Data Discovery Resources
An administrator in Oracle Cloud Infrastructure Identity and Access
Management (IAM) can grant permissions as needed on individual Data Discovery resources. As
an alternative to selectively granting permissions, you can grant permissions on the
data-safe-discovery-family resource in relevant compartments, which
includes permissions on all Data Discovery related resources.
data-safe-discovery-family Resource
The data-safe-discovery-family resource includes all
Oracle Data Safe resources related to Data Discovery as well as target registration
and common resources.
Data Discovery resources:
data-safe-discovery-jobsdata-safe-sensitive-data-modelsdata-safe-sensitive-type-groupdata-safe-sensitive-typesdata-safe-sensitive-types-export
Target registration resources:
Common resources:
The following table describes the permissions that you can assign to a group for the data-safe-discovery-family resource.
| Permission | Description |
|---|---|
inspect |
The user group can list all Data Discovery resources in a specified compartment. |
read or use |
The user group can list and view properties for all Data Discovery resources in a specified compartment. |
manage |
The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) all Data Discovery resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe. |
data-safe-discovery-jobs Resource
The data-safe-discovery-jobs resource represents incremental data discovery jobs in Oracle Data Safe.
The following table describes the permissions available for the
data-safe-discovery-jobs resource.
| Permission | Description |
|---|---|
inspect |
The user group can list incremental data discovery jobs. |
read or
use |
The user group can list and view properties of incremental data discovery jobs. |
manage |
The user group can perform all tasks with incremental data discovery jobs, including the following: 1) List and view properties of incremental data discovery jobs. 2) Create, update, delete, and move (to another compartment) incremental data discovery jobs. |
data-safe-sensitive-data-models Resource
The data-safe-sensitive-data-models resource represents
sensitive data models in Data Discovery.
The following table describes the permissions available for the
data-safe-sensitive-data-models resource.
| Permission | Description |
|---|---|
inspect |
The user group can list sensitive data models. |
read or
use |
The user group can list and view properties of sensitive data models. |
manage |
The user group can perform all tasks with sensitive data models, including the following: 1) List and view properties of sensitive data models. 2) Run a data discovery job. 3) Create, update, delete, and move (to another compartment) sensitive data models. |
data-safe-sensitive-type-group Resource
The data-safe-sensitive-type-group resource represents
sensitive type groups in Data Discovery.
The following table describes the permissions available for the
data-safe-sensitive-type-group resource.
| Permission | Description |
|---|---|
inspect |
The user group can list all sensitive type group resources. |
read or
use |
The user group can list and view properties for all sensitive type group resources. |
manage |
The user group can perform all tasks with sensitive type groups, including the following: 1) List and view properties of sensitive type groups. 2) Create, update, delete, and move (to another compartment) sensitive type groups. The user group cannot update, delete, or move the Oracle-defined common sensitive type group. |
data-safe-sensitive-types Resource
The data-safe-sensitive-types resource represents
sensitive types in Data Discovery.
The following table describes the permissions available for the
data-safe-sensitive-types resource.
| Permission | Description |
|---|---|
inspect |
The user group can list Oracle-defined and user-defined sensitive types. |
read or
use |
The user group can list and view properties of Oracle-defined and user-defined sensitive types. |
manage |
The user group can perform all tasks with sensitive types, including the following: 1) List and view properties of Oracle-defined and user-defined sensitive types. 2) Create, update, delete, and move (to another compartment) user-defined sensitive types. The user group cannot update, delete, or move an Oracle-defined sensitive type. |
data-safe-sensitive-types-export Resource
The data-safe-sensitive-types-export resource contains
an XML file with exported sensitive types and categories, along with metadata about
the export, including the creation timestamp, name, description, and other relevant
details. See Export and Upload User-Defined Sensitive
Types.
The following table describes the permissions available for the
data-safe-sensitive-types-export resource.
| Permission | Description |
|---|---|
inspect |
The user group can list all sensitive types export resources in a specified compartment. |
read or use |
The user group can list and view properties for all sensitive types export resources and download the corresponding XML files in a specified compartment. |
manage |
The user group can list, view properties for, create, update, delete, and move (to another compartment) sensitive types export resources in a specified compartment. |