Adding data security policies (DSPs) to delivered roles
Summary
The ability to add DSPs to delivered roles is not prohibited; FSPs and inherited role modifications are restrictedContent
Function Security Policies and roles cannot be added to seeded/delivered Oracle job and abstract roles; this is good! Data Security Policies, however, can be added (can't remove or edit though). Is there a rationale for this? Also, would a quarterly update wipe these updates to the delivered state?
It is a best practice to copy seeded roles and make your updates there, so I'm not sure why we're given the option of adding DSPs. I can see users adding "All values" conditions, and then the role can potentially see or do more than intended.
Tagged:
4