Oracle Cloud Infrastructure Documentation

Grant Roles to the Oracle Data Safe Service Account on a DB System

To grant or revoke roles from the Oracle Data Safe service account on a DB system, you need to run the SQL privileges script. To run the script, you need to be connected to your DB system as the SYS user.

To grant or revoke roles from the Oracle Data Safe service account on a DB system:
  1. Download the SQL privileges script from the Oracle Data Safe Console:
    1. Sign in to the Oracle Data Safe Console, and click the Targets tab.
    2. Click Add.
      The Add Target dialog box is displayed.
    3. Click Download Privilege Script and save the dscs_privileges.sql script to your computer.
    4. Click Cancel.
  2. With SQL Developer or SQL*Plus, connect to your database as the SYS user, and then run the SQL privileges script with the following statement:
    @dscs_privileges.sql <DATASAFE_ADMIN> <GRANT/REVOKE> <AUDIT_COLLECTION/AUDIT_SETTING/DATA_DISCOVERY/MASKING/ASSESSMENT/ALL> [-VERBOSE]
    • <DATASAFE_ADMIN> is the name of the Oracle Data Safe service account that you created on your DB system. It is case-sensitive and must match the account name in the dba_users data dictionary view in your database.
    • Specify GRANT or REVOKE depending on whether you want to add privileges to or remove privileges from the Oracle Data Safe service account.
    • Specify one or more Oracle Data Safe features, separated by a forward slash: AUDIT_COLLECTION/AUDIT_SETTING/DATA_DISCOVERY/MASKING/ASSESSMENT/ALL. ALL grants or revokes all the features.
    • -VERBOSE shows only the actual GRANT/REVOKE commands. This parameter is optional.