Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Data Safe for Autonomous AI Databases

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: OCI-AutonomousAIDatabase-003

Ensure that the Data Safe feature is enabled for your OCI Autonomous AI Databases in order to centralize risk assessment and compliance management, discover and classify sensitive data, evaluate user privileges, and audit database activity, thereby strengthening protection against breaches and configuration drift.

Security

Oracle Data Safe serves as a unified security control center included with Autonomous AI Database, enabling centralized oversight of sensitive data and user activity. It strengthens compliance and risk management by identifying sensitive information, assessing excessive privileges, and continuously monitoring database actions.

Audit

To determine if Data Safe is enabled for your OCI Autonomous AI Databases, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to Autonomous AI Databases console available at https://cloud.oracle.com/db/adbs.

  3. For Applied filters, choose an OCI compartment from the Compartment dropdown menu, to list the Autonomous AI Databases provisioned in the selected compartment.

  4. Click on the name (link) of the Autonomous AI Database that you want to examine, listed in the Display Name column.

  5. Select the Autonomous AI Database information tab, and check the Status value, listed in the Data Safe section, to determine the Data Safe feature status. If Status is set to Not registered, Data Safe is not enabled for the selected Oracle Cloud Infrastructure (OCI) Autonomous AI Database.

Using OCI CLI

  1. Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:

    oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'

  2. The command output should return the requested OCI compartment identifiers (OCIDs):

    [
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

  3. Run db autonomous-database list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, to list the ID of each Autonomous AI Database provisioned in the selected OCI compartment:

    oci db autonomous-database list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--all
	--query 'data[]."id"'

  4. The command output should return the requested database instance IDs:

    [
	"ocid1.autonomousdatabase.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.autonomousdatabase.oc1.ap-sydney-1.abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

  5. Run db autonomous-database get command (Windows/macOS/Linux) with the name of the Autonomous AI Database that you want to examine as the identifier parameter and custom output filters to determine the Data Safe feature status for the selected database instance:

    oci db autonomous-database get
	--autonomous-database-id 'ocid1.autonomousdatabase.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--query 'data."data-safe-status"'

  6. The command output should return the feature current status ("REGISTERED" for enabled, "NOT_REGISTERED" for disabled):

    "NOT_REGISTERED"

    If the db autonomous-database get command output returns "NOT_REGISTERED", as shown in the output example above, Data Safe is not enabled for the selected Oracle Cloud Infrastructure (OCI) Autonomous AI Database.

Remediation / Resolution

To ensure that Data Safe is enabled and configured for your Oracle Cloud Infrastructure (OCI) Autonomous AI Databases, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to Autonomous AI Databases console available at https://cloud.oracle.com/db/adbs.

  3. For Applied filters, choose an OCI compartment from the Compartment dropdown menu, to list the Autonomous AI Databases provisioned in the selected compartment.

  4. Click on the name (link) of the Autonomous AI Database that you want to configure, listed in the Display Name column.

  5. Select the Autonomous AI Database information tab, choose Register from the Data Safe section, and perform the following actions to enable the Data Safe feature for the selected database instance. For Register database with Data Safe, choose Confirm. Once the registration process is complete, the feature Status should change to Registered.

Using OCI CLI

  1. Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:

    oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'

  2. The command output should return the requested OCI compartment identifiers (OCIDs):

    [
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

  3. Run db autonomous-database list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, to list the ID of each Autonomous AI Database provisioned in the selected OCI compartment:

    oci db autonomous-database list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--all
	--query 'data[]."id"'

  4. The command output should return the requested database instance IDs:

    [
	"ocid1.autonomousdatabase.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.autonomousdatabase.oc1.ap-sydney-1.abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

  5. Run db autonomous-database data-safe register command (Windows/macOS/Linux) with the name of the Autonomous AI Database that you want to configure as the identifier parameter, to enable the Data Safe feature for the selected database instance. Use the --pdb-admin-password command parameter to specify the database admin password provided during the creation of the selected database instance:

    oci db autonomous-database data-safe register
	--autonomous-database-id 'ocid1.autonomousdatabase.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--pdb-admin-password '<database-admin-password>'

  6. The output should return the command request ID:

    {
	"opc-work-request-id": "ocid1.coreservicesworkrequest.oc1.ap-sydney-1.abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
}

References

Publication date Dec 3, 2025

Related OCI-AutonomousAIDatabase rules