Permissions to Register an Oracle Cloud@Customer Database with Oracle Data Safe
To register an Oracle Cloud@Customer database (Exadata Database on Cloud@Customer or Autonomous Database on Exadata Cloud@Customer database) with Oracle Data Safe, a user group requires permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM) to do the following:
- Register a target database with Oracle Data Safe:
allow group <group-name> to manage target-databases in compartment <compartment-name>
- (Exadata Database on Cloud@Customer) Register or update the target database:
allow group <group-name> to inspect exadata-infrastructures in compartment <compartment-name> allow group <group-name> to inspect vmcluster-network in compartment <compartment-name>
- (Autonomous Database on Exadata Cloud@Customer) Register or update the target database:
allow group <group-name> to read autonomous-databases in compartment <compartment-name> allow group <group-name> to inspect autonomous-container-databases in compartment <compartment-name> allow group <group-name> to inspect autonomous-vmclusters in compartment <compartment-name> allow group <group-name> to inspect exadata-infrastructures in compartment <compartment-name> allow group <group-name> to inspect vmcluster-network in compartment <compartment-name>
- (Option 1) Use or create an Oracle Data Safe private endpoint: The user group requires at
least the
use
permission on an Oracle Data Safe private endpoint and on the underlying virtual networking resources of the private endpoint for the relevant compartments. For example, the following statements allow a group to create a private endpoint:allow group <group-name> to manage data-safe-private-endpoints in compartment <compartment-name> allow group <group-name> to manage virtual-network-family in compartment <compartment-name>
If the group already has an Oracle Data Safe private endpoint and wants to reuse it, then replace
manage
withuse
in the statements above. - (Option 2) Use or create an Oracle Data Safe on-premises connector: Include permission to
use or create an Oracle Data Safe on-premises connector, for
example:
allow group <group-name> to manage onprem-connectors in compartment <compartment-name>
For more information about the resources and their permissions, see OCI Resources for Oracle Data Safe.