SQL Firewall Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on individual SQL Firewall resources. As an alternative to selectively granting permissions, you can grant permissions on the data-safe-sql-firewall-family resource in relevant compartments, which includes permissions on all SQL Firewall related resources.

data-safe-sql-firewall-family Resource

The data-safe-sql-firewall-family resource includes all Oracle Data Safe resources related to SQL Firewall as well as target registration, Activity Auditing, security policies, and common resources.

SQL Firewall resources:

• data-safe-database-security-configs

• data-safe-sql-collections

• data-safe-sql-firewall-allowed-sqls

• data-safe-sql-firewall-policies

• data-safe-sql-firewall-violations

Target registration resources:

• data-safe-private-endpoints

• onprem-connectors

• target-database-group

• target-databases

Activity Auditing resource:

• data-safe-audit-policies

Security policies resources:

• data-safe-security-policies

• data-safe-security-policy-configs

• data-safe-security-policy-deployments

Common resources:

• data-safe

• data-safe-attribute-sets

• data-safe-report-definitions

• data-safe-reports

• data-safe-work-requests

The following table describes the permissions that you can assign to a group for the data-safe-sql-firewall-family resource.

Permission	Description
inspect	The user group can list all SQL Firewall resources in a specified compartment.
read or use	The user group can list and view properties for all SQL Firewall resources in a specified compartment
manage	The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) all SQL Firewall resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe.

data-safe-database-security-configs Resource

The data-safe-database-security-configs resource represents security configurations for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-database-security-configs resource.

Permission	Description
inspect	The user group can list database security configurations.
read or use	The user group can list and view details for database security configurations.
manage	The user group can list, view details for, update, and move (to another compartment) database security configurations.

data-safe-sql-collections Resource

The data-safe-sql-collections resource represents the SQL collections for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-collections resource.

Permission	Description
inspect	The user group can list the SQL collections.
read or use	The user group can list and view details for the SQL collections.
manage	The user group can list, view details for, create, update, delete, and move (to another compartment) the SQL collections.

data-safe-sql-firewall-policies Resource

The data-safe-sql-firewall-policies resource represents the SQL Firewall policies for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-policies resource.

Permission	Description
inspect	The user group can list the SQL Firewall policies.
read or use	The user group can list and view details for the SQL Firewall policies.
manage	The user group can list, view details for, create, update, delete, and move (to another compartment) the SQL Firewall policies.

data-safe-sql-firewall-allowed-sqls Resource

The data-safe-sql-firewall-allowed-sqls resource represents the list of allowed SQL statements for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-allowed-sqls resource.

Permission	Description
inspect	The user group can list the allowed SQL statements.
read	The user group can list and view details for the allowed SQL statements.

data-safe-sql-firewall-violations Resource

The data-safe-sql-firewall-violations resource represents the SQL and context violations for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-violations resource.

Permission	Description
inspect	The user group can list the SQL and context violations.
read	The user group can list and view details for the SQL and context violations.