New features
Release 5.0.1
Enhancements
Data scoped Access Group
Enhancement in Roles
Associated permissions in roles are changed from 'string' type to 'permission object' type. For details, see the Role schema in the API References.Custom Roles
In addition to the 5 pre-seeded fixed roles (Admin, Monitoring, DevOps, Masking, and Owner), DCT provides flexibility to create new custom roles as per user need. Users (Accounts) can create new custom roles by encapsulating any combination of permissions. The custom roles can be configured through a UI configuration screen (screenshot below), in addition to a set of APIs to manage roles. For details, see the API References.
Updates to existing RBAC model
For better usability and allow to set more granular permissions there are following enhancements in the RBAC model:Renamed Access Group "Policy" to Access Group "Scope"
Renamed the following APIs related to Access Group actions
Add scope to an Access Group
POST: /access-groups/{accessGroupId}/policies → POST /access-groups/{accessGroupId}/scopes
Remove scope from Access Group
DELETE /access-groups/{accessGroupId}/policies/{policyId} → DELETE /access-groups/{accessGroupId}/scopes/{scopeId}
Get Access Group scope
GET /access-groups/{accessGroupId}/policies/{policyId} → GET /access-groups/{accessGroupId}/scopes/{scopeId}
Update Access Group scope
PATCH /access-groups/{accessGroupId}/policies/{policyId} → PATCH /access-groups/{accessGroupId}/scopes/{scopeId}
Add object tags to Access Group scope
POST /access-groups/{accessGroupId}/policies/{policyId}/object-tags → POST /access-groups/{accessGroupId}/scopes/{scopeId}/object-tags
Remove object tags from Access Group scope
POST /access-groups/{accessGroupId}/policies/{policyId}/object-tags/delete → POST /access-groups/{accessGroupId}/scopes/{scopeId}/object-tags/delete
Add objects to Access Group scope
POST /access-groups/{accessGroupId}/policies/{policyId}/objects → POST /access-groups/{accessGroupId}/scopes/{scopeId}/objects
Remove objects from Access Groups scope
POST /access-groups/{accessGroupId}/policies/{policyId}/objects/delete → POST /access-groups/{accessGroupId}/scopes/{scopeId}/objects/delete
Renamed the "everything" flag to "scope_type"
In order to make it more understandable, we have renamed the everything flag to scope_type. There are three possible values for scope_type i.e. SIMPLE, SCOPED and ADVANCED. The value SIMPLE corresponds to everything=true and SCOPED corresponds to everything=false. The value ADVANCED for scope_type is new enhancement to setting permissions which allows users to set permissions (e.g. READ, DELETE) for an object. There is more information about ADVANCED scope in next section.Access Group Scope: Advanced scope type
In Add objects to access group scope API, now user can define permissions level checks as well for an object. For example, earlier when object_id and and object_type are provided in request payload, all permissions that are defined in scope are applied to this object. But now user can define specific permissions.
Masking Jobs
CRUD APIs, COPY, Connectors CRUD
Masking Job Execution
Connector Credentials
Execution API
Custom Roles
Accounts can create new instances of role encapsulating any combination of permission.
Role name must be unique.
Custom roles can be updated. Accounts can add or remove permissions to/from the custom roles.
Custom roles can be deleted. (If they are not associated with any Access Group).
Release 4.0
Environment Overview List
Un-virtualized Source Sizing Report
Global VDB Templates
Scoped Access Control
LDAP/AD and SAML/SSO Configuration UI
Release 3.0
Cluster Node (RAC) management APIs
Ability to disable username/password authentication globally
LDAP/Active Directory groups
CDBs/vCDBs APIs
VDB Provisioning / update for EDSI (AppData) platforms
Engine registration wizard
Access Groups Management UI
Compliance Engine Management
Release 2.2
Deployment
Introducing Kubernetes and OpenShift support
APIs
Registration of Continuous Compliance Engines
Masking Connectors
“Move Masking Job”
Masking of mainframe objects
Provisioning enhancements for Oracle multi-tenant and RAC
LDAP/Active Directory authentication
Password management
Initial access management by Permissions, Roles, Policies, and Access Groups (permissions applied to all objects of a type e.g. Stop VDB permission on all VDBs)
Distributed tracing and logging (Trace ID propagated down call stack)
Bulk delete of tags
UI
Continuous Data
Added tag support to the Infrastructure page
New dSources page
New VDBs page
Insights
Added an export behavior to the Storage Summary report
New dSource Inventory report
New VDB Inventory report
Admin
New Accounts page