Data Redaction in Oracle Database -2

Hi,

I will continue to explain Data Redaction in Oracle Database in this article.

 

If you don’t know what is the Data Redaction, you should read following article.

 

 

Unauthorized users see the same data differently and Redacted, therefore Oracle Data Redaction is a very powerful feature. Because companies have a lot of problems due to security weaknesses nowadays.

 

For example; Call centers call you and ask your mother maiden name’s only some characters for Security. Because Call Center Staff shouldn’t also see private data and they should also see as Redacted like * and x character

 

 

 

Let’s continue to make new examples to understand this subject very well.

Table name and its column definition are like following.

 

Kart_bilgileri–> Card info table

Musteri_id —> Customer id

kart_no —> Card no

kart_string —> card no string type

bitiş_tarihi —> Expiry date

guvenlik_no —> Security Code or no

 

 

CREATE TABLE mehmet.kart_bilgileri (
id NUMBER NOT NULL,
musteri_id NUMBER NOT NULL,
kart_no NUMBER NOT NULL,
kart_string VARCHAR2(19) NOT NULL,
bitis_tarihi DATE NOT NULL,
guvenlik_no NUMBER NOT NULL,
gecerlilik_tarihi DATE,
CONSTRAINT mehmet.kart_bilgileri_pk PRIMARY KEY (id)
);

INSERT INTO mehmet.kart_bilgileri VALUES (1, 1000, 2013201320132013, '2013-2013-2013-2013', TRUNC(ADD_MONTHS(SYSDATE,12)), 123, NULL);
INSERT INTO mehmet.kart_bilgileri VALUES (2, 1001, 1989198919891989, '1989-1989-1989-1989', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO mehmet.kart_bilgileri VALUES (3, 1002, 2018201820182018, '2018-2018-2018-2018', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO mehmet.kart_bilgileri VALUES (4, 1003, 1453145314531453, '1453-1453-1453-1453', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO mehmet.kart_bilgileri VALUES (5, 1004, 5710571057105710, '5710-5710-5710-5710', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;











When query the related table, result will be like following.

 

Let’s go to perform Full redaction as follows in the Kart_no ( card no ) column.

 

BEGIN
DBMS_REDACT.add_policy(
object_schema => 'mehmet',
object_name => 'mehmet.kart_bilgileri',
column_name => 'kart_no',
policy_name => 'redact_kart_info',
function_type => DBMS_REDACT.full,
expression => '1=1'
);
END;
/

When query the table with Mehmet user, Data seems properly not different or Redacted.

 

But When query the table with Salih user, Data seems  different or Redacted like following.

 

 

Then let’s go to perform Partial redaction as follows in the Kart_no ( card no ) column.

 

BEGIN
DBMS_REDACT.alter_policy (
object_schema => 'mehmet',
object_name => 'mehmet.kart_bilgileri',
policy_name => 'redact_kart_info',
action => DBMS_REDACT.modify_column,
column_name => 'kart_no',
function_type => DBMS_REDACT.partial,
function_parameters => '1,1,12'
);
END;
/


When query the table with Mehmet user, Data seems properly not different or Redacted.

 

 

 

 

But When query the table with Salih user, Data seems  different or Redacted like following.

 

We can perform Partial redaction as follows in the Kart_string ( card no string type ) column with # character like following.

 

BEGIN
DBMS_REDACT.alter_policy (
object_schema => 'mehmet',
object_name => 'mehmet.kart_bilgileri',
policy_name => 'redact_kart_info',
action => DBMS_REDACT.add_column,
column_name => 'kart_string',
function_type => DBMS_REDACT.partial,
function_parameters => 'VVVVFVVVVFVVVVFVVVV,VVVV-VVVV-VVVV-VVVV,#,1,12'
);
END;
/

 

 

When query the table with Mehmet user, Data seems properly not different or Redacted.

 

 

But When query the table with Salih user, Data seems  different or Redacted like following.

 

 

or If you want to see Random redaction example, you can do it with following code to change guvenlik_no ( security code ) column

BEGIN
DBMS_REDACT.alter_policy (
object_schema => 'mehmet',
object_name => 'kart_bilgileri',
policy_name => 'redact_card_info',
action => DBMS_REDACT.add_column,
column_name => 'guvenlik_no',
function_type => DBMS_REDACT.RANDOM
);
END;
/

 

 

When query the table with Mehmet user, Data seems properly not different or Redacted.

 

But When query the table with Salih user, Data seems  different or Redacted like following.

 

 

Don’t forget that in order to use this feature, your license must be Enterprise Edition and you must also have an Advanced Security Option license.

 

 

Mehmet Salih Deveci

I am Founder of IT Tutorial and Certified Expert about Oracle & SQL Server database, Goldengate, Exadata Machine, Oracle Database Appliance administrator with 10+years experience. I have OCA, OCP, OCE RAC Expert Certificates I have worked 100+ Banking, Insurance, Finance, Telco and etc. clients as a Consultant, Insource or Outsource. I have done 200+ Operations in this clients such as Exadata Installation & PoC & Migration & Upgrade, Oracle & SQL Server Database Upgrade, Oracle RAC Installation, SQL Server AlwaysOn Installation, Database Migration, Disaster Recovery, Backup Restore, Performance Tuning, Periodic Healthchecks. I have done 2000+ Table replication with Goldengate or SQL Server Replication tool for DWH Databases in many clients. If you need Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS Consultancy and Training you can send my email adress mehmetsalih.deveci@outlook.com. -                                                                                                                                                                                                                                                 - Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS ve linux Danışmanlık ve Eğitim için  mehmetsalih.deveci@outlook.com a mail atabilirsiniz.