1. Data Redaction Guide
  2. Configuring Oracle Data Redaction Policies
  3. Planning an Oracle Data Redaction Policy

3.4 Planning an Oracle Data Redaction Policy

Before you create a Oracle Data Redaction policy, you should plan the data redaction policy that best suits your site’s needs.

  1. Ensure that you have the appropriate privileges to create and manage Oracle Data Redaction policies.
    • To create redaction policies on objects in your own schema, you must have the EXECUTE privilege on the DBMS_REDACT PL/SQL package and the ADMINISTER REDACTION POLICY system or schema privilege.
    • To create redaction policies on objects in another user's schema, you must have the EXECUTE privilege on the DBMS_REDACT PL/SQL package and the ADMINISTER REDACTION POLICY system privilege.
  2. Determine the data type of the table or view column that you want to redact.
  3. Determine if the base object to which you want to add the Data Redaction policy has dependent objects. For more information see Oracle Data Redaction and Object Dependencies.
    Oracle recommends that you only add a Data Redaction policy to an object that has dependent objects during off-peak hours or during a scheduled downtime.
  4. Decide on the type of redaction that you want to perform: full, random, partial, regular expressions, nullify, or none.
  5. Decide which users to apply the Data Redaction policy to.
  6. Based on this information, create the Data Redaction policy by using the DBMS_REDACT.ADD_POLICY procedure.
  7. Configure the policy to have additional columns to be redacted.
    If you need additional columns to have different condition for redaction, you can create a Data Redaction named policy expression.

    For example, if SSN should be redacted for all users, it can have a condition of 1=1.

    For more information see Creating and Managing Multiple Named Policy Expressions.

After you create the Data Redaction policy, it is automatically enabled and ready to redact data.

Related Topics