Part III Data Governance

This section covers the ways you can manage the users and roles that can see and develop your data.

Permission Inheritance

The permission model in Oracle AI Data Platform is designed to support permission inheritance so that permissions granted at the parent level automatically flow to the child objects.

For example, User A is granted SELECT permissions for Catalog A, and Catalog A has the following hiearchy:

|CatalogA
|-------schema1
|------------table1

In this example, User A has SELECT permissions for Catalog A, schema1, and table1.

Permission Expansion

Permissions granted at the child level do no require explicit permissions at the parent object level. For example, you manage a catalog with the following hiearchy:

|CatalogA
|-------schema1
|------------table1_1
|-------schema2
|-------------table2_1
|-------------table2_2

In this example, if you grant User A SELECT permissions for table2_2, User A only sees the following hiearchy:

|CatalogA
|-------schema2
|-------------table2_2

User A is only granted limited list permissions for Catalog A and schema2. They can see objects that contain table2_2, but do not have access to do anything more to them.

Limitations

Known limitations of permissions inheritance and expansion are:

• Permissions inheritance does not show up for ADMIN permissions for any object type
• Permissions inheritance does not work for volumes
• Permissions expansion does not work for volumes and workspace files and folders

Topics:

• Permissions Model
• Audit Log
• Roles