Severity : HighMedium
Description: This control ensures that OCI database instances are protected against unintended and malicious deletion by unauthorized groups and users. database users/groups should be able to create database table-spaces but not delete them. Security policies for database users and groups should remove statements for permission for DB_SYSTEM_DELETE, DATABASE_DELETE, DB_HOME_DELETE with where statement request.permission !={DB_SYSTEM_DELETE, DATABASE_DELETE, DB_HOME_DELETE} . It is recommended that minimum possible set of IAM users and groups have database delete permissions . Only give DELETE permissions to tenancy and compartment administrators
...