1. Administering Oracle Data Safe
  2. Target Database Registration
  3. Pre and Post Registration Tasks
  4. Create an Oracle Data Safe Service Account on Your Target Database

Create an Oracle Data Safe Service Account on Your Target Database

Every target database that you want to use with Oracle Data Safe requires an Oracle Data Safe service account on it. By default, Autonomous Databases already have this account. On non-Autonomous Databases, you need to create an account.

Note:

If you want to register a container database (CDB), please note that CDBs are supported on Oracle Database 19c and above.

Exception for Autonomous Databases

For all types of Oracle databases that you want to register with Oracle Data Safe, except for Autonomous Databases, you need to manually create an Oracle Data Safe service account. Create it with the least amount of privileges on the database.

An Autonomous Database comes with an Oracle Data Safe service account precreated on it so you do not need to create one. The account is named DS$ADMIN and is initially locked with the password expired. When you register an Autonomous Database with Oracle Data Safe, Oracle Cloud Infrastructure unlocks this account and resets its password. If you deregister the Autonomous Database, the account is locked again.

Create an Oracle Data Safe Service Account on a Target Database

Create the Oracle Data Safe service account with the least amount of privileges.

  1. Log in to your database with an account that lets you create a user.
  2. Create a user account with minimal privileges, for example:
    CREATE USER DATASAFE_ADMIN identified by password
DEFAULT TABLESPACE "DATA"
TEMPORARY TABLESPACE "TEMP";
GRANT CONNECT, RESOURCE TO DATASAFE_ADMIN;
    • Replace DATASAFE_ADMIN and password with your own values.

      Note:

      The password must be at least 14 characters long and must contain at least one uppercase, one lowercase, one numeric, and one special character. See the Guidelines for Securing Passwords in the Security Guide for Oracle Database [19c] [23ai] for more details.
    • Do not use SYSTEM or SYSAUX as the default tablespace. You cannot mask data if you use these tablespaces.
  3. Grant roles to the Oracle Data Safe service account. See Grant Roles to the Oracle Data Safe Service Account on Your Target Database.