Data Catalog Policies

Create policies to control who has access to Data Catalog, and the type of access for each group of users.

By default only the users in the Administrators group have access to all Data Catalog resources. For everyone else who's involved with Data Catalog, you must create policies that give them proper rights to Data Catalog resources.

For a complete list of Oracle Cloud Infrastructure policies, see policy reference.

Resource-Types

Data Catalog offers both aggregate and individual resource-types for writing policies.

You can use aggregate resource-types to write fewer policies. For example, instead of allowing a group to manage data-catalogs and data-catalog-data-assets, you can have a policy that allows the group to manage the aggregate resource-type, data-catalog-family.


Aggregate Resource-Type	Individual Resource-Types
`data-catalog-family`	`data-catalogs` `data-catalog-private-endpoints` `data-catalog-metastores` `data-catalog-data-assets` `data-catalog-glossaries` `data-catalog-namespaces`

The APIs covered for the aggregate data-catalog-family resource-type cover the APIs for data-catalogs, data-catalog-private-endpoints, data-catalog-metastores, data-catalog-data-assets, data-catalog-glossaries, and data-catalog-namespaces.

For example,

allow group catalog-admins to manage data-catalog-family in compartment x

is the same as writing the following policies:

allow group catalog-admins to manage data-catalogs in compartment x
allow group catalog-admins to manage data-catalog-private-endpoints in compartment x
allow group catalog-admins to manage data-catalog-metastores in compartment x
allow group catalog-admins to manage data-catalog-data-assets in compartment x
allow group catalog-admins to manage data-catalog-glossaries in compartment x
allow group catalog-admins to manage data-catalog-namespaces in compartment x

Resource-Types for Dynamic Groups

Use Dynamic Groups to group your data catalog resources. For more information, see Creating Dynamic Groups.

To define a Dynamic Group for data catalog resources, use the following resource-types:

datacatalog
datacatalogprivateendpoint
datacatalogmetastore

The following example shows a matching rule which includes all catalogs in a compartment:

Any{resource.type='datacatalog', resource.compartment.id = '<OCID of data catalog compartment>'}

Supported Variables

To add conditions to your policies, you can either use Oracle Cloud Infrastructure general or service-specific variables.


Operations for This Resource Type...	Can Use These Variables...	Variable Type	Comments
`data-catalog-family`	`target.catalog.id`	Entity (OCID)	Not available to use with `CreateCatalog` or work request operations.
`data-catalog-family`	`target.metastore.id`	Entity (OCID)	Available to use only with metastore operations.
`data-catalogs`	`target.catalog.id`	Entity (OCID)	Not available to use with `CreateCatalog` or work request operations.
`data-catalog-data-assets`	`target.catalog.id`	Entity (OCID)	Not available to use with work request operations.
`data-catalog-data-assets`	`target.data-asset.key`	The key is the Universally Unique Identifier (UUID) for the data asset, in a string format. This ID isn't an OCID.	Available to use only with data asset operations except for `CreateDataAsset`.
`data-catalog-glossaries`	`target.catalog.id`	Entity (OCID)	Not available to use with work request operations.
`data-catalog-glossaries`	`target.glossary.key`	String The key is the Universally Unique Identifier (UUID) for the glossary, in a string format. This ID isn't an OCID.	Available to use only with glossary operations except for `CreateGlossary`.
`data-catalog-namespaces`	`target.catalog.id`	Entity (OCID)	Not available to use with work request operations.
`data-catalog-namespaces`	`target.namespace.key`	The key is the Universally Unique Identifier (UUID) for the namespace, in a string format. This ID isn't an OCID.	Available to use only with namespace operations.
`data-catalog-metastores`	`target.metastore.id`	Entity (OCID)	Available to use only with metastore operations.
`data-catalog-metastore-assets`	`target.metastore.id`	Entity (OCID)	Available to use only with metastore asset operations.
`data-catalog-metastore-assets`	`target.metastore.catalog.key` `target.metastore.database.key` `target.metastore.table.key`	Entity (OCID)	Available to use only with metastore asset operations.
`data-catalog-metastore-assets`	`target.metastore.catalog.name` `target.metastore.database.name` `target.metastore.table.name`	String	Available to use only with metastore asset operations.

