Edit Data Security Policies on the Security Console
This topic describes how to edit data security policies when creating, copying or editing roles on the Roles tab of the Security Console.
Edit Data Security Policies for Roles
To create a role, it's recommended that you copy a predefined role rather than create a role from scratch. In this case, your role automatically has the data security policies of the copied role. You can edit or remove the copied data security policies if necessary.
To edit or remove a data security policy for a copied role:
- On the Roles tab of the Security Console, search for and select your custom role.
-
In the search results, click the down arrow for the selected role and select Edit Role.
The Edit Role: Basic Information page is displayed.
- Click the Data Security Policies train stop.
-
On the Edit Role: Data Security Policies page, locate the policy then click the down arrow at the end of the policy row to show the actions menu.
-
Select one of the options listed:
-
To remove the policy, select the Remove Data Security Policy option.
The policy is removed from the role.
-
To edit the policy, do the following:
-
Select the Edit Data Security Policy option.
The Edit Data Security Policy dialog box is displayed.
-
Change the values as required, for example, you can change the start date, the data set, or the action specified for the policy.
-
Click OK to save your changes, and close the confirmation message.
-
-
Create Data Security Policies for Roles
You're unlikely to create data security policies unless you create roles from scratch. However, you can do so if required. Here are the steps to use.
- On the Roles tab of the Security Console, click Create Role.
-
On the Create Role: Basic Information page, enter the role's display name, role code, and role category.
For additional information about creating roles, see the topic Create Job and Abstract Roles.
- Click Next, then click Next again.
-
On the Create Role: Data Security Policies page, click Create Data Security Policy.
-
The Create Data Security Policy dialog box is displayed. A Start Date value is automatically assigned to the policy but can be changed.
-
In the Policy Name field, enter a policy name.
The names of predefined data security policies begin with the words Grant on.
-
Search for and select the database resource for which you're defining the policy, for example, search for a table name.
-
In the Data Set field, select the subset of the data made available by the database resource the policy applies to.
The following table describes the values you can choose for the Data Set field.
Value
Description
Select by key
Use to limit the data set to a single record in the data resource. If you select this option, you must specify the primary key value that identifies the record in the database resource.
Select by instance set
Use to limit the data set to a subset of the data in the data resource. If you select this option, you must select a condition that defines a subset of the data. Conditions vary by resource.
If the predefined conditions available for a resource aren't appropriate, you can create custom conditions using access groups and rules. For information about access groups, see the Access Groups chapter. If you need additional help, contact Oracle Support.
All values
Use to include all data from the data resource in the data set.
-
Complete the remaining fields, which depend on the selected combination of database resource and data set values.
-
In the Actions field, select the actions to which this data security policy applies.
-
Click OK to save the data security policy.
You can view the new policy on the Data Security Policies page by scrolling to the end of the list of policies.