As of April 10, 2026, Dataplex Universal Catalog is now called Knowledge Catalog. The API, client library, CLI, and IAM names remain unchanged. For more information, see Introducing the Google Cloud Knowledge Catalog .

Import metadata from Oracle

This document describes how to import metadata from Oracle into Knowledge Catalog (formerly Dataplex Universal Catalog) using a Knowledge Catalog connector.

This connector supports Oracle instances hosted on-premises, on Google Cloud, or in other cloud environments.

Before you begin

IAM roles and permissions

To create and manage a Knowledge Catalog connector job, you need Identity and Access Management (IAM) roles that grant permissions for Knowledge Catalog and BigQuery Data Transfer Service.

To get the permissions that you need to configure an Oracle connector, ask your administrator to grant you the following IAM roles:

To create and manage entry groups: Dataplex Catalog Admin ( roles/dataplex.catalogAdmin ), Dataplex Catalog Editor ( roles/dataplex.catalogEditor ), or Dataplex Entry Group Owner ( roles/dataplex.entryGroupOwner ) on the project.
To create and manage BigQuery Data Transfer Service transfer jobs: BigQuery Admin ( roles/bigquery.admin ) on the project.
To view logs in Cloud Logging: Logs Viewer ( roles/logging.viewer ) on the project.

Additionally, you must grant the BigQuery Data Transfer Service service agent ( service-PROJECT_NUMBER@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com ) the dataplex.entryGroups.import permission or the Dataplex Entry Group Importer ( roles/dataplex.entryGroupImporter ) role. You can grant this role at either the project level or the entry group level.

For more information about granting roles, see Manage access .

Enable APIs

Enable the Knowledge Catalog and BigQuery Data Transfer Service APIs.

Enable the APIs

Oracle prerequisites

Ensure that you meet the prerequisites for Oracle transfers. For details, see Oracle prerequisites in the BigQuery Data Transfer Service documentation.

Networking prerequisites

A network attachment for connection through Private Service Connect is required when securely connecting to external databases or third-party cloud data sources with a private IP address inside a private network, to allow BigQuery Data Transfer Service to access your database.

If you connect to an on-premises environment or a cloud-hosted instance using a public IP address, a network attachment is not required.

Configure an Oracle connector

In the Google Cloud console, go to the Knowledge Catalogpage.

Go to Knowledge Catalog
In the navigation menu, in the Managesection, click Connectors.
Click Add connection.
In the Connectorslist, select the Oraclecard.
In the Data source detailssection, provide connection details for your Oracle instance:
- For Network attachment, select an existing network attachment if required, or create one.
- Enter the Host, Port, Database name, Connection type, Username, and Password.
- If using TLS, select a TLS Modeand provide a Trusted PEM Certificate. For more information, see TLS configuration .
- For Oracle metadata objects to import, click Browseto select objects.
In the Destination settingssection:
- Click Browseand select an existing Knowledge Catalog entry groupto store the imported metadata, or click Create new entry group.
- Choose whether to set permissions on the entry group now or later. We recommend setting permissions so that users can view the imported metadata. If you didn't grant the Dataplex Entry Group Importer ( roles/dataplex.entryGroupImporter ) role or the dataplex.entryGroups.import permission to the BigQuery Data Transfer Service service agent ( service-PROJECT_NUMBER@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com ) at the project level, you must grant it at the entry group level.
In the Connector config namesection, for Display name, enter a name for the metadata import job.
In the Schedule optionssection, configure the frequency for the metadata import job. If you select On-demand, the job runs only when you manually trigger it.
Optional: In the Notification optionssection, configure email or Pub/Sub notifications for job failures.
Optional: In the Advanced optionssection, configure encryption settings. If you select a customer-managed encryption key (CMEK), note that the key is used to encrypt any transient data staged before starting the Knowledge Catalog metadata import jobs. It is not used to encrypt the metadata in the destination Knowledge Catalog entry group.
Click Save.

After you create the job, Knowledge Catalog schedules the first run according to your configuration, or you can start it manually.

What's next

Learn how to Manage connector jobs .