You can use Oracle Data Redaction in an Oracle Database Vault environment.

Oracle Database Vault can be used to limit administrators from disabling, modifying or bypassing Data Redaction policies. Database Vault can protect objects, and their associated Data Redaction policies, from privileged users through realms or command rules.

For example, if there is an Oracle Database Vault realm around an object, a user who does not belong to the authorized list of realm owners or participants cannot see the object data, regardless of whether the user was granted the EXEMPT REDACTION POLICY privilege. If the user attempts a DML or DDL statement on the data, error messages result.

Even if there is no realm violation, and if command rules are enabled, then Oracle Database Vault evaluates the associated rule sets. If any of the rule sets evaluate to FALSE, then the statement is not allowed to be run, raising a command rule violation.