Data Discovery Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on the following Data Discovery resources. As an alternative to selectively granting permissions, you can grant permissions on data-safe-discovery-family in the relevant compartments, which would include permissions on all of the resources below and target registration permissions.

data-safe-work-requests Resource (see Common Resources)

data-safe-discovery-family Resource

The data-safe-discovery-family resource represents all Oracle Data Safe resources that pertain to Data Discovery. The resources are as follows:

data-safe
data-safe-private-endpoints
onprem-connectors
target-databases
data-safe-sensitive-data-models
data-safe-sensitive-type-group
data-safe-sensitive-types
data-safe-sensitive-types-export
data-safe-discovery-jobs
data-safe-work-requests

The following table describes the permissions that you can assign to a group for the data-safe-discovery-family resource.

Permission	Description
`inspect`	The user group can list all Data Discovery resources in a specified compartment.
`read` or `use`	The user group can list and view properties for all Data Discovery resources in a specified compartment.
`manage`	The user group can do the following: List, view properties for, create, update, delete, and move (to another compartment) all Data Discovery resources in a specified compartment. Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. Read work requests in Oracle Data Safe.

data-safe-discovery-jobs Resource

The data-safe-discovery-jobs resource represents incremental data discovery jobs in Oracle Data Safe.

The following table describes the permissions available for the data-safe-discovery-jobs resource.

Permission Description

Permission	Description
`inspect`	The user group can list incremental data discovery jobs.
`read` or `use`	The user group can list and view properties of incremental data discovery jobs.
`manage`	The user group can perform all tasks with incremental data discovery jobs, including the following: List and view properties of incremental data discovery jobs Create, update, delete, and move (to another compartment) incremental data discovery jobs

inspect

The user group can list incremental data discovery jobs.

read or use

The user group can list and view properties of incremental data discovery jobs.

manage

The user group can perform all tasks with incremental data discovery jobs, including the following:

List and view properties of incremental data discovery jobs
Create, update, delete, and move (to another compartment) incremental data discovery jobs

data-safe-sensitive-data-models Resource

The data-safe-sensitive-data-models resource represents sensitive data models in Data Discovery.

The following table describes the permissions available for the data-safe-sensitive-data-models resource.

Permission Description

Permission	Description
`inspect`	The user group can list sensitive data models.
`read` or `use`	The user group can list and view properties of sensitive data models.
`manage`	The user group can perform all tasks with sensitive data models, including the following: List and view properties of sensitive data models Run a data discovery job Create, update, delete, and move (to another compartment) sensitive data models

inspect

The user group can list sensitive data models.

read or use

The user group can list and view properties of sensitive data models.

manage

The user group can perform all tasks with sensitive data models, including the following:

List and view properties of sensitive data models
Run a data discovery job
Create, update, delete, and move (to another compartment) sensitive data models

data-safe-sensitive-type-group Resource

The data-safe-sensitive-type-group resource represents sensitive type groups in Data Discovery.

The following table describes the permissions available for the data-safe-sensitive-type-group resource.

Permission Description

Permission	Description
`inspect`	The user group can list all sensitive type group resources.
`read` or `use`	The user group can list and view properties for all sensitive type group resources.
`manage`	The user group can perform all tasks with sensitive type groups, including the following: List and view properties of sensitive type groups Create, update, delete, and move (to another compartment) sensitive type groups Note: The user group cannot update, delete, or move the Oracle-defined common sensitive type group.

inspect

The user group can list all sensitive type group resources.

read or use

The user group can list and view properties for all sensitive type group resources.

manage

The user group can perform all tasks with sensitive type groups, including the following:

List and view properties of sensitive type groups
Create, update, delete, and move (to another compartment) sensitive type groups

Note:

The user group cannot update, delete, or move the Oracle-defined common sensitive type group.

data-safe-sensitive-types Resource

The data-safe-sensitive-types resource represents sensitive types in Data Discovery.

The following table describes the permissions available for the data-safe-sensitive-types resource.

Permission Description

Permission	Description
`inspect`	The user group can list Oracle-defined and user-defined sensitive types.
`read` or `use`	The user group can list and view properties of Oracle-defined and user-defined sensitive types.
`manage`	The user group can perform all tasks with sensitive types, including the following: List and view properties of Oracle-defined and user-defined sensitive types Create, update, delete, and move (to another compartment) user-defined sensitive types Note: The user group cannot update, delete, or move an Oracle-defined sensitive type.

inspect

The user group can list Oracle-defined and user-defined sensitive types.

read or use

The user group can list and view properties of Oracle-defined and user-defined sensitive types.

manage

The user group can perform all tasks with sensitive types, including the following:

List and view properties of Oracle-defined and user-defined sensitive types
Create, update, delete, and move (to another compartment) user-defined sensitive types

Note:

The user group cannot update, delete, or move an Oracle-defined sensitive type.

data-safe-sensitive-types-export Resource

The data-safe-sensitive-types-export resource contains an XML file with exported sensitive types and categories, along with metadata about the export, including the creation timestamp, name, description, and other relevant details.

The following table describes the permissions available for the data-safe-sensitive-types-export resource.

Permission	Description
`inspect`	The user group can list all sensitive types export resources in a specified compartment.
`read` or `use`	The user group can list and view properties for all sensitive types export resources and download the corresponding XML files in a specified compartment.
`manage`	The user group can list, view properties for, create, update, delete, and move (to another compartment) sensitive types export resources in a specified compartment.

Related Topics

Export and Upload User-Defined Sensitive Types