Oracle Cloud Infrastructure Documentation

Authorization Policies

Groups in Oracle Data Safe require privileges so that they can access and utilize resources and features in Oracle Data Safe. On the Security tab in the Oracle Data Safe Console, an Oracle Data Safe administrator can create authorization policies that define which groups can access each resource group. There is one authorization policy per resource group. In the policy, each group is assigned a privilege of view, manage, or none for each of the four main Oracle Data Safe feature categories. An instance administrator cannot create more privileges.

The main feature categories are as follows:

  • Assessment (includes User Assessment and Security Assessment features)
  • Discovery and Masking (includes Data Discovery and Data Masking features)
  • Activity Auditing

The following table describes the privileges in Oracle Data Safe.

Privileges in Oracle Data Safe More Information
The group has no privilege

Select -- for one or more features on the Authorization policies tab.

  • ViewMasking: View privileges on all masking related resources
  • ViewAudit: View privileges on all audit related resources
  • ViewAssessment: View privileges on all assessment related resources
  • ViewAll: View privileges on all resources

The group can read the list of resources for a feature.

Select view for one or more features on the Authorization Policies tab.

  • AdministerMasking: Administer privileges on all masking related resources
  • AdministerAudit: Administer privileges on all audit related resources
  • AdministerAssessment: Administer privileges on all assessment related resources
  • AdministerAll: Administer privileges on all resources

The group can create, read, update, delete, and delegate feature-related resources.

Select manage for one or more features on the Authorization Policies tab.

Note

A group that does not have permission to inspect groups in a tenancy cannot configure authorization policies in Oracle Data Safe, even if the group is granted the manage permission for a feature in Oracle Data Safe.