Oracle Cloud Infrastructure Documentation

Required Permission for Enabling Oracle Data Safe

To enable Oracle Data Safe, you require one of the following in Oracle Cloud Infrastructure Identity and Access Management (IAM):

  • Membership to your tenancy's Administrators group. This group has permission on all resources in your tenancy.
  • Membership to a group in your tenancy that has the manage permission for Oracle Data Safe. A tenancy administrator can create a policy in IAM that grants this permission.

The following example policy statements allow a group to enable Oracle Data Safe.

Example 2-1 Grant a group all permissions in a tenancy

To grant the Data-Safe-Admins group all permissions on all resources in a tenancy, the policy might be:

Allow group Data-Safe-Admins to manage all-resources in tenancy

Example 2-2 Make a group an Oracle Data Safe administrators group for the whole tenancy

To allow the Data-Safe-Admins group to enable and manage Oracle Data Safe in any region of a tenancy, the policy might be as follows. Note that the group cannot manage all resources in the tenancy with this permission.

Allow group Data-Safe-Admins to manage data-safe in tenancy

Example 2-3 Make a group an Oracle Data Safe administrators group for a particular region in a tenancy

To allow a Data-Safe-Admins group to enable and manage Oracle Data Safe only in the us-phoenix-1 region of a tenancy, include a where clause in your policy statement:

Allow group Data-Safe-Admins to manage data-safe in tenancy where request.region='phx'

The following Oracle Cloud Infrastructure documentation discuss how to create policies in Oracle Cloud Infrastructure Identity and Access Management (IAM):