Securing Console Dashboards
This topic provides security information and recommendations for the Oracle Cloud Infrastructure Console Dashboards service.
Security Responsibilities
To use the Console Dashboards service securely, learn about your security and compliance responsibilities.
In general, Oracle provides security of cloud infrastructure and operations, such as cloud operator access controls and infrastructure security patching. You are responsible for securely configuring your cloud resources. Security in the cloud is a shared responsibility between you and Oracle.
Oracle is responsible for the following security requirements:
- Physical Security: Oracle is responsible for protecting the global infrastructure that runs all of the services offered in Oracle Cloud Infrastructure. This infrastructure consists of the hardware, software, networking, and facilities that run Oracle Cloud Infrastructure services.
- Security Patching: Oracle conducts security patching monthly to ensure that Oracle Cloud Infrastructure services have up-to-date security patches.
Your security reponsibility includes the following area:
- Access Control: Limit privileges as much as possible. Users should be given only the access necessary to perform their work.
- Encryption and Confidentiality: Use encryption keys and secrets to protect your data and connect to secured resources. Rotate these keys regularly.
Initial Security Tasks
Use this checklist to identify the tasks you perform to secure Console Dashboards in a new Oracle Cloud Infrastructure tenancy.
Task | More Information |
---|---|
Use IAM policies to grant access to users | IAM Policies |
Routine Security Tasks
The Console Dashboards service does not have any security tasks that you need to perform regularly.
IAM Policies
Use policies to limit access to Console Dashboards.
A policy specifies who can access Oracle Cloud Infrastructure resources and how. For more information, see How Policies Work.
Assign a group the least privileges that are required to perform their responsibilities. Each policy has a verb. From the least amount of
access to the most, the available verbs are: inspect
, read
, use
, and
manage
.
Create this policy to allow group DashboardUsers
to perform all actions in the Console Dashboards service except deleting dashboards and dashboard groups. Limit DASHBOARD_DELETE
and DASHBOARD_GROUP_DELETE
permissions to tenancy and compartment administrators.
Allow group DashboardUsers to manage dashboards-family in tenancy
where request.permission!='DASHBOARD_DELETE'
and where request.permission!='DASHBOARD_GROUP_DELETE'
For more information about Console Dashboards policies and to view more examples, see Policy Details for Console Dashboards.
Data Encryption
The Console Dashboards service uses standard Oracle Cloud Infrastructure encryption for all data stored at rest in the service. No configuration is necessary.
Data Durability
The Console Dashboards service does not create backups. After data is deleted, the data cannot be restored. Use policies to limit access to Console Dashboards and to restrict users' ability to delete data.
Data Security
The Console Dashboards service uses the HTTPS protocol to secure data and IAM policies to secure the API.
Auditing
The Console Dashboards service uses the Oracle Cloud Infrastructure Audit service to record the calls made to Console Dashboards service resources. The Audit service records the following log events:
- API calls made by the Console, CLI, or SDK
- Calls made by other Oracle Cloud Infrastructure services
- Calls made by any custom clients that you use