To enable Oracle Data Safe, you require one of the following in Oracle Cloud Infrastructure Identity and Access Management (IAM):
- Membership to your tenancy's
Administratorsgroup. This group has permission on all resources in your tenancy.
- Membership to a group in your tenancy that has the
managepermission for Oracle Data Safe. A tenancy administrator can create a policy in IAM that grants this permission.
The following example policy statements allow a group to enable Oracle Data Safe.
Example 2-1 Grant a group all permissions in a tenancy
To grant the
Data-Safe-Admins group all permissions on all resources in a tenancy, the policy might be:
Allow group Data-Safe-Admins to manage all-resources in tenancy
Example 2-2 Make a group an Oracle Data Safe administrators group for the whole tenancy
To allow the
Data-Safe-Admins group to enable and manage Oracle Data Safe in any region of a tenancy, the policy might be as follows. Note that the group cannot manage all resources in the tenancy with this permission.
Allow group Data-Safe-Admins to manage data-safe in tenancy
Example 2-3 Make a group an Oracle Data Safe administrators group for a particular region in a tenancy
To allow a
Data-Safe-Admins group to enable and manage Oracle Data Safe only in the
us-phoenix-1 region of a tenancy, include a
where clause in your policy statement:
Allow group Data-Safe-Admins to manage data-safe in tenancy where request.region='phx'