Table of Contents
- Title and Copyright Information
- Preface
-
Changes in This Release for Oracle Database Data Redaction Guide
-
Enhancements to Oracle Data
Redaction
- Complex Expression on Redacted Columns in Views
- Extended Statistics and Functional Indexes on Redacted Columns
- GROUP BY on Expression On Columns With Redaction Policies
- DISTINCT with ORDER BY on Redacted Column
- Inline View with Set Operation Having a Subquery
- Set Operator with Redacted Columns
- Redaction Results for Queries with SQL Expressions and Set Operation When Using Columns With Redaction Policies
- Optimization of Policy Expressions
- Schema Privileges to Simplify Access Control in Oracle Data Redaction
- BOOLEAN Data Type Supported in Oracle Data Redaction
-
Enhancements to Oracle Data
Redaction
-
1
Introduction to Oracle Data Redaction
- 1.1 What Is Oracle Data Redaction?
- 1.2 When to Use Oracle Data Redaction
- 1.3 Benefits of Using Oracle Data Redaction
-
1.4
Example Use Cases for Oracle Data Redaction
- 1.4.1 Oracle Data Redaction for Sensitive Data in Read-Only Static Pages
- 1.4.2 Oracle Data Redaction for Preventing Data Exposure by Management Tools
- 1.4.3 Oracle Data Redaction to Prevent Disclosure of Data from Offline Analytics
- 1.4.4 Oracle Data Redaction with Ad Hoc Database Queries Considerations
- 1.5 Oracle Data Redaction in a Multitenant Environment
-
2
Oracle Data Redaction Features and Capabilities
- 2.1 Getting Started with Oracle Data Redaction
- 2.2 Full Data Redaction to Redact All Data
- 2.3 Partial Data Redaction to Redact Portions of Data
- 2.4 Regular Expressions to Redact Patterns of Data
- 2.5 Random Data Redaction to Generate Random Values
- 2.6 Redaction Using Null Values
- 2.7 No Redaction for Testing Purposes
- 2.8 Comparison of Full, Partial, Regexp, Random, and Nullify Redaction Based on Data Types
- 2.9 Central Management of Data Redaction Named Policy Expressions
-
3
Configuring Oracle Data Redaction Policies
- 3.1 About Oracle Data Redaction Policies
- 3.2 Privileges for Managing Oracle Data Redaction Policies
- 3.3 General Syntax of the DBMS_REDACT.ADD_POLICY Procedure
- 3.4 Planning an Oracle Data Redaction Policy
-
3.5
Using Expressions to Define Conditions for Data Redaction Policies
- 3.5.1 About Using Expressions in Data Redaction Policies
- 3.5.2 Supported Functions for Data Redaction Expressions
- 3.5.3 Applying the Redaction Policy Based on User Environment
- 3.5.4 Applying the Redaction Policy Based on Database Roles
- 3.5.5 Applying the Redaction Policy Based on Application Express Session States
- 3.5.6 Applying the Redaction Policy Based on Oracle Label Security Label Dominance
- 3.5.7 Applying the Redaction Policy to All Users
-
3.6
Creating and Managing Multiple Named Policy Expressions
- 3.6.1 About Data Redaction Policy Expressions to Define Conditions
- 3.6.2 Creating and Applying a Data Redaction Named Policy Expression
- 3.6.3 Updating a Data Redaction Named Policy Expression
- 3.6.4 Dropping a Data Redaction Named Policy Expression
-
3.6.5
Tutorial: Creating and Sharing a Data
Redaction Named Policy Expression
- 3.6.5.1 Step 1: Create Users for This Tutorial
- 3.6.5.2 Step 2: Create an Oracle Data Redaction Policy
- 3.6.5.3 Step 3: Test the Oracle Data Redaction Policy
- 3.6.5.4 Step 4: Create and Apply a Named Policy Expression to the Redacted Table Columns
- 3.6.5.5 Step 5: Test the Data Redaction Named Policy Expression
- 3.6.5.6 Step 6: Modify the Data Redaction Named Policy Expression
- 3.6.5.7 Step 7: Test the Modified Named Policy Expression
- 3.6.5.8 Step 8: Remove the Components of This Tutorial
- 3.7 Creating a Full Redaction Policy and Altering the Full Redaction Value
-
3.8
Creating a Partial Redaction Policy
- 3.8.1 About Creating Partial Redaction Policies
- 3.8.2 Syntax for Creating a Partial Redaction Policy
- 3.8.3 Creating Partial Redaction Policies Using Fixed Character Formats
- 3.8.4 Creating Partial Redaction Policies Using Character Data Types
- 3.8.5 Creating Partial Redaction Policies Using Number Data Types
- 3.8.6 Creating Partial Redaction Policies Using Date-Time Data Types
- 3.9 Creating a Regular Expression-Based Redaction Policy
- 3.10 Creating a Random Redaction Policy
