Learn about Redwood and be one of the first to join the conversation

Visit Redwood Community
Adding data security policies (DSPs) to delivered roles — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Adding data security policies (DSPs) to delivered roles

Received Response
16
Views
3
Comments
edited Jan 29, 2021 2:58AM in Applications Security 3 comments

Summary

The ability to add DSPs to delivered roles is not prohibited; FSPs and inherited role modifications are restricted

Content

Function Security Policies and roles cannot be added to seeded/delivered Oracle job and abstract roles; this is good! Data Security Policies, however, can be added (can't remove or edit though). Is there a rationale for this? Also, would a quarterly update wipe these updates to the delivered state?

It is a best practice to copy seeded roles and make your updates there, so I'm not sure why we're given the option of adding DSPs. I can see users adding "All values" conditions, and then the role can potentially see or do more than intended.

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!