Securing a Data Asset
After you create a data asset, you add a connection to the data asset. The credentials you provide to connect to the data asset must have the least privileges required to access the data asset.
Data Catalog only needs read access to harvest the data asset. You must provide credentials to read-only accounts whenever possible. We recommended this practice because it provides an additional layer of protection for your data asset. For example:
- If you create an Oracle Object Storage data asset, the account you use in the connection must have only read access to the target bucket.
- If you create an Oracle Database data asset, the account you use in the connection must extract schema details only. You must not use the
sys
account or any account that can act assysdba
.