oci_data_safe_audit_policy_management
This resource provides the Audit Policy Management resource in Oracle Cloud Infrastructure Data Safe service.
Updates the audit policy.
Example Usage
resource "oci_data_safe_audit_policy_management" "test_audit_policy_management" {
#Required
compartment_id = var.compartment_id
target_id = oci_data_safe_target_database.test_target_database.id
#Optional
defined_tags = {"Operations.CostCenter"= "42"}
description = var.audit_policy_management_description
display_name = var.audit_policy_management_display_name
freeform_tags = {"Department"= "Finance"}
retrieve_from_target_trigger = true
}
Argument Reference
The following arguments are supported:
target_id
- (Required) Unique target identifier.compartment_id
- (Required) The OCID of the compartment containing the target.defined_tags
- (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:{"Operations.CostCenter": "42"}
description
- (Optional) (Updatable) The description of the audit policy.display_name
- (Optional) (Updatable) The display name of the audit policy. The name does not have to be unique, and it is changeable.freeform_tags
- (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:{"Department": "Finance"}
provision_trigger
- (Optional) (Updatable) An optional property when set to true triggers Provision.retrieve_from_target_trigger
- (Optional) (Updatable) An optional property when set to true triggers Retrieve From Target.audit_conditions
- (Optional) Required when provision_trigger is set. Lists the audit policy provisioning conditions for the target database.audit_policy_name
- Indicates the audit policy name. Refer to the documentation for seeded audit policy names. For custom policies, refer to the user-defined policy name created in the target database.enable_conditions
- Indicates the users/roles in the target database for which the audit policy is enforced, and the success/failure event condition to generate the audit event..entity_names
- List of users or roles that the policy must be enabled for.entity_selection
- The entity include or exclude selection.entity_type
- The entity type that the policy must be enabled for.operation_status
- The operation status that the policy must be enabled for.
is_data_safe_service_account_audited
- Indicates whether the Data Safe user activity on the target database will be audited by the policy.is_priv_users_managed_by_data_safe
- Indicates whether the privileged user list is managed by Data Safe.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Attributes Reference
The following attributes are exported:
audit_conditions
- Lists the audit policy provisioning conditions for the target database.audit_policy_name
- Indicates the audit policy name. Refer to the documentation for seeded audit policy names. For custom policies, refer to the user-defined policy name created in the target database.enable_conditions
- Indicates the users/roles in the target database for which the audit policy is enforced, and the success/failure event condition to generate the audit event..entity_names
- List of users or roles that the policy must be enabled for.entity_selection
- The entity include or exclude selection.entity_type
- The entity type that the policy must be enabled for.operation_status
- The operation status that the policy must be enabled for.
is_data_safe_service_account_audited
- Indicates whether the Data Safe user activity on the target database will be audited by the policy.is_priv_users_managed_by_data_safe
- Indicates whether the privileged user list is managed by Data Safe.
audit_specifications
- Represents all available audit policy specifications relevant for the target database. For more details on available audit polcies, refer to documentation.audit_policy_category
- The category to which the audit policy belongs.audit_policy_name
- Indicates the audit policy name. Refer to the documentation for seeded audit policy names. For custom policies, refer to the user-defined policy name created in the target database.database_policy_names
- Indicates the names of corresponding database policy ( or policies) in the target database.enable_status
- Indicates whether the policy has been enabled, disabled or partially enabled in the target database. The status is PARTIALLY_ENABLED if any of the constituent database audit policies is not enabled.enabled_entities
- Indicates on whom the audit policy is enabled.is_created
- Indicates whether the policy is already created on the target database.is_enabled_for_all_users
- Indicates whether the policy by default is enabled for all users with no flexibility to alter the enablement conditions.is_seeded_in_data_safe
- Indicates whether the audit policy is one of the seeded policies provided by Oracle Data Safe.is_seeded_in_target
- Indicates whether the audit policy is one of the predefined policies provided by Oracle Database.is_view_only
- Indicates whether the audit policy is available for provisioning/ de-provisioning from Oracle Data Safe, or is only available for displaying the current provisioning status from the target.partially_enabled_msg
- Provides information about the policy that has been only partially enabled.
compartment_id
- The OCID of the compartment containing the audit policy.defined_tags
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:{"Operations.CostCenter": "42"}
description
- Description of the audit policy.display_name
- The display name of the audit policy.freeform_tags
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:{"Department": "Finance"}
id
- The OCID of the audit policy.is_data_safe_service_account_excluded
- Option provided to users at the target to indicate whether the Data Safe service account has to be excluded while provisioning the audit policies.lifecycle_details
- Details about the current state of the audit policy in Data Safe.state
- The current state of the audit policy.system_tags
- System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:{"orcl-cloud.free-tier-retained": "true"}
target_id
- The OCID of the target for which the audit policy is created.time_created
- The time the audit policy was created, in the format defined by RFC3339.time_last_provisioned
- Indicates the last provisioning time of audit policies on the target, in the format defined by RFC3339.time_last_retrieved
- The time when the audit policies was last retrieved from this target, in the format defined by RFC3339.time_updated
- The last date and time the audit policy was updated, in the format defined by RFC3339.
Timeouts
The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Audit Policy Management
* update
- (Defaults to 20 minutes), when updating the Audit Policy Management
* delete
- (Defaults to 20 minutes), when destroying the Audit Policy Management
Import
Import is not supported for this resource.