Data Masking Resources

An administrator in Oracle Cloud Infrastructure Identity and Access Management (IAM) can grant permissions as needed on the following Data Masking resources. As an alternative to selectively granting permissions, you can grant permissions on data-safe-masking-family in the relevant compartments, which would include permissions on all of the resources below and target registration permissions.

data-safe-work-requests Resource (see Common Resources)

data-safe-masking-family Resource

The data-safe-masking-family resource represents all Oracle Data Safe resources that pertain to Data Masking. The resources are as follows:

data-safe
data-safe-private-endpoints
onprem-connectors
target-databases
target-database-group
data-safe-masking-policies
data-safe-library-masking-formats
data-safe-masking-reports
data-safe-masking-policy-healthreport
data-safe-work-requests

The following table describes the permissions that you can assign to a group for the data-safe-masking-family resource.

Permissions	Description
`inspect`	The user group can list all Data Masking resources in a specified compartment.
`read` or `use`	The user group can list and view properties for all Data Masking resources in a specified compartment.
`manage`	The user group can do the following: List, view properties for, create, update, delete, and move (to another compartment) all Data Masking resources in a specified compartment. Inspect, read, create, update, delete, and move Oracle Data Safe private endpoints, Oracle Data Safe on-premises connectors, and Oracle Data Safe target databases Read work requests in Oracle Data Safe.

data-safe-library-masking-formats Resource

The data-safe-library-masking-formats resource represents Oracle-defined and user-defined masking formats in Data Masking.

The following table describes the permissions available for the data-safe-library-masking-formats resource.

Permission Description

Permission	Description
`inspect`	The user group can list Oracle-defined and user-defined masking formats in Data Masking.
`read` or `use`	The user group can list and view properties of Oracle-defined and user-defined masking formats in Data Masking.
`manage`	The user group can perform all tasks with masking formats, including the following: List and view properties of Oracle-defined and user-defined masking formats in Data Masking Create, update, delete, and move (to another compartment) user-defined masking formats Note: The user group cannot update, delete, or move Oracle-predefined masking formats.

inspect

The user group can list Oracle-defined and user-defined masking formats in Data Masking.

read or use

The user group can list and view properties of Oracle-defined and user-defined masking formats in Data Masking.

manage

The user group can perform all tasks with masking formats, including the following:

List and view properties of Oracle-defined and user-defined masking formats in Data Masking
Create, update, delete, and move (to another compartment) user-defined masking formats

Note:

The user group cannot update, delete, or move Oracle-predefined masking formats.

data-safe-masking-policies Resource

The data-safe-masking-policies resource represents masking policies in Data Masking.

The following table describes the permissions available for the data-safe-masking-policies resource.

Permission Description

Permission	Description
`inspect`	The user group can list masking policies.
`read` or `use`	The user group can list and view properties of masking policies.
`manage`	The user group can perform all tasks with masking policies, including the following: List and view properties of masking policies Create, update, delete, and move (to another compartment) masking policies

inspect

The user group can list masking policies.

read or use

The user group can list and view properties of masking policies.

manage

The user group can perform all tasks with masking policies, including the following:

List and view properties of masking policies
Create, update, delete, and move (to another compartment) masking policies

data-safe-masking-reports Resource

The data-safe-masking-reports resource represents reports in Data Masking.

The following table describes the permissions available for the data-safe-masking-reports resource.

Permission Description

Permission	Description
`inspect`	The user group can list masking reports.
`read` or `use`	The user group can list and view properties of masking reports.
`manage`	The user group can perform all tasks with masking reports, including the following: List and view properties of masking reports Run a data masking job Update masking reports

inspect

The user group can list masking reports.

read or use

The user group can list and view properties of masking reports.

manage

The user group can perform all tasks with masking reports, including the following:

List and view properties of masking reports
Run a data masking job
Update masking reports

data-safe-masking-policy-healthreport Resource

The data-safe-masking-policy-healthreport resource represents pre-masking reports in Data Masking.

The following table describes the permissions available for the data-safe-masking-policy-healthreport resource.

Permission Description

Permission	Description
`inspect`	The user group can list pre-masking reports.
`read` or `use`	The user group can list and view properties of pre-masking reports.
`manage`	The user group can perform all tasks with pre-masking reports, including the following: List and view properties of pre-masking reports Run a pre-masking check Move pre-masking reports to a different compartment Delete the pre-masking report

inspect

The user group can list pre-masking reports.

read or use

The user group can list and view properties of pre-masking reports.

manage

The user group can perform all tasks with pre-masking reports, including the following:

List and view properties of pre-masking reports
Run a pre-masking check
Move pre-masking reports to a different compartment
Delete the pre-masking report