In partial data redaction, you redact portions of the displayed output.

You can set the position within the actual data at which to begin the redaction, the number of characters to redact starting from that position, and the redaction character to use. (Actual data is the data in a protected table or view. An example of actual data could be the number 123456789, and the redacted data version of this number could be 999996789.) This type of redaction is useful for situations where you want it to be obvious to the person viewing the data that it was redacted in some way. Typically, you use this type of redaction for credit card numbers or ID numbers.

Be aware that partial data redaction requires that your data width remain fixed. If you want to redact columns containing string values of variable length, then you must use regular expression redaction.

To specify partial redaction, you must set the DBMS_REDACT.ADD_POLICY or DBMS_REDACT.ALTER_POLICY procedure function_type parameter to DBMS_REDACT.PARTIAL and use the function_parameters parameter to define the partial redaction behavior.

The displayed output for partial data redaction can be as follows:

• Character data types: When partially redacted, a Social Security Number (represented as a hyphenated string within a character data type) with value 987-65-4320 could be redacted so that it is displayed as shown in the following examples. The code on the right specifies how to redact the character data: it specifies the expected input format of the actual data, the format to use for the display of the redacted output, the character to use for the redaction, the start position at which to begin the redaction, and how many characters to redact. The first example uses a predefined format (in previous releases called a shortcut) for character data type Social Security Numbers, and the second example replaces the first five numbers with an asterisk (*) while preserving the hyphens (-) in between the numbers.

  • function_parameters => DBMS_REDACT.REDACT_US_SSN_F5 results in XXX-XX-4320

  • function_parameters => 'VVVFVVFVVVV,VVV-VV-VVVV,*,1,5' result in ***-**-4320

  In these examples, V describes each character that potentially can be redacted, and F describes each character that you want to format using a formatting character.

• Number data types: Partially redacted NUMBER data types appear with some numerals replaced with specified characters. For example, a Social Security Number stored as 987654321 could appear as follows. Both redact the first five digits. The first example uses a predefined format that is designed for Social Security Numbers in the NUMBER data type, and the second replaces the first five numbers with the number 9, starting from the first digit.

  • function_parameters => DBMS_REDACT.REDACT_NUM_US_SSN_F5 results in XXXXX4321

  • function_parameters => '9,1,5' results in 999994321

• Date-time data types: Partially redacted datetime values can appear simply as different dates. For example, the date 29-AUG-11 10.20.50.000000 AM could appear as follows. In the first example, the day of the month is redacted to 02 (using the setting d02) and in the second example, the month is redacted to DEC (using m12). The uppercase values show the actual day (D), actual month (M), actual year (Y), actual hour (H), actual minute (M), and actual second (S).

  • function_parameters => 'Md02YHMS' results in 02-AUG-11 10.20.50.000000 AM

  • function_parameters => 'm12DYHMS' results in 29-DEC-11 10.20.50.000000 AM