Because data redaction involves the protection of highly sensitive data, only trusted users should create Oracle Data Redaction policies.

You must have the EXECUTE privilege on the DBMS_REDACT package in order to run its subprograms. Procedures in the interface are run with privileges of the current user.

In addition to the EXECUTE privilege on the DBMS_REDACT package to run its subprograms, you must have the ADMINISTER REDACTION POLICY privilege at the schema or system level:

• Syntax of the ADMINISTER REDACTION POLICY privilege grant if the privilege is to apply to all non-SYS schemas across the database:

  GRANT ADMINISTER REDACTION POLICY TO grantee;

• Syntax of the ADMINISTER REDACTION POLICY privilege grant if the privilege is to be restricted to a specific schema:

  GRANT ADMINISTER REDACTION POLICY ON SCHEMA schema TO grantee;

You do not need any Oracle Data Redaction-specific privileges to access the underlying tables or views that will be protected by the policy. See Exemption of Users from Oracle Data Redaction Policies for Oracle Data Redaction-specific privileges to access actual data.

To find the privileges that a user has been granted, you can query the DBA_SYS_PRIVS data dictionary view. To find schema-specific privileges that a user has been granted, you can query any of the *SCHEMA_PRIVS data dictionary views.