12 Configure Data Roles
Use the SQL statements in this chapter to create and drop data roles.
You define a data role in the database specifically for fine-grained data grants. Oracle Deep Data Security (Deep Sec) supports two types of data roles:
- Data roles that are externally mapped: Database
representations of external IAM roles (created using the
MAPPED TOclause). The database automatically enables these roles based on the user's token claims when an end-user security context is established. - Data roles that are locally managed: Data roles created and managed entirely within the database. You can grant these to local end users, application identities, or other data roles (that are managed locally in the database). They do not map to external IAM roles.
Query the DBA_DATA_ROLES data dictionary view to review existing
data roles and their properties.
Topics: