Hi,
I will explain Data Redaction in Oracle Database in this article.
You can show critical data differently to unauthorized and unintended users in the Oracle database. Data Redaction does not change data on the physical disk such as the Transparent data Encryption feature, but only when the unauthorized users want to see the data, they can see masked or redacted data.
If you want to learn more Security options of Oracle database, you can read the following post.
Oracle Data Redaction does not affect on Backup / Restore, Upgrade, Patch. Oracle Data Redaction has 4 different methods according to the purpose of use like following.
- Full Redaction
- Partial Redaction
- RegExp Redaction
- Random Redaction
When we examine above 4 methods, we can understand very well what method does with practical exams. I usually use the Random method to be more secure. Because same Data seems differently to unauthorized users for every query in the random redaction and this is very important for the security of our data.
Let’s go and apply Random Data Redaction method to the Card number, Card expire month and Card expire year columns in the CREDIT_CARD_INF table under TEST Schema. Data Redaction operations can be done in Oracle’s DBMS_REDACT package.
We can create Data Redaction process with the ADD_POLICY procedure. The authorized user in this example will be a TEST user and other users will be exposed to Data Redaction and see different data or Redacted data for every query.
BEGIN DBMS_REDACT.ADD_POLICY ( OBJECT_SCHEMA => 'TEST', object_name => 'CREDIT_CARD_INF', policy_name => 'CC_Redaction', expression => 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') != ''TEST'' OR SYS_CONTEXT(''USERENV'', ''SESSION_USER'') IS NULL'); END;
Create the rule of the Random Redaction procedure for the columns ( Card number, Card expire month and Card expire year ) with the ALTER_POLICY procedure
BEGIN DBMS_REDACT.ALTER_POLICY ( OBJECT_SCHEMA => 'TEST', object_name => 'CREDIT_CARD_INF', policy_name => 'CC_Redaction', action => DBMS_REDACT.ADD_COLUMN, column_name => '"CARD_NUMBER"', function_type => DBMS_REDACT.RANDOM); END; /
BEGIN DBMS_REDACT.ALTER_POLICY ( OBJECT_SCHEMA => 'TEST', object_name => 'CREDIT_CARD_INF', policy_name => 'CC_Redaction', action => DBMS_REDACT.ADD_COLUMN, column_name => '"CARD_EXP_YEAR"', function_type => DBMS_REDACT.RANDOM); END; /
BEGIN DBMS_REDACT.ALTER_POLICY ( OBJECT_SCHEMA => 'TEST', object_name => 'CREDIT_CARD_INF', policy_name => 'CC_Redaction', action => DBMS_REDACT.ADD_COLUMN, column_name => '"CARD_EXP_MONTH"', function_type => DBMS_REDACT.RANDOM); END;
/
After successfully executing PL / SQL code, When we query related table with Unauthorized user, we will see different data or redacted data.
SQL> SELECT * FROM TEST.CREDIT_CARD_INF;
When we run the above query again, CARD_NUMBER, CARD_EXP_MONTH and CARD_EXP_YEAR are randomly changed.
Do you want to learn Oracle Database for Beginners, then read the following articles.
https://ittutorial.org/oracle-database-19c-tutorials-for-beginners/