{"id":9424,"date":"2019-05-28T07:11:18","date_gmt":"2019-05-28T07:11:18","guid":{"rendered":"https:\/\/ittutorial.org\/?p=9424"},"modified":"2020-08-27T20:03:25","modified_gmt":"2020-08-27T20:03:25","slug":"data-redaction-dbms_redact-in-oracle-database-1","status":"publish","type":"post","link":"https:\/\/ittutorial.org\/data-redaction-dbms_redact-in-oracle-database-1\/","title":{"rendered":"Data Redaction ( dbms_redact  ) in Oracle Database -1"},"content":{"rendered":"<p>Hi,<\/p>\n<p>I will explain\u00a0Data Redaction in Oracle Database in this article.<\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<p>You can show critical data differently to unauthorized and unintended users in the Oracle database. Data Redaction does not change data on the physical disk such as the Transparent data Encryption feature, but only when the unauthorized users want to see the data, they can see masked or redacted data.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/tde.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4067\" src=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/tde.png\" alt=\"TDE\" width=\"550\" height=\"200\" srcset=\"https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/tde.png 550w, https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/tde-300x109.png 300w\" sizes=\"auto, (max-width: 550px) 100vw, 550px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #ff0000;\"><strong>If you want to learn more Security options of Oracle database, you can read the following post.<\/strong><\/span><\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"II3Zl5aefq\"><p><a href=\"https:\/\/ittutorial.org\/transparent-data-encryption-tde-in-oracle\/\">Transparent Data Encryption ( TDE ) in Oracle<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Transparent Data Encryption ( TDE ) in Oracle&#8221; &#8212; IT Tutorial\" src=\"https:\/\/ittutorial.org\/transparent-data-encryption-tde-in-oracle\/embed\/#?secret=5zuGd6YaYB#?secret=II3Zl5aefq\" data-secret=\"II3Zl5aefq\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>&nbsp;<\/p>\n<p>Oracle Data Redaction does not affect on Backup \/ Restore, Upgrade, Patch. Oracle Data Redaction has 4 different methods according to the purpose of use like following.<\/p>\n<ul>\n<li>Full Redaction<\/li>\n<li>Partial\u00a0Redaction<\/li>\n<li>RegExp\u00a0Redaction<\/li>\n<li>Random\u00a0Redaction<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/data-redaction.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4073\" src=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/data-redaction.png\" alt=\"Data Redaction\" width=\"579\" height=\"228\" srcset=\"https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/data-redaction.png 579w, https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/data-redaction-300x118.png 300w\" sizes=\"auto, (max-width: 579px) 100vw, 579px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>When we examine above 4 methods, we can understand very well what method does with practical exams. I usually use the Random method to be more secure.\u00a0Because same Data seems differently to\u00a0unauthorized users for every query in the random redaction and this is very important for the security of our data.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4074\" src=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/data-redaction2.png\" alt=\"Data Redaction2\" width=\"550\" height=\"170\" srcset=\"https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/data-redaction2.png 550w, https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/data-redaction2-300x93.png 300w\" sizes=\"auto, (max-width: 550px) 100vw, 550px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Let&#8217;s go and apply Random Data Redaction method\u00a0 to the Card number, Card expire month and Card expire year columns in the CREDIT_CARD_INF table under TEST Schema. Data Redaction operations can be done in Oracle&#8217;s DBMS_REDACT package.<\/p>\n<p>We can create Data Redaction process with the ADD_POLICY procedure.\u00a0The authorized user in this example will be a TEST user and other users will be exposed to Data Redaction and see different data or Redacted data for every query.<\/p>\n<pre><\/pre>\n<pre> BEGIN\r\n DBMS_REDACT.ADD_POLICY (\r\n OBJECT_SCHEMA =&gt; 'TEST',\r\n object_name =&gt; 'CREDIT_CARD_INF',\r\n policy_name =&gt; 'CC_Redaction',\r\n expression =&gt; 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') != ''TEST'' OR SYS_CONTEXT(''USERENV'', ''SESSION_USER'') IS NULL');  \r\n END;\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<\/pre>\n<p>Create the rule of the Random Redaction procedure for the columns (\u00a0Card number, Card expire month and Card expire year )\u00a0 with the ALTER_POLICY procedure<\/p>\n<p>&nbsp;<\/p>\n<pre> BEGIN\r\n DBMS_REDACT.ALTER_POLICY (\r\n OBJECT_SCHEMA =&gt; 'TEST',\r\n object_name =&gt; 'CREDIT_CARD_INF',\r\n policy_name =&gt; 'CC_Redaction',\r\n action =&gt; DBMS_REDACT.ADD_COLUMN,\r\n column_name =&gt; '\"CARD_NUMBER\"',\r\n function_type =&gt; DBMS_REDACT.RANDOM);\r\n END;\r\n\/\r\n\r\n<\/pre>\n<pre>BEGIN\r\n DBMS_REDACT.ALTER_POLICY (\r\n