Details for Verbs + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb for Data Catalog. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

data-catalogs

The APIs covered for the data-catalogs resource-type are listed here. The APIs are displayed alphabetically for each permission.


INSPECT
Permissions	APIs Fully Covered	APIs Partially Covered
CATALOG_INSPECT	`ListCatalogs`	none
CATALOG_JOB_DEFINITION_INSPECT	`ListJobDefinitions`
CATALOG_JOB_INSPECT	`ListJobs`
CATALOG_JOB_INSPECT	`ListWorkRequests`
READ
Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT +	INSPECT +	none
CATALOG_JOB_DEFINITION_READ	`GetJobDefinition`
CATALOG_JOB_DEFINITION_READ	`ListJobDefinitionPermissions`
CATALOG_JOB_READ	`GetJob`
	`GetJobExecution`
	`GetJobLog`
	`GetJob`
	`GetJobExecution`
	`GetJobLog`
	`ListJobMetrics`
CATALOG_READ	`GetCatalog`
	`GetType`
	`ListCatalogPermissions`
	`ListDataAssetPermissions`
	`ListGlossaries`
	`ListTypes`
	`ListSearchResults`
	`SuggestMatches`
CATALOG_WORK_REQUEST_READ	`GetWorkRequest`
	`ListWorkRequestErrors`
	`ListWorkRequestLogs`
USE
Permissions	APIs Fully Covered	APIs Partially Covered
READ +	READ +	none
CATALOG_UPDATE	`UpdateCatalog`
CATALOG_JOB_DEFINITION_CREATE	`CreateJobDefinition`
CATALOG_JOB_DEFINITION_UPDATE	`UpdateJobDefinition`
CATALOG_JOB_DEFINITION_DELETE	`DeleteJobDefinition`
CATALOG_JOB_CREATE	`CreateJob`
CATALOG_JOB_UPDATE	`UpdateJob`
CATALOG_JOB_DELETE	`DeleteJobDefinition`
CATALOG_ATTACH_CATALOG_PRIVATE_ENDPOINT	`AttachCatalogPrivateEndpoint`
CATALOG_DETACH_CATALOG_PRIVATE_ENDPOINT	`DetachCatalogPrivateEndpoint`
MANAGE
Permissions	APIs Fully Covered	APIs Partially Covered
USE +	USE +	none
CATALOG_CREATE	`CreateCatalog`
CATALOG_DELETE	`DeleteCatalog`
CATALOG_MOVE	`ChangeCatalogCompartment`

data-catalog-private-endpoints

The APIs covered for the data-catalog-private-endpoints resource-type are listed here. The APIs are displayed alphabetically for each permission.


INSPECT
Permissions	APIs Fully Covered	APIs Partially Covered
CATALOG_PRIVATE_ENDPOINT_INSPECT	`ListCatalogPrivateEndpoints`	none
READ
Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT +	INSPECT +	none
CATALOG_PRIVATE_ENDPOINT_READ	`GetCatalogPrivateEndpoint`	none
USE
Permissions	APIs Fully Covered	APIs Partially Covered
READ +	READ +	none
CATALOG_PRIVATE_ENDPOINT_MOVE	`AttachCatalogPrivateEndpoint`
	`DetachCatalogPrivateEndpoint`
	`UpdateCatalogPrivateEndpoint`
MANAGE
Permissions	APIs Fully Covered	APIs Partially Covered
USE +	USE +	none
CATALOG_PRIVATE_ENDPOINT_MOVE	`ChangeCatalogPrivateEndpointCompartment`
CATALOG_PRIVATE_ENDPOINT_CREATE	`CreateCatalogPrivateEndpoint`
CATALOG_PRIVATE_ENDPOINT_DELETE	`DeleteCatalogPrivateEndpoint`

data-catalog-data-assets

The APIs covered for the data-catalog-data-assets resource-type are listed here. The APIs are displayed alphabetically for each permission.


