Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking Administration
  3. Authentication
  4. Security
  5. Connection Management
  6. JDBC Client Configuration
  7. ODBC Client Configuration
  8. Configuration for MicroStrategy
  9. Access Control
  10. Logs
  11. High Availability
  12. Server Control
  13. Performance Tuning
  14. Troubleshooting
  15. Appendix A: Database Keywords

Administrator Guide

Administrator Guide

Oracle Dynamic Data Masking Administrator Required Privileges

Oracle Dynamic Data Masking Administrator Required Privileges

The Dynamic Data Masking administrator must have privileges to access sensitive tables and columns.
Run the following database commands to create a Dynamic Data Masking administrator user and grant the required privileges:
  • CREATE USER <DDM Admin> IDENTIFIED BY <XXXX>
  • ALTER USER <DDM Admin> QUOTA UNLIMITED ON USERS
  • GRANT BECOME USER
  • GRANT CREATE SESSION TO <DDM Admin>
  • GRANT ALTER SESSION
  • GRANT SELECT ANY TABLE TO <DDM Admin>
  • GRANT SELECT ANY DICTIONARY TO <DDM Admin>
  • GRANT EXECUTE ANY PROCEDURE TO <DDM Admin>

Additional Privileges for SELECT * Statements

If your Dynamic Data Masking security rules need to support column masking on SELECT * statements, you must also run the following commands:
  • CREATE USER <DDM Admin> IDENTIFIED BY <XXXX>
  • ALTER USER <DDM Admin> QUOTA UNLIMITED ON USERS
  • GRANT BECOME USER TO <DDM Admin>
  • GRANT CREATE SESSION TO <DDM Admin>
  • GRANT ALTER SESSION TO <DDM Admin>
  • GRANT SELECT ANY TABLE TO <DDM Admin>
  • GRANT SELECT ANY DICTIONARY TO <DDM Admin>
  • GRANT EXECUTE ANY TYPE TO <DDM Admin>
  • GRANT SELECT_CATALOG_ROLE TO <DDM Admin>
  • GRANT GRANT ANY OBJECT PRIVILEGE TO <DDM Admin>
  • GRANT CREATE ANY TABLE TO <DDM Admin>
  • GRANT DROP ANY TABLE TO <DDM Admin>
  • GRANT INSERT ANY TABLE TO <DDM Admin>

0 COMMENTS

We’d like to hear from you!