Securing Data Catalog

Oracle Cloud Infrastructure Data Catalog provides a collaborative data discovery and governance solution in accordance with industry-leading security best practices.

Security Recommendations

  • Assign least privilege access for IAM users and groups to resource types in data-catalog-family.
  • To minimize loss of data due to inadvertent deletes by an authorized user or malicious deletes, Oracle recommends to giving CATALOG_DELETE permission to a minimum possible set of IAM users and groups. Give CATALOG_DELETE permissions only to tenancy and compartment admins.
  • To protect your data sources from any security vulnerability, provide credentials to read-only accounts only. Data Catalog only needs read access to harvest data assets.

Security Policy Examples

Prevent Delete of Data Catalogs

Create this policy to allow group DataCatalogUsers to perform all actions on data catalogs, except deleting them.

Allow group DataCatalogUsers to manage data-catalog-family in tenancy
 where request.permission!='CATALOG_DELETE' 

For more information on creating policies, see Data Catalog Policies.