What is Oracle Data Redaction?

Redaction is the process of selectively obscuring sensitive or confidential information that would be returned from a column in a table or view. Data Redaction does not change the contents of the table in the database, it operates on the data displayed when a user performs a query, redacting it based on the policy. Data Redaction can also be referred to as dynamic data masking.

Why do I need Oracle Data Redaction if I already use Transparent Data Encryption?

Oracle Transparent Data Encryption transparently encrypts the data in data files, RMAN backups, and Data Pump exports. The data is transparently decrypted when a user or application queries the data. Oracle Data Redaction limits exposure of sensitive data by redacting the column value according to the Data Redaction policy before the result of the query is returned to the user or application.

How does Oracle Data Redaction improve security and improve compliance?

Oracle Data Redaction improves security by dynamically masking sensitive data in real-time, ensuring that unauthorized users cannot access critical information even if they gain access to the database. It allows for granular access control based on user roles and conditions, reducing data exposure and insider threats without altering the stored data. For compliance, it helps organizations adhere to regulations like GDPR, HIPAA, and PCI DSS by auditing the EXEMPT REDACTION POLICY privilege and providing you the flexibility to define redaction policies that meet your specific data protection requirements. This reduces the risk of non-compliance, aiding organizations in avoiding fines and maintaining legal standards.

What is the difference between Oracle Data Redaction and tokenization?

Tokenization is a data security technique that replaces sensitive data with a unique, non-sensitive identifier called a token. The token is used instead of the original data, which is stored securely in a separate system. Tokenization usually requires changes to the application code and the application architecture to accommodate the original data being stored in a separate system. This can add complexity and latency to the architecture.

Oracle Data Redaction dynamically redacts sensitive data in real-time at the point of display without altering the actual stored data, using policies to control who can see actual data or only a redacted result. It is non-intrusive and ensures data protection without affecting data integrity. Oracle Data Redaction is built into the kernel of the Oracle Database and requires no application changes and no external software or hardware. Typically, customers will use Data Redaction for read only application screens or web pages, business intelligence or analytic reports, or any application that should redact the result displayed in the report, but will not write the results back to the Oracle Database.

How does Oracle Data Redaction differ from traditional data masking?

Traditional data masking typically involves altering the data stored in the database, while Oracle Data Redaction masks data dynamically at runtime without changing the actual data stored in the database. Oracle Data Redaction is typically used on production databases, where real customer or corporate data resides. Oracle Data Masking and Subsetting is used on non-production databases because it physically changes the data to "production-like" data. Oracle Data Redaction is included, along with Transparent Data Encryption, in the Advanced Security Option. Data masking is included in the Oracle Enterprise Manager Pack, Data Masking and Subsetting, or in the cloud-option Oracle Data Safe.

How does Oracle Data Redaction differ from Oracle Label Security or Virtual Private Database?

Oracle Data Redaction allows you to use full, partial, random, and regular expressions to redact data in your columns, but does not restrict the number of rows returned by a query. Oracle Label Security does not redact column data but restricts the rows returned to a user. Oracle Virtual Private Database (VPD) can limit the column data returned or the rows returned, but can only return null column data. Oracle VPD does not allow partial or regular expression redaction on the column data. Data Redaction, Label Security, and VPD have similar capabilities but fit different use-cases. Oracle encourages you to explore all three options to determine which capability is best suited to your needs.

How do I install Oracle Data Redaction?

Oracle Data Redaction is built into the kernel of the Oracle Database. There are no application changes or intermediary services you need to configure or manage. You create the Data Redaction policies and apply them to the columns in the tables or views you want to redact data for.

What redaction types does Data Redaction provide?

• Full: Redacts the entire column value, returning a value of the same data type as the column.
• Partial: Redacts specific portions of the data, such as masking parts of a Social Security Number while leaving the last few digits visible.
• Regular Expression: Redacts based on pattern matching data within a column. This type is suitable for character data that may vary in length, such as email addresses.
• Random: Column data is replaced with random values each time it is accessed, ensuring that the redacted data appears different on each query.
• Nullify: Redacts all the data in a column and replaces it with null values.
• No redaction: This option enables you to test the internal operations of your redaction policy, with no effect on the results of the queries.

For more information, see Configuring Oracle Data Redaction Policies.

What database privileges are related to Data Redaction?

The privilege EXEMPT REDACTION POLICY allows the user to see column data as if there were no redaction policy in place. In Oracle Database 23ai, the ADMINISTER REDACTION POLICY privilege allows the granted user the ability to create, modify, or delete Oracle Data Redaction policies.

To create, modify, or delete a Data Redaction policy on an object that they have access to, the user must have the EXECUTE privilege on the DBMS_REDACT PL/SQL package in addition to the ADMINISTER REDACTION POLICY privilege.

How can I stop administrators from disabling, modifying or bypassing Data Redaction policies?

