OCP 12C – Oracle Data Redaction

OCP FlashCards
Cyrille Modiano
Latest posts by Cyrille Modiano (see all)

What is Oracle Data Redaction ?

  • Oracle Data Redaction is meant to mask (redact) sensitive data returned from application queries.
  • Oracle Data Redaction doesn’t make change to data on disk, the sensitive data is redacted on the fly before it is returned to the application.
  • You can redact column data by using one of the following methods:
    • Full redaction. You redact all of the contents of the column data.
    • Partial redaction. You redact a portion of the column data.
    • Regular expressions. You can use regular expressions to look for patterns of data to redact.
    • Random redaction. The redacted data presented to the querying application user appears as randomly generated values each time it is displayed, depending on the data type of the column.
    • No redaction. The None redaction type option enables you to test the internal operation of your redaction policies, with no effect on the results of queries against tables with policies defined on them.

Data Redaction

Restriction of Data Redaction

Activites not affected by Data Redaction

  • Rman Backup
  • Export and Import
  • Replication of  Data
  • Patching and Upgrades
  • All activities performed as SYS/SYSTEM and users with the EXEMPT REDACTION POLICY system privilege

Restrictions

  • You can’t redact objects owner by SYS/SYSTEM
  • You can’t redact columns of specific data types
  • You can’t redact virtual columns
  • You can’t create more than one policy for a table or view.
  • If you want to add column to the policy afterwards you need to use the DBMS_REDACT.ALTER_POLICY procedure.

Defining Redaction Policies

  • When you create a Policy, you need to define :
    • What to REDACT:
      • SCHEMA_NAME
      • OBJECT_NAME
      • COLUMN_NAME
    • When to REDACT:
      • Expression based on values derived from SYS_CONTEXT
    • How to REDACT:
      • FUNCTION_TYPE and FUNCTION_PARAMETERS
      • REGEXP (Regular Expression)

Manage your Data Redaction policies

  • DBMS_REDACT.ADD_POLICY : To add a policy to table or a view.
  • DBMS_REDACT.ALTER_POLICY : To modify an existing policy
  • DBMS_REDACT.ENABLE_POLICY : To enable a policy
  • DBMS_REDACT.DISABLE_POLICY : To disable a policy
  • DBMS_REDACT.DROP_POLICY : To drop a policy
  • DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES : Modifies the default displayed values for a Data Redaction policy for full redaction

For more information and examples you can view the documentation here

You may also like:

  1. OCP 12C – Managing CDBs and PDBs
  2. OCP 12C – Backup, Recovery and Flashback for a CDB/PDB
  3. OCP 12C – Information Lifecycle Management and Storage Enhancements
  4. OCP 12C – In Database Archiving and Temporal Validity
  5. OCP 12C – Auditing
  6. OCP 12C – SQL Tuning
  7. OCP 12C – Emergency Monitoring, Real-Time ADDM
  8. OCP 12C – ADR and Network Enhancements
  9. OCP 12C – Index and Table Enhancements
  10. OCP 12C – Resource Manager and Performance Enhancements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.