Guidelines for Copying Abstract Roles
Roles with assigned security profiles contain data security policies that are generated from the assigned security profiles.
When you copy such a role, you copy all of its data security policies, including those that were generated from the assigned security profiles. These data security policies can be difficult to remove successfully from the role copy on the Security Console. Therefore, to avoid copying unwanted data security policies, you're recommended to revoke security profiles from abstract roles before you copy them. Reassign the security profiles to the abstract role when the copy is complete.
If you have already made a copy of a predefined abstract role with assigned security profiles, then you can remove the copied data security policies as follows:
-
Edit your custom role.
-
On the Data Security Policies page, filter by policy names beginning with the prefix ORA_. These policies were generated from security profiles assigned to the predefined abstract role that you copied.
-
Remove all policies beginning with ORA_ in the filtered list.
Any remaining data security policies are either predefined and should not be removed or generated from security profiles assigned to your custom role.