OCI Data Safe Config Builder

IAM & SecurityOCI

Build Data Safe assessment, data masking, and audit policy configurations for database security.

Last verified: May 2026

OCI Data Safe Configuration

Build Data Safe assessment, data masking, and audit policy configurations for database security.

Required Fields

compartmentIddisplayNametargetDatabaseIdsecurityAssessment.isEnabled

{
  "compartmentId": "ocid1.compartment.oc1..aaaaaaaexample",
  "displayName": "prod-data-safe-config",
  "targetDatabaseId": "ocid1.autonomousdatabase.oc1.iad.aaaaaaaexample",
  "securityAssessment": {
    "isEnabled": true,
    "schedule": "WEEKLY",
    "comparisonBaseline": "LATEST",
    "notifications": {
      "topicId": "ocid1.onstopic.oc1.iad.aaaaaaaexample",
      "onHighRisk": true,
      "onCriticalRisk": true
    }
  },
  "userAssessment": {
    "isEnabled": true,
    "schedule": "MONTHLY",
    "trackPrivilegedUsers": true,
    "trackUserChanges": true
  },
  "dataMasking": {
    "maskingPolicyName": "pii-masking-policy",
    "sensitiveTypes": [
      "EMAIL_ADDRESS",
      "PHONE_NUMBER",
      "CREDIT_CARD_NUMBER",
      "SOCIAL_SECURITY_NUMBER"
    ],
    "maskingFormats": {
      "EMAIL_ADDRESS": "SHUFFLE",
      "PHONE_NUMBER": "RANDOM_DIGITS",
      "CREDIT_CARD_NUMBER": "FIXED_STRING",
      "SOCIAL_SECURITY_NUMBER": "RANDOM_DIGITS"
    },
    "isDropForeignKeys": false,
    "isRefreshStats": true
  },
  "auditPolicy": {
    "isEnabled": true,
    "auditConditions": [
      {
        "auditPolicyName": "LOGON_EVENTS",
        "isEnabled": true,
        "isPrivUsersManagedByDataSafe": true
      },
      {
        "auditPolicyName": "DATABASE_SCHEMA_CHANGES",
        "isEnabled": true
      }
    ],
    "retentionDays": 365
  },
  "freeformTags": {
    "compliance": "gdpr",
    "team": "data-security"
  }
}

Generated Output

Output will appear here...

How It Helps

Build Data Safe assessment, data masking, and audit policy configurations for database security. This tool helps OCI engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.

Things Engineers Ask

Does this tool connect to my OCI account?

No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.

Are the generated configurations production-ready?

The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

In Practice

Your team is preparing for a SOC 2 audit covering customer-data handling. The builder generates a Data Safe config: weekly security assessments on the Autonomous DB, daily user assessments to catch privilege drift, data discovery scan finding all PII columns, audit policies capturing all SELECT/INSERT/UPDATE on those columns. Reports flow to Object Storage for auditor review. Compliance team is happy: assessments are automated, evidence is comprehensive, and findings drive remediation tickets weekly.

Practical Applications

1Generating oci data safe configurations for new infrastructure deployments.
2Validating existing configurations against best practices before applying changes.
3Learning OCI service configuration patterns through interactive examples.
4Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Behind the Scenes

The builder constructs Data Safe configurations: target database registration (Autonomous DB / DB System / external), security assessment configuration (schedule + reporting destination), user assessment (user privileges audit + scheduled review), data discovery (sensitive data identification rules), data masking format library (predefined masks for SSN/credit-card/email/etc.), audit policies (DB-level audit rules with retention). Output is generated as oci data-safe commands and Terraform oci_data_safe_* resources.

Things the Docs Don’t Tell You

TIP

Data Safe assessments are FREE for OCI Autonomous Database and OCI MySQL HeatWave — Oracle wants customers using their managed databases. Run security assessments at least monthly to catch configuration drift, missing patches, and over-privileged users before auditors do.

TIP

Data masking templates are reusable across environments. Build a single mask config for sensitive columns (SSN, credit card, email) and apply it when refreshing dev/test environments from production. Without masking, a single dev DB compromise = full PII leak.

TIP

Audit policies in Data Safe complement OCI Audit. OCI Audit captures API-level events; Data Safe audit policies capture in-database events (SELECT on sensitive tables, privilege escalations, schema changes). For compliance, you need BOTH layers.

Related Learning Guides

OCI IAM, Compartments & Policies22 min read
OCI Security Best Practices24 min read

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.

OCI Data Safe Config Builder

IAM & SecurityOCI

Build Data Safe assessment, data masking, and audit policy configurations for database security.

Last verified: May 2026

OCI Data Safe Configuration

Build Data Safe assessment, data masking, and audit policy configurations for database security.

Required Fields

compartmentIddisplayNametargetDatabaseIdsecurityAssessment.isEnabled

Generated Output

Output will appear here...

How It Helps

Things Engineers Ask

Does this tool connect to my OCI account?

Are the generated configurations production-ready?

In Practice

Practical Applications

1Generating oci data safe configurations for new infrastructure deployments.
2Validating existing configurations against best practices before applying changes.
3Learning OCI service configuration patterns through interactive examples.
4Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Behind the Scenes

Things the Docs Don’t Tell You

TIP

Related Learning Guides

OCI IAM, Compartments & Policies22 min read
OCI Security Best Practices24 min read

Was this tool helpful?