For all database types that you want to register with Oracle Data Safe, except for Autonomous AI Databases, you need to manually create an Oracle Data Safe service account. Create it with the least amount of privileges on the database.

An Autonomous AI Database comes with an Oracle Data Safe service account precreated on it so you do not need to create one. The account is named DS$ADMIN and is initially locked with the password expired. When you register an Autonomous AI Database with Oracle Data Safe, Oracle Cloud Infrastructure unlocks this account and resets its password. If you deregister the Autonomous AI Database, the account is locked again.

1. Log in to your database with an account that lets you create a user.
2. Create a user account with minimal privileges, for example:

   CREATE USER DATASAFE_ADMIN identified by password
   DEFAULT TABLESPACE "DATA"
   TEMPORARY TABLESPACE "TEMP";
   GRANT CONNECT, RESOURCE TO DATASAFE_ADMIN;

   • Replace DATASAFE_ADMIN and password with your own values.

     Note:

     The password must be at least 14 characters long and must contain at least one uppercase, one lowercase, one numeric, and one special character. See the Guidelines for Securing Passwords in the Oracle AI Database Security Guide [19c] [26ai] for more details.
   • Do not use SYSTEM or SYSAUX as the default tablespace. You cannot mask data if you use these tablespaces.
   • Ensure that the SESSIONS_PER_USER for the Data Safe service account is at least 20. This is defined in the user profile. By default, the Data Safe service account is assigned the default user profile.
3. Grant roles to the Oracle Data Safe service account. See Grant Roles to the Oracle Data Safe Service Account on Your Target Database.