Groups in Oracle Data Safe require privileges so that they can access and utilize resources and features in Oracle Data Safe. On the Security tab in the Oracle Data Safe Console, an Oracle Data Safe administrator can create authorization policies that define which groups can access each resource group. There is one authorization policy per resource group. In the policy, each group is assigned a privilege of
none for each of the four main Oracle Data Safe feature categories. An instance administrator cannot create more privileges.
The main feature categories are as follows:
- Assessment (includes User Assessment and Security Assessment features)
- Discovery and Masking (includes Data Discovery and Data Masking features)
- Activity Auditing
The following table describes the privileges in Oracle Data Safe.
|Privileges in Oracle Data Safe||More Information|
|The group has no privilege||
The group can read the list of resources for a feature.
The group can create, read, update, delete, and delegate feature-related resources.
A group that does not have permission to
inspectgroups in a tenancy cannot configure authorization policies in Oracle Data Safe, even if the group is granted the
managepermission for a feature in Oracle Data Safe.
The diagram at the top of the page shows different audit policies for different groups. There are two Oracle Data Safe regions - Mumbai and Frankfurt. In Mumbai's Oracle Data Safe, the
IT-Compliance group is granted the
AdministerAudit privilege on the Sales resource group. The
IT-Security-India group is granted the
AdministerAssessment privileges on the Sales resource group. The Sales resource group contains a Sales target database, an audit trail and audit policy, a sensitive data model for the Sales database, and user-defined sensitive types. In Frankfurt's Oracle Data Safe, the
IT-Security-Europe group is granted the
ViewAssessment privileges on the Finance resource group. The Finance resource group contains a Finance target database and a sensitive data model for the Finance database.