissions available for the
data-safe-security-policies resource.
| Permission | Description |
|---|---|
read or use |
The user group can list and view details for database security policies. |
inspect |
The user group can list database security policies. |
manage |
The user group can list, view details for, create, update, delete, and move (to another compartment) database security policies. |
data-safe-security-policy-configs Resource
The data-safe-security-policy-configs resource represents
security configurations, for unified audit policies and SQL Firewall, for target
databases in Security policies.
The following table describes the permissions available for the
data-safe-security-policy-configs resource.
| Permission | Description |
|---|---|
inspect |
The user group can list security policy configurations. |
read or use |
The user group can list and view details for security policy configurations. |
manage |
The user group can list, view details for, update, delete, and move (to another compartment) security policy configurations. |
data-safe-security-policy-deployments Resource
The data-safe-security-policy-deployments resource represents the state
of the deployment of a security policy on a target. This resource provides mapping for
all target databases to all security policies, such as a SQL Firewall policy.
The following table describes the permissions available for the
data-safe-security-policy-deployments resource.
| Permission | Description |
|---|---|
inspect |
The user group can list database security policy deployments. |
read or use |
The user group can list and view details for database security policy deployments. |
manage |
The user group can list, view details for, create, update, refresh, deploy, delete, and move (to another compartment) database security policy deployments. |