Managing Security Zones

Create and manage security zones to protect resources in a compartment.

You can perform the following security zone management tasks:

• Creating a Security Zone
• Getting a Security Zone's Details
• Listing Security Zone Policies in a Compartment
• Viewing Policy Violations in a Security Zone
• Viewing the Compartments in a Security Zone
• Viewing Security Zones in a Compartment
• Editing a Security Zone
• Moving a Security Zone Between Compartments
• Removing a Subcompartment from a Security Zone
• Adding a Removed Subcompartment to a Security Zone
• Deleting a Security Zone

A security zone has the following characteristics:

• Created in a compartment , but not restricted to a single compartment
• Associated with a single compartment or hierarchy of compartments with a single parent
• Assigned a security zone recipe

A compartment can't be in multiple security zones.

After you create a security zone for a compartment, it automatically prevents operations, such as creating or modifying resources, that violate the security zone's policies. Any operation that violates a policy in the zone's recipe is denied. However, existing resources that were created before the security zone might also violate policies. Security Zones integrates with Oracle Cloud Guard to identify policy violations in existing resources.

You must enable Cloud Guard in the tenancy before creating a security zone. See Getting Started with Cloud Guard.

Each tenancy has a predefined recipe named Maximum Security Recipe, which includes several curated security zone policies. Oracle manages this recipe, and you can't change it.

You can create a custom recipe, or clone an existing one. See Managing Recipes in Security Zones.

When you create a security zone for a compartment, any subcompartments are also in the same security zone. You can also:

• Remove a subcompartment from a security zone
• Create a different security zone for a subcompartment