19.1 Data Authorization Views
These views help you validate data role definitions, data grant assignments, and the resulting row-level and column-level authorization rules.
Summary of views
| View or Object Name | Description |
|---|---|
DBA_DATA_ROLES |
Displays all data roles defined in the database. |
DBA_DATA_ROLE_GRANTS |
Displays all data role grants and database role grants to data roles. |
DBA_DATA_GRANTS |
Displays all fine-grained data grants in the database. |
ALL_DATA_GRANTS |
Displays all fine-grained data grants accessible to the current user. |
USER_DATA_GRANTS |
Displays all fine-grained data grants owned by the current user. |
19.1.1 DBA_DATA_ROLES
Displays all data roles defined in the database. Data roles can be locally defined or externally mapped to IAM attributes (for example, Entra ID roles). Data roles that are externally mapped activate automatically when the corresponding claim is present in the end-user token.
| Column | Datatype | NULL | Description |
|---|---|---|---|
|
|
|
|
Name of the data role |
|
|
|
|
External name (from IAM) that a data role maps to. |
|
|
|
|
Indicates whether the data role is
enabled by default ( |
19.1.2 DBA_DATA_ROLE_GRANTS
Displays all data role grants and database role grants assigned to data roles, end users, or application identities. Each row represents a single grant with optional temporal validity constraints.
| Column | Datatype | NULL | Description |
|---|---|---|---|
|
|
|
|
Name of the granted role |
|
|
|
|
Type of granted role:
|
|
|
|
|
Name of the grantee |
|
|
|
|
Type of grantee:
|
|
|
|
|
Start time from which the grant is valid |
|
|
|
|
End time until which the grant is valid |
19.1.3 DBA_DATA_GRANTS
Displays all Oracle Deep Data Security
(Deep Sec) data grants in the database, created using the
CREATE DATA GRANT statement. Because predicated grants contain unique
attributes, such as grant names and active time windows (start or end times), they are not
recorded in the standard DBA_TAB_PRIVS view. Instead, Deep Sec data grants appear exclusively in this dedicated
dictionary view.
Note the distinction between the two ownership columns:
OBJECT_OWNER identifies the schema of the
target object being protected, whereas OWNER
identifies the schema that owns the data grant itself.
| Column | Datatype | NULL | Description |
|---|---|---|---|
|
|
|
|
Owner of the data grant |
|
|
|
|
Name of the data grant |
|
|
|
|
Type of privilege granted |
|
|
|
|
Name of the column to which the data grant applies Null if the granted privilege is not a column privilege |
|
|
|
|
Name of the column to which the data grant applies, if granted using
the Null if the granted privilege is not a column privilege or if the
privilege was not granted using the |
|
|
|
|
Owner of the object to which the data grant applies |
|
|
|
|
Name of the object to which the data grant applies |
|
|
|
|
Type of object to which the data grant applies (such as
|
|
|
|
|
Predicate used for the data grant |
|
|
|
|
Name of the grantee |
|
|
|
|
Type of grantee:
|
|
|
|
|
Indicates whether |
|
|
|
|
Start time for the data grant, if specified |
|
|
|
|
End time for the data grant, if specified |
|
|
|
|
Displays the column name if the data grant on the column is no longer valid due to, for example, a column name change or a dropped column Null if the granted privilege is not a column privilege or if the column is valid |
19.1.4 ALL_DATA_GRANTS
Displays all Oracle Deep Data Security (Deep Sec) data grants that are accessible to the current user.
| Column | Datatype | NULL | Description |
|---|---|---|---|
|
|
|
|
Owner of the data grant |
|
|
|
|
Name of the data grant |
|
|
|
|
Type of privilege granted |
|
|
|
|
Name of the column to which the data grant applies Null if the granted privilege is not a column privilege |
|
|
|
|
Name of the column to which the data grant applies, if granted using
the Null if the granted privilege is not a column privilege or if the
privilege was not granted using the |
|
|
|
|
Owner of the object to which the data grant applies |
|
|
|
|
Name of the object to which the data grant applies |
|
|
|
|
Type of object to which the data grant applies (such as
|
|
|
|
|
Predicate used for the data grant |
|
|
|
|
Name of the grantee |
|
|
|
|
Type of grantee:
|
|
|
|
|
Indicates whether |
|
|
|
|
Start time for the data grant, if specified |
|
|
|
|
End time for the data grant, if specified |
|
|
|
|
Displays the column name if the data grant on the column is no longer valid due to, for example, a column name change or a dropped column Null if the granted privilege is not a column privilege or if the column is valid |
19.1.5 USER_DATA_GRANTS
Displays all Oracle Deep Data Security (Deep Sec) data grants that are owned by the current user.
| Column | Datatype | NULL | Description |
|---|---|---|---|
|
|
|
|
Name of the data grant |
|
|
|
|
Type of privilege granted |
|
|
|
|
Name of the column to which the data grant applies Null if the granted privilege is not a column privilege |
|
|
|
|
Name of the column to which the data grant applies, if granted using
the Null if the granted privilege is not a column privilege or if the
privilege was not granted using the |
|
|
|
|
Owner of the object to which the data grant applies |
|
|
|
|
Name of the object to which the data grant applies |
|
|
|
|
Type of object to which the data grant applies (such as
|
|
|
|
|
Predicate used for the data grant |
|
|
|
|
Name of the grantee |
|
|
|
|
Type of grantee:
|
|
|
|
|
Indicates whether |
|
|
|
|
Start time for the data grant, if specified |
|
|
|
|
End time for the data grant, if specified |
|
|
|
|
Displays the column name if the data grant on the column is no longer valid due to, for example, a column name change or a dropped column Null if the granted privilege is not a column privilege or if the column is valid |