To register a target database in Oracle Data Safe, a group requires permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM), on the database, and in Oracle Data Safe.

A group requires the following permissions:

• Permission in IAM to access to the database.
  • For a DB system, a group requires at least the inspect permission on three resource types: db-systems, db-nodes, and vnics.
  • For an Autonomous Database, a group requires at least the inspect permission on the autonomous-database resource type. For example, to grant the Data-Safe-Admins group the inspect permission on all Autonomous Databases in the Finance compartment, a tenancy administrator could write the following policy statement:

    allow group Data-Safe-Admins to inspect autonomous-database in compartment Finance

• Permission to log in to the database as an administrator in order to create a user account for Oracle Data Safe and run the SQL privileges script.
  • For a DB System, the group needs to use the SYS account.
  • For an Autonomous Database, the needs to use the ADMIN account.

• Permission to manage at least one feature in Oracle Data Safe in order to register, update, and delete target databases.