INSPECT
Permissions	APIs Fully Covered	APIs Partially Covered
CATALOG_DATA_ASSET_INSPECT	`ListDataAssets`	none
CATALOG_DATA_ASSET_TAG_INSPECT	`ListAttributeTags`
	`ListDataAssetTags`
	`ListEntityTags`
	`ListFolderTags`
READ
Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT +	INSPECT +	none
CATALOG_DATA_ASSET_READ	`GetAttribute`
	`GetConnection`
	`GetDataAsset`
	`GetEntity`
	`GetFolder`
	`GetPattern`
	`ListAttributes`
	`ListConnections`
	`ListEntities`
	`ListDerivedLogicalEntities`
	`ListFolders`
	`ListPattern`
	`ParseConnection`
	`ValidatePattern`
CATALOG_DATA_ASSET_TAG_READ	`GetAttributeTag`
	`GetDataAssetTag`
	`GetEntityTag`
	`GetFolderTag`
USE
Permissions	APIs Fully Covered	APIs Partially Covered
READ +	READ +	none
CATALOG_DATA_ASSET_UPDATE	`AddDataSelectorPatterns`
	`CreateAttribute`
	`CreateConnection`
	`CreateEntity`
	`CreateFolder`
	`CreatePattern`
	`DeleteAttribute`
	`DeleteConnection`
	`DeleteEntity`
	`DeleteFolder`
	`DeletePattern`
	`ImportConnection`
	`RemoveDataSelectorPatterns`
	`TestConnection`
	`UpdateAttribute`
	`UpdateConnection`
	`UpdateDataAsset`
	`UpdateEntity`
	`UpdateFolder`
	`UpdatePattern`
	`ValidateConnection`
CATALOG_DATA_ASSET_TAG_CREATE	`CreateAttributeTag`
	`CreateDataAssetTag`
	`CreateEntityTag`
	`CreateFolderTag`
CATALOG_DATA_ASSET_TAG_DELETE	`DeleteDataAssetTag`
	`DeleteAttributeTag`
	`DeleteEntityTag`
	`DeleteFolderTag`
CATALOG_DATA_ASSET_TAG_UPDATE	not used
MANAGE
Permissions	APIs Fully Covered	APIs Partially Covered
USE +	USE +	none
CATALOG_DATA_ASSET_CREATE	`CreateDataAsset`
CATALOG_DATA_ASSET_DELETE	`DeleteDataAsset`

data-catalog-glossaries

The APIs covered for the data-catalog-glossaries resource-type are listed here. The APIs are displayed alphabetically for each permission.


INSPECT
Permissions	APIs Fully Covered	APIs Partially Covered
CATALOG_GLOSSARY_INSPECT	`ListGlossaries`	none
READ
Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT +	INSPECT +	none
CATALOG_GLOSSARY_READ	`ExpandTreeForGlossary`
	`ExportGlossary`
	`GetGlossary`
	`GetTerm`
	`GetTermRelationship`
	`ListGlossaryTermRelationships`
	`ListGlossaryTerms`
USE
Permissions	APIs Fully Covered	APIs Partially Covered
READ +	READ +	none
CATALOG_GLOSSARY_UPDATE	`CreateTerm`
	`CreateTermRelationship`
	`UpdateTerm`
	`DeleteTerm`
	`UpdateTermRelationship`
	`DeleteTermRelationship`
	`UpdateGlossary`
	`ImportGlossary`
MANAGE
Permissions	APIs Fully Covered	APIs Partially Covered
USE +	USE +	none
CATALOG_GLOSSARY_CREATE	`CreateGlossary`
CATALOG_GLOSSARY_DELETE	`DeleteGlossary`

data-catalog-namespaces

The APIs covered for the data-catalog-namespaces resource-type are listed here. The APIs are displayed alphabetically for each permission.


