SQL Firewall Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on individual SQL Firewall resources. As an alternative to selectively granting permissions, you can grant permissions on the data-safe-sql-firewall-family resource in relevant compartments, which includes permissions on all SQL Firewall related resources.

data-safe-sql-firewall-family Resource

The data-safe-sql-firewall-family resource includes all Oracle Data Safe resources related to SQL Firewall as well as target registration, Activity Auditing, security policies, and common resources.

SQL Firewall resources:

Target registration resources:

Activity Auditing resource:

Security policies resources:

Common resources:

The following table describes the permissions that you can assign to a group for the data-safe-sql-firewall-family resource.

Permission Description
inspect The user group can list all SQL Firewall resources in a specified compartment.
read or use The user group can list and view properties for all SQL Firewall resources in a specified compartment
manage The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) all SQL Firewall resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe.

data-safe-database-security-configs Resource

The data-safe-database-security-configs resource represents security configurations for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-database-security-configs resource.

Permission Description
inspect The user group can list database security configurations.
read or use The user group can list and view details for database security configurations.
manage The user group can list, view details for, update, and move (to another compartment) database security configurations.

data-safe-sql-collections Resource

The data-safe-sql-collections resource represents the SQL collections for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-collections resource.

Permission Description
inspect The user group can list the SQL collections.
read or use The user group can list and view details for the SQL collections.
manage The user group can list, view details for, create, update, delete, and move (to another compartment) the SQL collections.

data-safe-sql-firewall-policies Resource

The data-safe-sql-firewall-policies resource represents the SQL Firewall policies for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-policies resource.

Permission Description
inspect The user group can list the SQL Firewall policies.
read or use The user group can list and view details for the SQL Firewall policies.
manage The user group can list, view details for, create, update, delete, and move (to another compartment) the SQL Firewall policies.

data-safe-sql-firewall-allowed-sqls Resource

The data-safe-sql-firewall-allowed-sqls resource represents the list of allowed SQL statements for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-allowed-sqls resource.

Permission Description
inspect The user group can list the allowed SQL statements.
read The user group can list and view details for the allowed SQL statements.

data-safe-sql-firewall-violations Resource

The data-safe-sql-firewall-violations resource represents the SQL and context violations for target databases in SQL Firewall.

The following table describes the permissions available for the data-safe-sql-firewall-violations resource.

Permission Description
inspect The user group can list the SQL and context violations.
read The user group can list and view details for the SQL and context violations.