SQL Firewall Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on the following SQL Firewall resources.

data-safe-sql-firewall-family Resource

The data-safe-sql-firewall-family resource represents all Oracle Data Safe resources that pertain to SQL Firewall. The resources are as follows:

Common resources for which information can be found in the Administering Oracle Data Safe guide:

• data-safe
• data-safe-private-endpoints
• onprem-connectors
• data-safe-work-requests
• target-databases
• data-safe-audit-policies
• data-safe-reports
• data-safe-report-definitions

SQL Firewall resources:

• data-safe-database-security-configs
• data-safe-security-policies
• data-safe-security-policy-deployments
• data-safe-sql-collections
• data-safe-sql-firewall-policies
• data-safe-sql-firewall-allowed-sqls
• data-safe-sql-firewall-violations

The following table describes the permissions that you can assign to a group for the data-safe-sql-firewall-family resource.

Permission	Description
inspect	The user group can list all SQL Firewall resources in a specified compartment.
read or use	The user group can list and view properties for all SQL Firewall resources in a specified compartment
manage	The user group can do the following: List, view properties for, create, update, delete, and move (to another compartment) all SQL Firewall resources in a specified compartment. Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases Read work requests in Oracle Data Safe.

data-safe-database-security-configs Resource

The data-safe-database-security-configs resource represents security configurations for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-database-security-configs resource.

Permission	Description
inspect	The user group can list database security configurations.
read or use	The user group can list and view details for database security configurations.
manage	The user group can list, view details for, update, and move (to another compartment) database security configurations.

data-safe-security-policies Resource

The data-safe-security-policies resource represents the security policies for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-security-policies resource.

Permission	Description
read or use	The user group can list and view details for database security policies.
inspect	The user group can list database security policies.
manage	The user group can list, view details for, create, update, and move (to another compartment) database security policies.

data-safe-security-policy-deployments Resource

The data-safe-security-policy-deployments resource represents the state of the deployment of a security policy on a target. This resource provides mapping for all target databases to all security policies, such as a SQL Firewall policy.

The following table describes the permissions available for the data-safe-security-policy-deployments resource.

Permission	Description
inspect	The user group can list database security policy deployments.
read or use	The user group can list and view details for database security policy deployments.
manage	The user group can list, view details for, create, update, and move (to another compartment) database security policy deployments.

data-safe-sql-collections Resource

The data-safe-sql-collections resource represents the SQL collections for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-collections resource.

Permission	Description
inspect	The user group can list the SQL collections.
read or use	The user group can list and view details for the SQL collections.
manage	The user group can list, view details for, create, update, delete, and move (to another compartment) the SQL collections.

data-safe-sql-firewall-policies Resource

The data-safe-sql-firewall-policies resource represents the SQL Firewall policies for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-policies resource.

Permission	Description
inspect	The user group can list the SQL Firewall policies.
read or use	The user group can list and view details for the SQL Firewall policies.
manage	The user group can list, view details for, create, update, delete, and move (to another compartment) the SQL Firewall policies.

data-safe-sql-firewall-allowed-sqls Resource

The data-safe-sql-firewall-allowed-sqls resource represents the list of allowed SQL statements for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-allowed-sqls resource.

Permission	Description
inspect	The user group can list the allowed SQL statements.
read	The user group can list and view details for the allowed SQL statements.

data-safe-sql-firewall-violations Resource

The data-safe-sql-firewall-violations resource represents the SQL and context violations for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-violations resource.

Permission	Description
inspect	The user group can list the SQL and context violations.
read	The user group can list and view details for the SQL and context violations.