INSPECT
Permissions	APIs Fully Covered	APIs Partially Covered
CATALOG_NAMESPACE_INSPECT	`ListNamespaces`	none
READ
Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT +	INSPECT +	none
CATALOG_NAMESPACE_READ	`GetCustomProperty`
	`GetNamespace`
	`ListCustomProperties`
USE
Permissions	APIs Fully Covered	APIs Partially Covered
READ +	READ +	none
CATALOG_NAMESPACE_UPDATE	`AssociateCustomProperty`
	`CreateCustomProperty`
	`DeleteCustomProperty`
	`DisassociateCustomProperty`
	`UpdateCustomProperty`
	`UpdateNamespace`
MANAGE
Permissions	APIs Fully Covered	APIs Partially Covered
USE +	USE +	none
CATALOG_NAMESPACE_CREATE	`CreateNamespace`
CATALOG_NAMESPACE_DELETE	`DeleteNamespace`

data-catalog-metastores

The APIs covered for the data-catalog-metastores resource-type are listed here. The APIs are displayed alphabetically for each permission.


INSPECT
Permissions	APIs Fully Covered	APIs Partially Covered
CATALOG_METASTORE_INSPECT	`ListMetastores`	none
READ
Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT +	INSPECT +	none
CATALOG_METASTORE_READ	`GetMetastore`	none
USE
Permissions	APIs Fully Covered	APIs Partially Covered
READ +	READ +	none
CATALOG_METASTORE_UPDATE	`UpdateMetastore`	none
MANAGE
Permissions	APIs Fully Covered	APIs Partially Covered
USE +	USE +	none
CATALOG_METASTORE_CREATE	`CreateMetastore`
CATALOG_METASTORE_DELETE	`DeleteMetastore`
CATALOG_METASTORE_MOVE	`ChangeMetastoreCompartment`

data-catalog-metastore-assets

The APIs covered for the data-catalog-metastore-assets resource-type are listed here.


INSPECT
Permissions	APIs Fully Covered	APIs Partially Covered
CATALOG_METASTORE_CATALOG_INSPECT	`MetastoreExecute`	none
CATALOG_METASTORE_DATABASE_INSPECT	`MetastoreExecute`
CATALOG_METASTORE_TABLE_INSPECT	`MetastoreExecute`
READ
Permissions	APIs Fully Covered	APIs Partially Covered
INSPECT +	INSPECT +	none
CATALOG_METASTORE_CATALOG_READ	`MetastoreExecute`
CATALOG_METASTORE_DATABASE_READ	`MetastoreExecute`
CATALOG_METASTORE_TABLE_READ	`MetastoreExecute`
USE
Permissions	APIs Fully Covered	APIs Partially Covered
READ +	READ +	none
CATALOG_METASTORE_CATALOG_UPDATE	`MetastoreExecute`
CATALOG_METASTORE_DATABASE_UPDATE	`MetastoreExecute`
CATALOG_METASTORE_TABLE_UPDATE	`MetastoreExecute`
MANAGE
Permissions	APIs Fully Covered	APIs Partially Covered
USE +	USE +	none
CATALOG_METASTORE_CATALOG_CREATE	`MetastoreExecute`
CATALOG_METASTORE_CATALOG_DELETE	`MetastoreExecute`
CATALOG_METASTORE_DATABASE_CREATE	`MetastoreExecute`
CATALOG_METASTORE_DATABASE_DELETE	`MetastoreExecute`
CATALOG_METASTORE_TABLE_CREATE	`MetastoreExecute`
CATALOG_METASTORE_TABLE_DELETE	`MetastoreExecute`

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type. The resource types are data-catalogs, data-catalog-private-endpoints, data-catalog-data-assets, data-catalog-glossaries, and data-catalog-namespaces.