The simplest way is to limit the number of users who have EXECUTE privilege on the DBMS_REDACT PL/SQL package or the EXEMPT REDACTION POLICY privilege. Both users SYS and SYSTEM automatically have the EXEMPT REDACTION POLICY system privilege. SYSTEM has the EXP_FULL_DATABASE role, which includes the EXEMPT REDACTION POLICY system privilege. Both accounts should be used only for critical database operations, such as installation, patching, or upgrading the Oracle Database.

The more robust method to limit administrators from disabling, modifying, or bypassing Data Redaction policies is to use Oracle Database Vault. Oracle Database Vault can protect objects, and their associated Data Redaction policies, from privileged users through realms or command rules. Database Vault is, also, automatically installed in the Oracle Database kernel and available through a separate license.

How complex is it to configure and manage Oracle Data Redaction?

Oracle Data Redaction is easy to configure and manage. Your database administrator or developer can manage the Oracle Data Redaction policies and enable or disable them as necessary.

How do Oracle DBA tasks change with Oracle Data Redaction?

Most DBA tasks remain unchanged with Oracle Data Redaction. Users cannot perform a CREATE TABLE AS SELECT where any column being selected (source column) is protected by a Data Redaction policy (and similarly, any DML operation like INSERT-SELECT, UPDATE, MERGE, or DELETE statements where the source column is a redacted column), unless the user was granted the EXEMPT REDACTION POLICY system or schema privilege.

What is the performance overhead on the database with Oracle Data Redaction?

Oracle Data Redaction minimizes the potential performance impact because it is built into the kernel of the Oracle Database and takes advantage of internal caching and optimization methods. Using a policy expression that always evaluates to true (e.g., 1=1) can help improve performance because the RDBMS does not have to evaluate the expression.

What types of data can Oracle Data Redaction mask (e.g., DATE, NUMBER, VARCHAR2, CLOB)?

Oracle Data Redaction can perform full redaction on CHAR, VARCHAR2, NUMBER, FLOAT, BINARY_FLOAT, BINARY_DOUBLE, DATE, TIMESTAMP, TIMESTAMP WITH TIMEZONE, TIMESTAMP WITH LOCAL TIMEZONE, BOOLEAN, BLOB, NCLOB, and CLOB data types and partial, regular expression, or random redaction on a subset of these data types. For more information on Data Redaction's support for Oracle built-in data types and ANSI data types, see Comparison of Full, Partial, Regexp, Random, and Nullify Redaction Based on Data Types.

How do you create a data redaction policy in Oracle?

You can create a Data Redaction policy using the DBMS_REDACT PL/SQL package, specifying when redaction should occur through the policy expression parameter.

Then, you apply the Data Redaction policy to specific columns and decide the type of Data Redaction that should take place.

Can redaction be configured to take place only for specific users or roles?

Yes, you can specify which users will see redacted or full data by using the built-in SYS_CONTEXT namespace, USERENV and either the SESSION_USER or CURRENT_USER. You can perform the same for roles by using the namespace SYS_SESSION_ROLES.

Some administrative users, such as SYSDBA or DBA, have the EXEMPT REDACTION POLICY privilege and are exempt from redaction policies.

How does Oracle Data Redaction integrate with other Oracle security capabilities?

Oracle Data Redaction is a complementary feature to other Oracle Database security capabilities. Oracle Transparent Data Encryption protects data at rest in data files and in Oracle DataPump exports and Oracle RMAN backups. Oracle Database Vault protects privileges and objects but does not support column-level protection or redaction policies. Oracle Data Masking and Subsetting is for use on non-production systems and changes the data to de-identify it from its original values. Oracle Label Security provides row-level controls but no column-level controls. Oracle Virtual Private Database provides both column and row level controls but only supports displaying the value from an unauthorized column as NULL. VPD doesn't support displaying part of the actual value, or displaying the result of a regular expression on the actual value. Each feature or option in the Oracle Database security portfolio provides controls to minimize the risk to your data. You will use multiple features/options and some will have overlapping capabilities, which allows you to choose the right capability for your use-cases.

Can Oracle Data Redaction be applied to views and materialized views?

Yes, Oracle Data Redaction can be applied to tables, views, and materialized views.

Can Oracle Data Redaction be managed through Oracle Enterprise Manager?

Yes. Oracle Enterprise Manger Cloud Control provides a management interface for most Oracle Data Redaction features including creating, modifying, or disabling policies and applying or removing policies from columns of table or views.

How do you monitor the performance of Oracle Data Redaction?

Performance can be monitored using Oracle's performance monitoring tools, such as AWR (Automatic Workload Repository) and ADDM (Automatic Database Diagnostic Monitor).

Can I use Oracle Data Redaction with Oracle EBS, PeopleSoft, Siebel, or other packaged applications?

Not directly with the application. You can use Oracle Data Redaction to redact data that is querying outside of the application by business intelligence or ad-hoc queries. Most packaged applications offer some type of built-in redaction feature. Please see your packaged application documentation for more information on redacting data within the application.

Can I use Oracle Data Redaction with an in-house developed application?

Yes, it is possible to use Oracle Data Redaction with your in-house developed application, but you must take care to not write the redacted values back to the database. Once data is sent to the client, application, or end user, Oracle does not know whether the data was redacted or not.