Book a demo

Oracle Connection Reference Guide

Immuta policies will not be automatically enforced in Oracle

While you can author and apply subscription and data policies on Oracle data sources within Immuta, these policies will not be enforced natively in the Oracle platform. You can use Immuta webhooks to be notified about changes to user access and make appropriate access updates in Oracle using your own process.

The Oracle connection registers data from Oracle in Immuta. Immuta supports Oracle on Amazon RDS.

What does Immuta do in my environment?

Registering a connection

Oracle is configured and data is registered through connections, an Immuta feature that allows you to register your data objects through a single connection to make data registration more scalable for your organization. Instead of registering schema and databases individually, you can register them all at once and allow Immuta to monitor your data platform for changes so that data sources are added and removed automatically to reflect the state of data in your data platform.

When the connection is registered, Immuta ingests and stores connection metadata in the Immuta metadata database. In the example below, the Immuta application administrator connects the database that contains marketing-data , research-data , and cs-data tables. Immuta these tables as data sources and stores the table metadata in the Immuta metadata database.

Immuta presents a hierarchical view of your data that reflects the hierarchy of objects in Oracle after registration is complete:

  • Host

  • Database

  • Schema

  • Table

Beyond making the registration of your data more intuitive, connections provides more control. Instead of performing operations on individual schemas or tables, you can perform operations (such as object sync) at the connection level.

See the Connections reference guide for details about connections and how to manage them. To configure your Oracle connection, see the Register an Oracle connection guide.

Oracle privileges

The privileges that the Oracle connection requires align to the least privilege security principle. The table below describes each privilege required by the and the user.

Oracle privilege
User requiring the privilege
Explanation

GRANT ANY ROLE or GRANT ANY PRIVILEGE system privilege

Setup user

This privilege allows the user registering the connection to assign the SELECT_CATALOG_ROLE or SELECT privileges to the Immuta system account so that it can register and manage the connection.

SELECT on all the system views listed below:

  • V$DATABASE

  • CDB_PDBS

  • SYS.DBA_USERS

  • SYS.DBA_TABLES

  • SYS.DBA_VIEWS

  • SYS.DBA_MVIEWS

  • SYS.DBA_TAB_COLUMNS

  • SYS.DBA_OBJECTS

  • SYS.DBA_CONSTRAINTS

  • SYS.DBA_CONS_COLUMNS

Immuta system account

This privilege provides access to all the Oracle system views necessary to register the connection and maintain state between the Oracle database and Immuta.

Maintaining state with Oracle

The following user actions spur various processes in the Oracle connection so that Immuta data remains synchronous with data in Oracle:

  • Data source created: Immuta registers data source metadata and stores that metadata in the Immuta metadata database.

  • Data source deleted: Immuta deletes the data source metadata from the metadata database and removes subscription policies from that table.

Supported object types

The supported object types for Oracle are listed below.

  • Tables

  • Views

  • Materialized views

Security and compliance

Authentication method

The Oracle connection supports username and password authentication to register a connection. The credentials provided must be for an account with the permissions listed in the Register an Oracle connection guide.

Limitations and known issues

The following Immuta features are unsupported:

  • Automatic subscription and data policy enforcement in Oracle (must be done manually)

  • Query audit

PreviousRegister an Oracle ConnectionNextPostgreSQL

Last updated

Was this helpful?