For information about permissions, see permissions.

data-catalogs


API Operation	Permissions Required to Use the Operation
`ListCatalogs`	CATALOG_INSPECT
`GetCatalog`	CATALOG_READ
`UpdateCatalog`	CATALOG_UPDATE
`CreateCatalog`	CATALOG_CREATE
`ChangeCatalogCompartment`	CATALOG_MOVE
`DeleteCatalog`	CATALOG_DELETE
`GetType`	CATALOG_READ
`ListTypes`	CATALOG_READ
`ListCatalogPermissions`	CATALOG_READ
`ListDataAssetPermissions`	CATALOG_READ
`ListSearchResults`	CATALOG_READ
`ListWorkRequests`	CATALOG_WORK_REQUEST_INSPECT
`ListRules`	CATALOG_DATA_ASSET_READ
`GetWorkRequest`	CATALOG_WORK_REQUEST_READ
`ListWorkRequestLogs`	CATALOG_WORK_REQUEST_READ
`ListWorkRequestErrors`	CATALOG_WORK_REQUEST_READ
`ListJobDefinitions`	CATALOG_JOB_DEFINITION_INSPECT
`GetJobDefinition`	CATALOG_JOB_DEFINITION_READ
`ListJobDefinitionPermissions`	CATALOG_JOB_DEFINITION_READ
`UpdateJobDefinition`	CATALOG_JOB_DEFINITION_UPDATE
`CreateJobDefinition`	CATALOG_JOB_DEFINITION_CREATE
`DeleteJobDefinition`	CATALOG_JOB_DEFINITION_DELETE
`ListJobs`	CATALOG_JOB_INSPECT
`GetJob`	CATALOG_JOB_READ
`UpdateJob`	CATALOG_JOB_UPDATE
`CreateJob`	CATALOG_JOB_CREATE
`DeleteJob`	CATALOG_JOB_DELETE
`ListJobMetrics`	CATALOG_JOB_READ
`GetJobMetrics`	CATALOG_JOB_READ
`ListJobLogs`	CATALOG_JOB_READ
`GetJobLog`	CATALOG_JOB_READ
`ListJobExecutions`	CATALOG_JOB_READ
`GetJobExecution`	CATALOG_JOB_READ
`UpdateJobExecution`	CATALOG_JOB_UPDATE
`CreateJobExecution`	CATALOG_JOB_UPDATE
`DeleteJobExecution`	CATALOG_JOB_UPDATE
`SuggestMatches`	CATALOG_READ

data-catalog-private-endpoints


API Operation	Permissions Required to Use the Operation
`AttachCatalogPrivateEndpoint`	CATALOG_ATTACH_CATALOG_PRIVATE_ENDPOINT
`DetachCatalogPrivateEndpoint`	CATALOG_DETACH_CATALOG_PRIVATE_ENDPOINT
`ChangeCatalogPrivateEndpointCompartment`	CATALOG_PRIVATE_ENDPOINT_MOVE
`CreateCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_CREATE
`DeleteCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_DELETE
`GetCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_READ
`ListCatalogPrivateEndpoints`	CATALOG_PRIVATE_ENDPOINT_INSPECT
`UpdateCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_UPDATE

