View Schema Access Details for a User

User Assessment provides you with the ability to view details about the schemas and tables that a user has access to. You can also see what privileges the user was granted on these schemas and tables. View the Schema access column in a User Assessment to find this information.

Tip:

To access the object access related details:

• You will need read or use permissons on the data-safe-security-policy-reports resource. See data-safe-security-policy-reports Resource in the Administering Oracle Data Safe guide for more information.
• You may need to re-run the database privilege script for non-Autonomous Databases. See Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database in the Administering Oracle Data Safe guide for more information.

1. Under Security center, click User assessment.
2. From the User Assessment page, click the Target summary tab.
3. (Optional) On the left under List Scope, select the compartment that contains the target database(s) for which you want to view the User Assessment reports. Select the INCLUDE CHILD COMPARTMENTS check box if you also want to be able to view reports for target databases that reside in child compartments too.

   Note:

   The schedule that generates the latest assessment for a target database is available in the same compartment as the target database.
4. (Optional) Under Filters, select a target database from the Target databases list to narrow the scope of displayed metrics and charts.
5. On the Target Summary tab, locate the line in the table for your target database, and click View Report. The User Assessment Details page is displayed, showing you the latest assessment report for your target database.
6. Click on the schemas listed in the Schema access column to view more details about the schemas the user has access to.

   This will open a panel on the right.

7. Click on a listed schema in the panel to see the access details at the table level.
   This will bring you to the Schema details page. The Schema details page includes the following columns:

   • Table name - Lists specific tables in the schema or All tables if the granted privilege is applicable on all tables in the schema. Click All tables to see the list of tables.
   • Sensitive - Indicates if the user has access to sensitive data. Data is determined to be sensitive if it is marked as sensitive in a sensitive data model for that target database in Data Discovery.
   • Access Type - DELETE, INSERT, OWNER, SELECT, or UPDATE. The table is grouped by this column.
   • Privilege - The privilege that was granted to the user.
   • Privilege type - Column Privilege, Object Privilege, Owner Privilege, Schema Privilege on SCHEMA_NAME, or System Privilege.
   • Access through object
     • TABLE - Indicates that this privilege is granted directly on the table
     • VIEW - Indicates that this privilege is granted on a database view object which is dependent on this table, directly or recursively
   • Grant from role - Shows the role assigned to the user that provides the listed privileges. Click on this to see the details for the grant path. If there is no value listed, then it is a direct privilege granted to the user.
   • Table privilege grantable - Indicates what privileges the selected user can grant to other users.
     • ADMIN_OPTION - For system privilege, this indicates that the privilege is granted to the user or role with the ADMIN_OPTION
     • GRANT_OPTION - For column or object privilege, this indicates that the privilege is granted to the user or role with the GRANT_OPTION
     • If this is empty it means the user can't grant access to that table to other users
   • Column name - Lists the column associated with this column privilege.
   • Table access constrained by - Indicates if the tables of the target database are protected by any of the following security features: Data Redaction, Database Vault, Database view, Oracle Label Security, Real Application Security, SQL Firewall, or Virtual Private Database.

     SQL Firewall is user-based and will show up if there's an eabled SQL Firewall allow-list for this user. SQL Firewall management is only available for Oracle Databaser 23ai target databases.

     If the Access through object column is VIEW, click to see the Database view details report.

8. (Optional) Add basic filters to the report by clicking + Add filter.
9. (Optional) Add advanced filters to the report by clicking Show advanced SCIM query builder.