Data Redaction Part – 2 Full Redaction

At this note ; we will start to work on Data Redaction by explaining Full Redaction . If you want to get a brief introduction about Data Redaction ; you can read the first  part of this note.

Let’s start with Full Redaction.

Put in a simple ; in Full Redaction ; The table columns are completely masked.
Numeric columns become 0 and character columns become a space character.

Let’s show it with an example. In the example ; we will redact salary column (SAL) column of  SCOTT.EMP table.  First start our application user. We will use this user to check how SAL column  is redacted.

c1

 

Now  check the original table. ( The emp table of Scott user ).  Before redaction all columns are visible as you see.

 

c3

 

Now by using DBMS_REDACT package we will redact SAL column. Simply by using add_policy procedure we can create a policy and add a column to this policy. The parameters of add_policy procedures are self explained. Therefore I am not given any explanation about these parameters. But the only expression parameter is very important.  The expression parameter should contain a logical expression. If the expression is TRUE, column mentioned in the column_name parameter  will be  redacted. If the expression is FALSE , the column will not redacted. In this example I use a simple logical expression which is ‘1=1’. As you know It is always TRUE. This redacts SAL column for all users ( except users who have EXEMPT REDACTION POLICY privilege – I will explain it in the next note)

c4

Now Check redaction polices by querying REDACTION_POLICIES view.

 

c5

If you want to query which column is redacted , you can use REDACTION_COLUMNS view.

 

c6

Lets’s check Data redaction is working on or not. You can check it with  previously created user USERA01. Connect with this user and query; SCOTT.EMPT table

As you see; All SAL column is redacted with 0. As a result ; USERA01 can not see the salary of employees.

c7

I hope that this small example will be a good start for  the Data Redaction. I will explain this subject with examples in the next notes.

You can find all these scripts at github

And one more thing ; If you want to get much more information about Data Redaction; you can read my book . It is written by Turkish language  but the examples will be very beneficial.

Anil Akduygu