Required Permissions for Registering Target Databases
To register a target database in Oracle Data Safe, a group requires permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM), on the database, and in Oracle Data Safe.
A group requires the following permissions:
- Permission in IAM to access to the database.
- For a DB system, a group requires at least the
inspect
permission on three resource types:db-systems
,db-nodes
, andvnics
. For example, to grant theData-Safe-Admins
group theinspect
permission on alldb-systems
,db-nodes
, andvnics
in a tenancy, a tenancy administrator could write the following policy:allow group Data-Safe-Admins to inspect db-systems in tenancy allow group Data-Safe-Admins to inspect db-nodes in tenancy allow group Data-Safe-Admins to inspect vnics in tenancy
- For an Autonomous Database, a group requires at least the
inspect
permission on theautonomous-database
resource type. For example, to grant theData-Safe-Admins
group theinspect
permission on all Autonomous Databases in theFinance
compartment, a tenancy administrator could write the following policy statement:allow group Data-Safe-Admins to inspect autonomous-database in compartment Finance
- For a DB system, a group requires at least the
- Permission to log in to the database as an administrator.
- For a DB system, the group needs to log in as the
SYS
account to create the service account for Oracle Data Safe and run the SQL privileges script. - For an Autonomous Database, the group needs to log in as a PDB Admin user (
ADMIN
) or as a user that has execute permission on theDS_TARGET_UTIL
package in order to grant additional roles to theDS$ADMIN
service account for Oracle Data Safe.
- For a DB system, the group needs to log in as the
- Permission to
manage
at least one feature in Oracle Data Safe in order to register, update, and delete target databases.