Data Source: oci_data_safe_audit_policies

This data source provides the list of Audit Policies in Oracle Cloud Infrastructure Data Safe service.

Retrieves a list of all audited targets with their corresponding provisioned audit policies, and their provisioning conditions.

The ListAuditPolicies operation returns only the audit policies in the specified compartmentId. The list does not include any subcompartments of the compartmentId passed.

The parameter accessLevel specifies whether to return only those compartments for which the requestor has INSPECT permissions on at least one resource directly or indirectly (ACCESSIBLE) (the resource can be in a subcompartment) or to return Not Authorized if Principal doesn’t have access to even one of the child compartments. This is valid only when compartmentIdInSubtree is set to true.

The parameter compartmentIdInSubtree applies when you perform ListAuditPolicies on the compartmentId passed and when it is set to true, the entire hierarchy of compartments can be returned. To get a full list of all compartments and subcompartments in the tenancy (root compartment), set the parameter compartmentIdInSubtree to true and accessLevel to ACCESSIBLE.

Example Usage

data "oci_data_safe_audit_policies" "test_audit_policies" {
	#Required
	compartment_id = var.compartment_id

	#Optional
	access_level = var.audit_policy_access_level
	audit_policy_id = oci_data_safe_audit_policy.test_audit_policy.id
	compartment_id_in_subtree = var.audit_policy_compartment_id_in_subtree
	display_name = var.audit_policy_display_name
	state = var.audit_policy_state
	target_id = oci_cloud_guard_target.test_target.id
}

Argument Reference

The following arguments are supported:

• access_level - (Optional) Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
• audit_policy_id - (Optional) An optional filter to return only resources that match the specified id.
• compartment_id - (Required) A filter to return only resources that match the specified compartment OCID.
• compartment_id_in_subtree - (Optional) Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the ‘accessLevel’ setting.
• display_name - (Optional) A filter to return only resources that match the specified display name.
• state - (Optional) The current state of the audit policy.
• target_id - (Optional) A filter to return only items related to a specific target OCID.

Attributes Reference

The following attributes are exported:

• audit_policy_collection - The list of audit_policy_collection.

AuditPolicy Reference

The following attributes are exported:

• audit_conditions - Lists the audit policy provisioning conditions for the target database.
  • audit_policy_name - Indicates the audit policy name. Refer to the documentation for seeded audit policy names. For custom policies, refer to the user-defined policy name created in the target database.
  • enable_conditions - Indicates the users/roles in the target database for which the audit policy is enforced, and the success/failure event condition to generate the audit event..
    • entity_names - List of users or roles that the policy must be enabled for.
    • entity_selection - The entity include or exclude selection.
    • entity_type - The entity type that the policy must be enabled for.
    • operation_status - The operation status that the policy must be enabled for.
  • is_data_safe_service_account_audited - Indicates whether the Data Safe user activity on the target database will be audited by the policy.
  • is_priv_users_managed_by_data_safe - Indicates whether the privileged user list is managed by Data Safe.
• audit_specifications - Represents all available audit policy specifications relevant for the target database. For more details on available audit polcies, refer to documentation.
  • audit_policy_category - The category to which the audit policy belongs.
  • audit_policy_name - Indicates the audit policy name. Refer to the documentation for seeded audit policy names. For custom policies, refer to the user-defined policy name created in the target database.
  • database_policy_names - Indicates the names of corresponding database policy ( or policies) in the target database.
  • enable_status - Indicates whether the policy has been enabled, disabled or partially enabled in the target database. The status is PARTIALLY_ENABLED if any of the constituent database audit policies is not enabled.
  • enabled_entities - Indicates on whom the audit policy is enabled.
  • is_created - Indicates whether the policy is already created on the target database.
  • is_enabled_for_all_users - Indicates whether the policy by default is enabled for all users with no flexibility to alter the enablement conditions.
  • is_seeded_in_data_safe - Indicates whether the audit policy is one of the seeded policies provided by Oracle Data Safe.
  • is_seeded_in_target - Indicates whether the audit policy is one of the predefined policies provided by Oracle Database.
  • is_view_only - Indicates whether the audit policy is available for provisioning/ de-provisioning from Oracle Data Safe, or is only available for displaying the current provisioning status from the target.
  • partially_enabled_msg - Provides information about the policy that has been only partially enabled.
• compartment_id - The OCID of the compartment containing the audit policy.
• defined_tags - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}
• description - Description of the audit policy.
• display_name - The display name of the audit policy.
• freeform_tags - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}
• id - The OCID of the audit policy.
• is_data_safe_service_account_excluded - Option provided to users at the target to indicate whether the Data Safe service account has to be excluded while provisioning the audit policies.
• lifecycle_details - Details about the current state of the audit policy in Data Safe.
• state - The current state of the audit policy.
• system_tags - System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"orcl-cloud.free-tier-retained": "true"}
• target_id - The OCID of the target for which the audit policy is created.
• time_created - The time the the audit policy was created, in the format defined by RFC3339.
• time_last_provisioned - Indicates the last provisioning time of audit policies on the target, in the format defined by RFC3339.
• time_last_retrieved - The time when the audit policies was last retrieved from this target, in the format defined by RFC3339.
• time_updated - The last date and time the audit policy was updated, in the format defined by RFC3339.