# Oracle Integration Reference Guide
{% hint style="info" %}
**Immuta policies will not be automatically enforced in Oracle**
While you can author and apply subscription and data policies on Oracle data sources within Immuta, these policies will not be enforced natively in the Oracle platform. You can use [Immuta webhooks](https://documentation.immuta.com/saas/developer-guides/api-intro/immuta-v1-api/configure-your-instance-of-immuta/webhooks#webhook-overview) to be notified about changes to user access and make appropriate access updates in Oracle using your own process.
To use this integration, contact your Immuta representative.
{% endhint %}
The Oracle integration allows you to register data from Oracle in Immuta. Immuta supports Oracle on Amazon RDS.
## What does Immuta do in my environment?
### Registering a connection
Oracle is configured and data is registered through [connections](https://documentation.immuta.com/saas/configuration/integrations/data-and-integrations/registering-a-connection/reference-guides/connections-overview), an Immuta feature that allows you to register your data objects through a single connection to make data registration more scalable for your organization. Instead of registering schema and databases individually, you can register them all at once and allow Immuta to monitor your data platform for changes so that data sources are added and removed automatically to reflect the state of data in your data platform.
When the [connection is registered](https://documentation.immuta.com/saas/configuration/integrations/oracle/register-an-oracle-connection), Immuta ingests and stores connection metadata in the Immuta metadata database. In the example below, the Immuta application administrator connects the database that contains `marketing-data`, `research-data`, and `cs-data` tables. Immuta registers[^1] these tables as data sources and stores the table metadata in the Immuta metadata database.
Immuta presents a hierarchical view of your data that reflects the hierarchy of objects in Oracle after registration is complete:
* Host
* Database
* Schema
* Table
Beyond making the registration of your data more intuitive, connections provides more control. Instead of performing operations on individual schemas or tables, you can perform operations (such as object sync) at the connection level.
See the [Connections reference guide](https://documentation.immuta.com/saas/configuration/integrations/data-and-integrations/registering-a-connection/reference-guides/connections-overview) for details about connections and how to manage them. To configure your Oracle integration and register data, see the [Register an Oracle connection guide](https://documentation.immuta.com/saas/configuration/integrations/oracle/register-an-oracle-connection).
### Required Oracle privileges
The privileges that the Oracle integration requires align to the least privilege security principle. The table below describes each privilege required by the [setup user](#user-content-fn-2)[^2] and the [`IMMUTA_SYSTEM_ACCOUNT`](#user-content-fn-3)[^3] user.
| Oracle privilege | User requiring the privilege | Explanation |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `GRANT ANY ROLE` or `GRANT ANY PRIVILEGE` system privilege | Setup user | This privilege allows the user registering the connection to assign the `SELECT_CATALOG_ROLE` or `SELECT` privileges to the Immuta system account so that it can register and manage the connection. |
|
SELECT on all the system views listed below:
V$DATABASE
CDB\_PDBS
SYS.DBA\_USERS
SYS.DBA\_TABLES
SYS.DBA\_VIEWS
SYS.DBA\_MVIEWS
SYS.DBA\_TAB\_COLUMNS
SYS.DBA\_OBJECTS
SYS.DBA\_CONSTRAINTS
SYS.DBA\_CONS\_COLUMNS
| Immuta system account | This privilege provides access to all the Oracle system views necessary to register the connection and maintain state between the Oracle database and Immuta. |
### Maintaining state with Oracle
The following user actions spur various processes in the Oracle integration so that Immuta data remains synchronous with data in Oracle:
* **Data source created or updated**: Immuta registers data source metadata and stores that metadata in the Immuta metadata database.
* **Data source deleted**: Immuta deletes the data source metadata from the metadata database and removes subscription policies from that table.
## Supported object types
While you can author and apply subscription and data policies on Oracle data sources in Immuta, these policies will not be enforced natively in the Oracle platform.
| Object type | Subscription policy support | Data policy support | Request app support |
| ------------------ | --------------------------- | ------------------- | -------------------- |
| Tables | :x: | :x: | :white\_check\_mark: |
| Views | :x: | :x: | :white\_check\_mark: |
| Materialized views | :x: | :x: | :white\_check\_mark: |
## Immuta policies
Immuta will not apply policies in this integration.
## Security and compliance
### Authentication method
The Oracle integration supports **username and password** authentication to register a connection. The credentials provided must be for an account with the permissions listed in the [Register an Oracle connection guide](https://documentation.immuta.com/saas/configuration/integrations/register-an-oracle-connection#permissions).
## Limitations and known issues
The following Immuta features are unsupported:
* Subscription and data policies
* Tag ingestion
* Query audit
[^1]: See the [Connections reference guide](https://documentation.immuta.com/saas/configuration/data-and-integrations/registering-a-connection/reference-guides/connections-overview#object-sync) for more details about how data objects are synced with Immuta so that the objects in Oracle stay synchronous with the registered objects in Immuta.
[^2]: The Oracle user registering the connection.
[^3]: This user account is used by Immuta to manage the integration once it has been set up.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://documentation.immuta.com/saas/configuration/integrations/oracle/oracle-connection-reference-guide.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