data-catalog-data-assets


API Operation	Permissions Required to Use the Operation
`AttachCatalogPrivateEndpoint`	CATALOG_ATTACH_CATALOG_PRIVATE_ENDPOINT
`DetachCatalogPrivateEndpoint`	CATALOG_DETACH_CATALOG_PRIVATE_ENDPOINT
`ChangeCatalogPrivateEndpointCompartment`	CATALOG_PRIVATE_ENDPOINT_MOVE
`CreateCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_CREATE
`DeleteCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_DELETE
`GetCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_READ
`ListCatalogPrivateEndpoints`	CATALOG_PRIVATE_ENDPOINT_INSPECT
`UpdateCatalogPrivateEndpoint`	CATALOG_PRIVATE_ENDPOINT_UPDATE
`ListCatalogs`	CATALOG_INSPECT
`GetCatalog`	CATALOG_READ
`UpdateCatalog`	CATALOG_UPDATE
`CreateCatalog`	CATALOG_CREATE
`ChangeCatalogCompartment`	CATALOG_MOVE
`DeleteCatalog`	CATALOG_DELETE
`GetType`	CATALOG_READ
`ListTypes`	CATALOG_READ
`ListCatalogPermissions`	CATALOG_READ
`ListDataAssetPermissions`	CATALOG_READ
`ListSearchResults`	CATALOG_READ
`ListWorkRequests`	CATALOG_WORK_REQUEST_INSPECT
`GetWorkRequest`	CATALOG_WORK_REQUEST_READ
`ListWorkRequestLogs`	CATALOG_WORK_REQUEST_READ
`ListWorkRequestErrors`	CATALOG_WORK_REQUEST_READ
`ListJobDefinitions`	CATALOG_JOB_DEFINITION_INSPECT
`GetJobDefinition`	CATALOG_JOB_DEFINITION_READ
`ListJobDefinitionPermissions`	CATALOG_JOB_DEFINITION_READ
`UpdateJobDefinition`	CATALOG_JOB_DEFINITION_UPDATE
`CreateJobDefinition`	CATALOG_JOB_DEFINITION_CREATE
`DeleteJobDefinition`	CATALOG_JOB_DEFINITION_DELETE
`ListJobs`	CATALOG_JOB_INSPECT
`GetJob`	CATALOG_JOB_READ
`UpdateJob`	CATALOG_JOB_UPDATE
`CreateJob`	CATALOG_JOB_CREATE
`DeleteJob`	CATALOG_JOB_DELETE
`ListJobMetrics`	CATALOG_JOB_READ
`GetJobMetrics`	CATALOG_JOB_READ
`ListJobLogs`	CATALOG_JOB_READ
`GetJobLog`	CATALOG_JOB_READ
`ListJobExecutions`	CATALOG_JOB_READ
`GetJobExecution`	CATALOG_JOB_READ
`UpdateJobExecution`	CATALOG_JOB_UPDATE
`CreateJobExecution`	CATALOG_JOB_UPDATE
`DeleteJobExecution`	CATALOG_JOB_UPDATE
`ListDataAssets`	CATALOG_DATA_ASSET_INSPECT
`GetDataAsset`	CATALOG_DATA_ASSET_READ
`UpdateDataAsset`	CATALOG_DATA_ASSET_UPDATE
`CreateDataAsset`	CATALOG_DATA_ASSET_CREATE
`DeleteDataAsset`	CATALOG_DATA_ASSET_DELETE
`ListConnections`	CATALOG_DATA_ASSET_READ
`GetConnection`	CATALOG_DATA_ASSET_READ
`ParseConnection`	CATALOG_DATA_ASSET_READ
`UpdateConnection`	CATALOG_DATA_ASSET_UPDATE
`ImportConnection`	CATALOG_DATA_ASSET_UPDATE
`ValidateConnection`	CATALOG_DATA_ASSET_UPDATE
`TestConnection`	CATALOG_DATA_ASSET_UPDATE
`CreateConnection`	CATALOG_DATA_ASSET_UPDATE
`DeleteConnection`	CATALOG_DATA_ASSET_UPDATE
`ListFolders`	CATALOG_DATA_ASSET_READ
`GetFolder`	CATALOG_DATA_ASSET_READ
`UpdateFolder`	CATALOG_DATA_ASSET_UPDATE
`CreateFolder`	CATALOG_DATA_ASSET_UPDATE
`DeleteFolder`	CATALOG_DATA_ASSET_UPDATE
`ListEntities`	CATALOG_DATA_ASSET_READ
`GetEntity`	CATALOG_DATA_ASSET_READ
`UpdateEntity`	CATALOG_DATA_ASSET_UPDATE
`CreateEntity`	CATALOG_DATA_ASSET_UPDATE
`DeleteEntity`	CATALOG_DATA_ASSET_UPDATE
`ListAttributes`	CATALOG_DATA_ASSET_READ
`GetAttribute`	CATALOG_DATA_ASSET_READ
`UpdateAttribute`	CATALOG_DATA_ASSET_UPDATE
`CreateAttribute`	CATALOG_DATA_ASSET_UPDATE
`DeleteAttribute`	CATALOG_DATA_ASSET_UPDATE
`ListDataAssetTags`	CATALOG_DATA_ASSET_TAG_INSPECT
`GetDataAssetTag`	CATALOG_DATA_ASSET_TAG_READ
Not used.	CATALOG_DATA_ASSET_TAG_UPDATE
`CreateDataAssetTag`	CATALOG_DATA_ASSET_TAG_CREATE
`DeleteDataAssetTag`	CATALOG_DATA_ASSET_TAG_DELETE
`ListEntityTags`	CATALOG_DATA_ASSET_TAG_INSPECT
`GetEntityTag`	CATALOG_DATA_ASSET_TAG_READ
Not used.	CATALOG_DATA_ASSET_TAG_UPDATE
`CreateEntityTag`	CATALOG_DATA_ASSET_TAG_CREATE
`DeleteEntityTag`	CATALOG_DATA_ASSET_TAG_DELETE
`ListAttributeTags`	CATALOG_DATA_ASSET_TAG_INSPECT
`GetAttributeTag`	CATALOG_DATA_ASSET_TAG_READ
Not used.	CATALOG_DATA_ASSET_TAG_UPDATE
`CreateAttributeTag`	CATALOG_DATA_ASSET_TAG_CREATE
`DeleteAttributeTag`	CATALOG_DATA_ASSET_TAG_DELETE
`ListFolderTags`	CATALOG_DATA_ASSET_TAG_INSPECT
`GetFolderTag`	CATALOG_DATA_ASSET_TAG_READ
Not used.	CATALOG_DATA_ASSET_TAG_UPDATE
`CreateFolderTag`	CATALOG_DATA_ASSET_TAG_CREATE
`DeleteFolderTag`	CATALOG_DATA_ASSET_TAG_DELETE
`AddDataSelectorPatterns`	CATALOG_DATA_ASSET_UPDATE
`CreatePattern`	CATALOG_DATA_ASSET_UPDATE
`DeletePattern`	CATALOG_DATA_ASSET_UPDATE
`GetPattern`	CATALOG_DATA_ASSET_READ
`ListDerivedLogicalEntities`	CATALOG_DATA_ASSET_READ
`ListPattern`	CATALOG_DATA_ASSET_READ
`RemoveDataSelectorPatterns`	CATALOG_DATA_ASSET_UPDATE
`UpdatePattern`	CATALOG_DATA_ASSET_UPDATE
`ValidatePattern`	CATALOG_DATA_ASSET_READ