OBJECT_SCHEMA =&gt; 'TEST',\r\n object_name =&gt; 'CREDIT_CARD_INF',\r\n policy_name =&gt; 'CC_Redaction',\r\n action =&gt; DBMS_REDACT.ADD_COLUMN,\r\n column_name =&gt; '\"CARD_EXP_YEAR\"',\r\n function_type =&gt; DBMS_REDACT.RANDOM);\r\n END;\r\n\/\r\n<\/pre>\n<pre>BEGIN\r\n DBMS_REDACT.ALTER_POLICY (\r\n OBJECT_SCHEMA =&gt; 'TEST',\r\n object_name =&gt; 'CREDIT_CARD_INF',\r\n policy_name =&gt; 'CC_Redaction',\r\n action =&gt; DBMS_REDACT.ADD_COLUMN,\r\n column_name =&gt; '\"CARD_EXP_MONTH\"',\r\n function_type =&gt; DBMS_REDACT.RANDOM);\r\n END;<\/pre>\n<pre>\/\r\n\r\n<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n\n<p>&nbsp;<\/p>\n<p>After successfully executing\u00a0 PL \/ SQL code, When we query related table with Unauthorized user, we will see different data or redacted data.<\/p>\n<p>&nbsp;<\/p>\n<pre>SQL&gt;\u00a0SELECT * FROM TEST.CREDIT_CARD_INF;\r\n\r\n<\/pre>\n<p><a href=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/redaction-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4075\" src=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/redaction-1.png\" alt=\"redaction 1\" width=\"614\" height=\"191\" srcset=\"https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/redaction-1.png 776w, https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/redaction-1-300x94.png 300w, https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/redaction-1-768x240.png 768w\" sizes=\"auto, (max-width: 614px) 100vw, 614px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>When we run the above query again, CARD_NUMBER, CARD_EXP_MONTH and CARD_EXP_YEAR are randomly changed.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/redaction-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4076\" src=\"https:\/\/salihdeveci.files.wordpress.com\/2014\/10\/redaction-2.png\" alt=\"redaction 2\" width=\"614\" height=\"194\" srcset=\"https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/redaction-2.png 779w, https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/redaction-2-300x95.png 300w, https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/redaction-2-768x244.png 768w\" sizes=\"auto, (max-width: 614px) 100vw, 614px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h5><span style=\"color: #ff0000;\">Do you want to learn Oracle Database for Beginners, then read the following articles.<\/span><\/h5>\n<p><a href=\"https:\/\/ittutorial.org\/oracle-database-19c-tutorials-for-beginners\/\">https:\/\/ittutorial.org\/oracle-database-19c-tutorials-for-beginners\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, I will explain\u00a0Data Redaction in Oracle Database in this article.<\/p>\n","protected":false},"author":1,"featured_media":4073,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1994,5046],"tags":[4588,449,4586,12798,4584,4589,12797,4591,480,12799,508,4596,579,12800,4593,4585,1031,4595,12801,4594,1120,4590,1165,1166,1199,1203,1205,4592,1266,1267,1345,4587],"class_list":["post-9424","post","type-post","status-publish","format-standard","has-post-thumbnail","","category-oracle","category-security","tag-configure-data-redaction-on-oracle","tag-data-redaction","tag-data-redaction-dbms_redact-in-oracle-database","tag-data-redaction-in-oracle-12c-dba-blogs","tag-data-redaction-in-oracle-database","tag-data-redaction-in-oracle-database-12c-flaws-or-security-gaps","tag-data-redaction-meaning","tag-data-redaction-vs-data-masking","tag-dba-danismanlik","tag-dbms_redact","tag-deveci","tag-encryption-and-redaction","tag-exadata-danismanlik","tag-grant-exempt-redaction-policy-to-user","tag-grants-missing-on-redaction-policies-and-redaction-columns","tag-introduction-to-oracle-data-redaction","tag-mehmet-salih-deveci","tag-ora-28094","tag-ora-28074-the-redact_partial_input_format-field-of-the-redaction-parameters-is-not-valid","tag-ora-28081-insufficient-privileges-the-command-references-a-redacted-object","tag-oracle","tag-oracle-12c-data-redaction-example","tag-oracle-advanced-security-data-redaction","tag-oracle-advanced-security-option","tag-oracle-danismanlik","tag-oracle-data-masking","tag-oracle-data-redaction","tag-oracle-data-redaction-white-paper","tag-oracle-egitim","tag-oracle-egitimi","tag-oracle-support","tag-redacting-data-from-the-oracle-database"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/ittutorial.org\/wp-content\/uploads\/2014\/10\/data-redaction.png","jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/posts\/9424","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/comments?post=9424"}],"version-history":[{"count":6,"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/posts\/9424\/revisions"}],"predecessor-version":[{"id":18250,"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/posts\/9424\/revisions\/18250"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/media\/4073"}],"wp:attachment":[{"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/media?parent=9424"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/categories?post=9424"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ittutorial.org\/wp-json\/wp\/v2\/tags?post=9424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}