- 3.11 Creating a Nullify Redaction Policy
- 3.12 Creating a Policy That Uses No Redaction
- 3.13 Exemption of Users from Oracle Data Redaction Policies
- 3.14 Redacting Multiple Columns
- 3.15 Altering an Oracle Data Redaction Policy
- 3.16 Disabling and Enabling an Oracle Data Redaction Policy
- 3.17 Dropping an Oracle Data Redaction Policy
- 3.18 Tutorial: SQL Expressions to Build Reports with Redacted Values
-
4
Integrating Oracle Data Redaction with Other
Oracle Products and Features
- 4.1 Oracle Data Redaction and DML and DDL Operations
- 4.2 Oracle Data Redaction and Nested Functions, Inline Views, and the WHERE Clause
- 4.3 Redaction Results for Queries with SQL Expressions and Set Operation When Using Columns With Redaction Policies
- 4.4 Oracle Data Redaction Policy and Object Transfers with Oracle Data Pump
- 4.5 Oracle Data Redaction and Oracle Virtual Private Database
- 4.6 Oracle Data Redaction and Oracle Database Real Application Security
- 4.7 Oracle Data Redaction and Oracle Database Vault
- 4.8 Oracle Data Redaction and Data Masking and Subsetting Pack
-
5
Considerations for Oracle Data
Redaction
- 5.1 Oracle Data Redaction General Security Guidelines
- 5.2 Restriction of Administrative Access to Oracle Data Redaction Policies
- 5.3 How Oracle Data Redaction Affects the SYS, SYSTEM, and Default Schemas
- 5.4 Policy Expressions That Use SYS_CONTEXT Attributes
- 5.5 Oracle Data Redaction Policies on Materialized Views
- 5.6 Oracle Data Redaction and Object Dependencies
- 5.7 Oracle Data Redaction and Cursor Expression Queries on Columns Protected by Data Redaction Policies
- 5.8 Redaction Results of a SQL Expression When Using Multiple Columns With Different Policy Expressions
- 6 Limitations of Oracle Data Redaction
- A Frequently Asked Questions
- B Using Trace Files to Troubleshoot Oracle Data Redaction Policies
- C Oracle Data Redaction Policy Data Dictionary Views
-
D
DBMS_REDACT
- D.1 DBMS_REDACT Overview
- D.2 DBMS_REDACT Security Model
- D.3 DBMS_REDACT Constants
- D.4 DBMS_REDACT Operating Procedures
-
D.5
Summary of DBMS_REDACT Subprograms
- D.5.1 ADD_POLICY Procedure
- D.5.2 ALTER_POLICY Procedure
- D.5.3 APPLY_POLICY_EXPR_TO_COL Procedure
- D.5.4 CREATE_POLICY_EXPRESSION Procedure
- D.5.5 DISABLE_POLICY Procedure
- D.5.6 DROP_POLICY Procedure
- D.5.7 DROP_POLICY_EXPRESSION Procedure
- D.5.8 ENABLE_POLICY Procedure
- D.5.9 UPDATE_FULL_REDACTION_VALUES Procedure
- D.5.10 UPDATE_POLICY_EXPRESSION Procedure
-
E
Managing Oracle Data Redaction Policies in Oracle Enterprise Manager
- E.1 About Using Oracle Data Redaction in Oracle Enterprise Manager
- E.2 Oracle Data Redaction Workflow
- E.3 Management of Sensitive Column Types in Enterprise Manager
-
E.4
Managing Oracle Data Redaction Formats Using Enterprise Manager
- E.4.1 About Managing Oracle Data Redaction Formats Using Enterprise Manager
- E.4.2 Creating a Custom Oracle Data Redaction Format Using Enterprise Manager
- E.4.3 Editing a Custom Oracle Data Redaction Format Using Enterprise Manager
- E.4.4 Viewing Oracle Data Redaction Formats Using Enterprise Manager
- E.4.5 Deleting a Custom Oracle Data Redaction Format Using Enterprise Manager
-
E.5
Managing Oracle Data Redaction Named Policy
Expressions Using Enterprise Manager
- E.5.1 About Managing Oracle Data Redaction Policies Using Enterprise Manager
- E.5.2 Creating an Oracle Data Redaction Policy Using Enterprise Manager
- E.5.3 Editing an Oracle Data Redaction Policy Using Enterprise Manager
- E.5.4 Viewing Oracle Data Redaction Policy Details Using Enterprise Manager
- E.5.5 Enabling or Disabling an Oracle Data Redaction Policy in Enterprise Manager
- E.5.6 Deleting an Oracle Data Redaction Policy Using Enterprise Manager
-
E.6
Managing Data Redaction Named Policy
Expressions Using Enterprise Manager
- E.6.1 About Data Redaction Named Policy Expressions in Enterprise Manager
- E.6.2 Creating a Data Redaction Named Policy Expression in Enterprise Manager
- E.6.3 Editing a Data Redaction Named Policy Expression in Enterprise Manager
- E.6.4 Viewing Data Redaction Named Policy Expressions in Enterprise Manager
- E.6.5 Deleting a Data Redaction Named Policy Expression in Enterprise Manager
- Index