data-catalog-glossaries


API Operation	Permissions Required to Use the Operation
`ListGlossaries`	CATALOG_GLOSSARY_INSPECT
`GetGlossary`	CATALOG_GLOSSARY_READ
`ExportGlossary`	CATALOG_GLOSSARY_READ
`UpdateGlossary`	CATALOG_GLOSSARY_UPDATE
`ImportGlossary`	CATALOG_GLOSSARY_UPDATE
`CreateGlossary`	CATALOG_GLOSSARY_CREATE
`DeleteGlossary`	CATALOG_GLOSSARY_DELETE
`ListGlossaryTerms`	CATALOG_GLOSSARY_READ
`GetTerm`	CATALOG_GLOSSARY_READ
`UpdateTerm`	CATALOG_GLOSSARY_UPDATE
`CreateTerm`	CATALOG_GLOSSARY_UPDATE
`DeleteTerm`	CATALOG_GLOSSARY_UPDATE
`ListGlossaryTermRelationships`	CATALOG_GLOSSARY_READ
`GetTermRelationship`	CATALOG_GLOSSARY_READ
`UpdateTermRelationship`	CATALOG_GLOSSARY_UPDATE
`CreateTermRelationship`	CATALOG_GLOSSARY_UPDATE
`DeleteTermRelationship`	CATALOG_GLOSSARY_UPDATE

