2.1 Getting Started with Oracle Data Redaction
You can create and enable Oracle Data Redaction policies by using the
DBMS_REDACT package. You define redaction policies by specifying the schema,
object, and column.
-
The schema level specifies the exact schema where one or more columns of an object have to be redacted.
-
The object level includes tables, views, and materialized views where Orace Data Redaction policies are applied. You may apply a maximum of one policy per object.
-
The column level includes where redaction functions operate. You can define a redaction function on one column when you create a redaction policy. You can then edit the policy to redact additional columns in the object with different functions if needed.
Note:
You can provide the same policy name for different objects but the policies will be different and unrelated. Policies are unique based on a combination of the object owner, the object name, and the policy name. If you decide to reuse the same policy name on a different objects, it is a separate policy and will have separate policy expressions.For example, you can create an Oracle Data Redaction policy on the SALARY column of an HR.EMPLOYEES table with the following procedure:
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema => 'hr',
object_name => 'employees',
column_name => 'salary',
policy_name => 'hr_emp_redact_comp_pol',
function_type => DBMS_REDACT.FULL,
expression => '1=1');
END;
In this case, we use the ADD_POLICY procedure in the DBMS_REDACT package to define an Oracle Data Redaction policy called hr_emp_redact_comp_pol. The function type DBMS_REDACT.FULL specifies that full data redaction be performed in retrieved values in the salary column, which means that by default, number data types are replaced with zero (0) in the output text. The expression parameter sets the policy to perform the redaction if it evaluates to TRUE (1=1).
Oracle Data Redaction provides a variety of ways to redact different types of data, which are described in this section.