Security Zone Policies

Using security zones helps ensure that resources in Data Science comply with security best practices.

A security zone is associated with one or more compartments and a security zone recipe. When you create or update resources in a compartment that's part of a security zone, Oracle Cloud Infrastructure validates these operations against the security zone policies defined in the recipe. If any policy is violated, the operation is denied.

You can enable the following security zone policies for Data Science in the OCI Console:

• deny model_deploy_public_network: Model deployment instances that use managed networking cannot access the internet.
• deny job_manage_egress_network: Job instances that use managed networking cannot access the internet.
• deny notebook_public_network: Notebook sessions that use managed networking cannot access the internet.
• deny pipeline_manage_egress_network: Pipelines that use managed networking cannot access the internet.

For a complete list of security zone policies, see Security Zone Policies.

To move existing resources to a compartment in a security zone, you must ensure that the resources comply with all security zone policies in the zone's recipe. Likewise, resources in a security zone cannot be moved to a compartment outside the security zone because the destination compartment might be less secure.

For more information, see Managing Security Zones.