Oracle Cloud Infrastructure Documentation

Required Permissions for Registering Target Databases

To register a target database in Oracle Data Safe, a group requires permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM), on the database, and in Oracle Data Safe.

A group requires the following permissions:

  • Permission in IAM to access to the database.
    • For a DB system, a group requires at least the inspect permission on three resource types: db-systems, db-nodes, and vnics.
    • For an Autonomous Database, a group requires at least the inspect permission on the autonomous-database resource type. For example, to grant the Data-Safe-Admins group the inspect permission on all Autonomous Databases in the Finance compartment, a tenancy administrator could write the following policy statement:
      allow group Data-Safe-Admins to inspect autonomous-database in compartment Finance
  • Permission to log in to the database as an administrator in order to create a user account for Oracle Data Safe and run the SQL privileges script.
    • For a DB System, the group needs to use the SYS account.
    • For an Autonomous Database, the needs to use the ADMIN account.
  • Permission to manage at least one feature in Oracle Data Safe in order to register, update, and delete target databases.