Site icon IT Tutorial

Data Redaction ( dbms_redact ) in Oracle Database -1

Hi,

I will explain Data Redaction in Oracle Database in this article.

 

You can show critical data differently to unauthorized and unintended users in the Oracle database. Data Redaction does not change data on the physical disk such as the Transparent data Encryption feature, but only when the unauthorized users want to see the data, they can see masked or redacted data.

 

 

 

 

 

If you want to learn more Security options of Oracle database, you can read the following post.

Transparent Data Encryption ( TDE ) in Oracle

 

Oracle Data Redaction does not affect on Backup / Restore, Upgrade, Patch. Oracle Data Redaction has 4 different methods according to the purpose of use like following.

 

 

 

 

When we examine above 4 methods, we can understand very well what method does with practical exams. I usually use the Random method to be more secure. Because same Data seems differently to unauthorized users for every query in the random redaction and this is very important for the security of our data.

 

 

Let’s go and apply Random Data Redaction method  to the Card number, Card expire month and Card expire year columns in the CREDIT_CARD_INF table under TEST Schema. Data Redaction operations can be done in Oracle’s DBMS_REDACT package.

We can create Data Redaction process with the ADD_POLICY procedure. The authorized user in this example will be a TEST user and other users will be exposed to Data Redaction and see different data or Redacted data for every query.


 BEGIN
 DBMS_REDACT.ADD_POLICY (
 OBJECT_SCHEMA => 'TEST',
 object_name => 'CREDIT_CARD_INF',
 policy_name => 'CC_Redaction',
 expression => 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') != ''TEST'' OR SYS_CONTEXT(''USERENV'', ''SESSION_USER'') IS NULL');  
 END;







Create the rule of the Random Redaction procedure for the columns ( Card number, Card expire month and Card expire year )  with the ALTER_POLICY procedure

 

 BEGIN
 DBMS_REDACT.ALTER_POLICY (
 OBJECT_SCHEMA => 'TEST',
 object_name => 'CREDIT_CARD_INF',
 policy_name => 'CC_Redaction',
 action => DBMS_REDACT.ADD_COLUMN,
 column_name => '"CARD_NUMBER"',
 function_type => DBMS_REDACT.RANDOM);
 END;
/

BEGIN
 DBMS_REDACT.ALTER_POLICY (
 OBJECT_SCHEMA => 'TEST',
 object_name => 'CREDIT_CARD_INF',
 policy_name => 'CC_Redaction',
 action => DBMS_REDACT.ADD_COLUMN,
 column_name => '"CARD_EXP_YEAR"',
 function_type => DBMS_REDACT.RANDOM);
 END;
/
BEGIN
 DBMS_REDACT.ALTER_POLICY (
 OBJECT_SCHEMA => 'TEST',
 object_name => 'CREDIT_CARD_INF',
 policy_name => 'CC_Redaction',
 action => DBMS_REDACT.ADD_COLUMN,
 column_name => '"CARD_EXP_MONTH"',
 function_type => DBMS_REDACT.RANDOM);
 END;
/

 

 

 

After successfully executing  PL / SQL code, When we query related table with Unauthorized user, we will see different data or redacted data.

 

SQL> SELECT * FROM TEST.CREDIT_CARD_INF;

 

 

 

When we run the above query again, CARD_NUMBER, CARD_EXP_MONTH and CARD_EXP_YEAR are randomly changed.

 

 

 

 

 

Do you want to learn Oracle Database for Beginners, then read the following articles.

https://ittutorial.org/oracle-database-19c-tutorials-for-beginners/

Exit mobile version