Oracle Cloud Infrastructure Documentation

Run the SQL Privileges Script

You can run the SQL privileges script to grant or revoke access to Oracle Data Safe features for a target database.

To run the SQL privileges script, you need to be able to connect to your DB system as the SYS user or connect to your Autonomous Database as the ADMIN user.
To run the SQL privileges script on a target database:
  1. Create a least privileged Oracle Data Safe user account on your database:
    1. (Required) Log in to your database as the SYS or ADMIN user.
    2. Create a user account with minimal privileges, for example:
      CREATE USER DATASAFE_ADMIN identified by password
      DEFAULT TABLESPACE "DATA"
      TEMPORARY TABLESPACE "TEMP";
      GRANT CONNECT, RESOURCE TO DATASAFE_ADMIN;
    • Replace DATASAFE_ADMIN and password with your own values.
    • Do not use SYSTEM or SYSAUX as the default tablespace. You cannot mask data if you use these tablespaces.
  2. Download the SQL privileges script from the Oracle Data Safe Console:
    1. Sign in to the Oracle Data Safe Console, and click the Targets tab.
    2. Click Add.
      The Add Target dialog box is displayed.
    3. Click Download Privilege Script and save the dscs_privileges.sql script to your computer.
    4. Click Cancel.
  3. With SQL Developer or SQL*Plus, connect to your database as either the SYS or ADMIN user, and then run the SQL privileges script with the following statement:
    @dscs_privileges.sql <DATASAFE_ADMIN> <GRANT/REVOKE> <AUDIT_COLLECTION/AUDIT_SETTING/DATA_DISCOVERY/MASKING/ASSESSMENT/ALL> [-VERBOSE]
    • <DATASAFE_ADMIN> is the name of the Oracle Data Safe user account in your database. It is case-sensitive and must match the user name in the dba_users data dictionary view in your database.
    • Specify GRANT or REVOKE depending on whether you want to add privileges to or remove privileges from the Oracle Data Safe user account.
    • Specify one or more Oracle Data Safe features, separated by a forward slash: AUDIT_COLLECTION/AUDIT_SETTING/DATA_DISCOVERY/MASKING/ASSESSMENT/ALL. ALL grants or revokes all the features.
    • -VERBOSE shows only the actual GRANT/REVOKE commands. This parameter is optional.