data-catalog-namespaces


API Operation	Permissions Required to Use the Operation
`AssociateCustomProperty`	CATALOG_NAMESPACE_UPDATE
`CreateCustomProperty`	CATALOG_NAMESPACE_UPDATE
`CreateNamespace`	CATALOG_NAMESPACE_CREATE
`DeleteCustomProperty`	CATALOG_NAMESPACE_UPDATE
`DeleteNamespace`	CATALOG_NAMESPACE_DELETE
`DisassociateCustomProperty`	CATALOG_NAMESPACE_UPDATE
`GetCustomProperty`	CATALOG_NAMESPACE_READ
`GetNamespace`	CATALOG_NAMESPACE_READ
`ListCustomProperties`	CATALOG_NAMESPACE_READ
`ListNamespaces`	CATALOG_NAMESPACE_INSPECT
`UpdateCustomProperty`	CATALOG_NAMESPACE_UPDATE
`UpdateNamespace`	CATALOG_NAMESPACE_UPDATE

data-catalog-metastores


API Operation	Permissions Required to Use the Operation
`ListMetastores`	CATALOG_METASTORE_INSPECT
`CreateMetastore`	CATALOG_METASTORE_CREATE
`GetMetastore`	CATALOG_METASTORE_READ
`UpdateMetastore`	CATALOG_METASTORE_UPDATE
`DeleteMetastore`	CATALOG_METASTORE_DELETE
`ChangeMetastoreCompartment`	CATALOG_METASTORE_MOVE

data-catalog-metastore-assets

Note

This operation is restricted by permissions from data-catalog-metastore-assets. You need permissions to perform CATALOG_METASTORE_EXECUTE. Some resource instances would need CATALOG_METASTORE_EXECUTE permission AND any of the permissions listed in Supported Variables.


API Operation	Permissions Required to Use the Operation
`MetastoreExecute`	CATALOG_METASTORE_EXECUTE CATALOG_METASTORE_CATALOG_INSPECT CATALOG_METASTORE_DATABASE_INSPECT CATALOG_METASTORE_TABLE_INSPECT CATALOG_METASTORE_CATALOG_READ CATALOG_METASTORE_DATABASE_READ CATALOG_METASTORE_TABLE_READ CATALOG_METASTORE_CATALOG_UPDATE CATALOG_METASTORE_DATABASE_UPDATE CATALOG_METASTORE_TABLE_UPDATE CATALOG_METASTORE_CATALOG_CREATE CATALOG_METASTORE_DATABASE_CREATE CATALOG_METASTORE_TABLE_CREATE CATALOG_METASTORE_CATALOG_DELETE CATALOG_METASTORE_DATABASE_DELETE CATALOG_METASTORE_TABLE_DELETE

Oracle Cloud Infrastructure Documentation Try Free Tier

Data Catalog Policies

Resource-Types 🔗

Resource-Types for Dynamic Groups 🔗

Supported Variables 🔗

Details for Verbs + Resource-Type Combinations 🔗

Permissions Required for Each API Operation 🔗

Oracle Cloud Infrastructure Documentation
Try Free Tier

Resource-Types

Resource-Types for Dynamic Groups

Supported Variables

Details for Verbs + Resource-Type Combinations

Permissions Required for Each API Operation