Data Masking Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on individual Data Masking resources. As an alternative to selectively granting permissions, you can grant permissions on the data-safe-masking-family resource in relevant compartments, which includes permissions on all Data Masking related resources.

data-safe-masking-family Resource

The data-safe-masking-family resource includes all Oracle Data Safe resources related to Data Masking as well as target registration and common resources.

Data Masking resources:

• data-safe-library-masking-formats

• data-safe-masking-policies

• data-safe-masking-policy-healthreport

• data-safe-masking-reports

Target registration resources:

• data-safe-private-endpoints

• onprem-connectors

• target-database-group

• target-databases

Common resources:

• data-safe

• data-safe-work-requests

The following table describes the permissions that you can assign to a group for the data-safe-masking-family resource.

Permissions	Description
inspect	The user group can list all Data Masking resources in a specified compartment.
read or use	The user group can list and view properties for all Data Masking resources in a specified compartment.
manage	The user group can do the following: 1) List, view properties for, create, update, delete, and move (to another compartment) all Data Masking resources in a specified compartment. 2) Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases. 3) Read work requests in Oracle Data Safe.

data-safe-library-masking-formats Resource

The data-safe-library-masking-formats resource represents Oracle-defined and user-defined masking formats in Data Masking.

The following table describes the permissions available for the data-safe-library-masking-formats resource.

Permission	Description
inspect	The user group can list Oracle-defined and user-defined masking formats in Data Masking.
read or use	The user group can list and view properties of Oracle-defined and user-defined masking formats in Data Masking.
manage	The user group can perform all tasks with masking formats, including the following: 1) List and view properties of Oracle-defined and user-defined masking formats in Data Masking. 2) Create, update, delete, and move (to another compartment) user-defined masking formats. 3) The user group cannot update, delete, or move Oracle-predefined masking formats.

data-safe-masking-policies Resource

The data-safe-masking-policies resource represents masking policies in Data Masking.

The following table describes the permissions available for the data-safe-masking-policies resource.

Permission	Description
inspect	The user group can list masking policies.
read or use	The user group can list and view properties of masking policies.
manage	The user group can perform all tasks with masking policies, including the following: 1) List and view properties of masking policies. 2) Create, update, delete, and move (to another compartment) masking policies.

data-safe-masking-policy-healthreport Resource

The data-safe-masking-policy-healthreport resource represents pre-masking reports in Data Masking.

The following table describes the permissions available for the data-safe-masking-policy-healthreport resource.

Permission	Description
inspect	The user group can list pre-masking reports.
read or use	The user group can list and view properties of pre-masking reports.
manage	The user group can perform all tasks with pre-masking reports, including the following: 1) List and view properties of pre-masking reports. 2) Run a pre-masking check. 3) Move pre-masking reports to a different compartment. 4) Delete the pre-masking report.

data-safe-masking-reports Resource

The data-safe-masking-reports resource represents reports in Data Masking.

The following table describes the permissions available for the data-safe-masking-reports resource.

Permission	Description
inspect	The user group can list masking reports.
read or use	The user group can list and view properties of masking reports.
manage	The user group can perform all tasks with masking reports, including the following: 1) List and view properties of masking reports. 2) Run a data masking job. 3) Update masking reports.