Security and User Assessment Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on the following Activity Auditing resources. The data-safe-work-requests resources is required if a user group needs to set baselines or compare assessments. As an alternative to selectively granting permissions, you can grant permissions on data-safe-assessment-family in the relevant compartments, which would include permissions on all of the resources below and target registration permissions.

data-safe-work-requests Resource (see Common Resources)

data-safe-assessment-family Resource

The data-safe-assessment-family resource represents all the Oracle Data Safe resources that pertain to User Assessment and Security Assessment. The resources are as follows:

data-safe
data-safe-private-endpoints
onprem-connectors
target-databases
target-database-group
user-assessments
security-assessments
data-safe-work-requests
data-safe-security-policy-reports

The following table describes the permissions that you can assign to a group for the data-safe-assessment-family resource.

Permission	Description
`inspect`	The user group can list all Security Assessment and User Assessment resources in a specified compartment.
`read` or `use`	The user group can list and view properties for all Security Assessment and User Assessment resources in a specified compartment.
`manage`	The user group can do the following: List, view properties for, create, update, delete, and move (to another compartment) Security Assessment and User Assessment resources in a specified compartment. Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. Read work requests in Oracle Data Safe.

security-assessments Resource

The security-assessments resource represents all Security Assessment resources in Oracle Data Safe.

The following table describes the permissions available for the security-assessments resource.

Permission Description

Permission	Description
`inspect`	The user group can list Security Assessment resources.
`read` or `use`	The user group can list and view properties for Security Assessment resources.
`manage`	The user group can perform all tasks in Security Assessment, including the following: List and view properties for Security Assessment resources Create, update, delete, and move (to another compartment) security assessments Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports

inspect

The user group can list Security Assessment resources.

read or use

The user group can list and view properties for Security Assessment resources.

manage

The user group can perform all tasks in Security Assessment, including the following:

List and view properties for Security Assessment resources
Create, update, delete, and move (to another compartment) security assessments
Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports

user-assessments Resource

The user-assessments resource represents all User Assessment resources in Oracle Data Safe.

The following table describes the permissions available for the user-assessments resource.

Permission Description

Permission	Description
`inspect`	The user group can list User Assessment resources.
`read` or `use`	The user group can list and view properties for User Assessment resources.
`manage`	The user group can perform all tasks in User Assessment, including the following: List and view properties for User Assessment resources Create, update, delete, and move (to another compartment) user assessments Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports

inspect

The user group can list User Assessment resources.

read or use

The user group can list and view properties for User Assessment resources.

manage

The user group can perform all tasks in User Assessment, including the following:

List and view properties for User Assessment resources
Create, update, delete, and move (to another compartment) user assessments
Refresh assessments, set and unset baseline assessments, generate and download assessment reports, and compare assessment reports

`data-safe-security-policy-reports` Resource

The data-safe-security-policy-reports resource represents the security policy reports that provide you with the details about the schemas and tables that a user has access to as well as what privileges the user was granted on these schemas and tables. This information is available in User Assessment in Oracle Data Safe.

The following table describes the permissions available for the data-safe-security-policy-reports resource.

Permission	Description
`inspect`	The user group can list the security policy reports available in User Assessment.
`read` or `use`	The user group can list and view properties for the security policy reports available in User Assessment.