136 DBMS_REDACT
The DBMS_REDACT
package provides an interface to Oracle Data Redaction, which enables you to mask (redact) data that is returned from queries issued by low-privileged users or an application.
This chapter contains the following topics:
See Also:
-
Oracle Database Advanced Security Guide regarding using Data Redaction to protect sensitive data
136.1 DBMS_REDACT Overview
Data redaction provides a way to define masking policies for an application. Oracle Data Redaction provides functionality to mask (redact) data that is returned from user SELECT
queries in an application. The masking takes place in real time. The Data Redaction policy applies to the querying user, depending on this user's SYS_CONTEXT
or XS_SYS_CONTEXT
values. This redaction process does not require that the queried data be static or unchanging, or for the entire data set to be redacted at one time in an off-line manner. Oracle Database redacts only the data for the rows specified by the user's query, not the data for the entire column. The redaction takes place immediately before the data is returned to the querying user or application.
136.2 DBMS_REDACT Security Model
If the querying user has the EXEMPT REDACTION POLICY
system privilege, redaction will not be performed. If the user does not have the EXEMPT REDACTION POLICY
system privilege, the policy expression will be evaluated in the current user's environment. If the policy expression evaluates to TRUE
, then redaction will be performed, otherwise no redaction will be performed.
You need the EXECUTE
privilege on the DBMS_REDACT
package in order to execute its subprograms. Procedures in the interface are executed with privileges of the current user.
136.3 DBMS_REDACT Constants
The DBMS_REDACT
package defines several constants for specifying parameter values.
Table 136-1 Values for function_type Parameter of DBMS_REDACT.ADD_POLICY
Constant | Value | Type | Description |
---|---|---|---|
|
|
|
No redaction |
|
|
|
Redact to fixed values |
|
|
|
Returns a null value as a redacted value |
|
2 |
|
Partial redaction, redact a portion of the column data |
|
4 |
|
Random redaction, each query results in a different random value |
|
|
|
Regular expression based redaction |
|
|
|
Regular expression based redaction that preserves the width of a column that uses a regular expression; designed for applications use the |
Table 136-2 Values for action Parameter of DBMS_REDACT.ALTER_POLICY
Constant | Value | Type | Description |
---|---|---|---|
|
|
|
Add a column to the redaction policy |
|
|
|
Drop a column from the redaction policy |
|
|
|
Modify the expression of a redaction policy (the expression evaluates to a |
|
|
|
Modify a column in the redaction policy to change the redaction |
|
|
|
Set a description for the redaction policy |
|
|
|
Set a description for the redaction performed on the column |
136.4 DBMS_REDACT Operating Procedures
The following table presents the relationship between the type of redaction function and its parameters, based on the datatype of the column being redacted. Examples of the various format strings are provided, showing how to perform some commonplace redaction for a string datatype (in this case, a Social Security Number (SSN)), a DATE
datatype, and various examples of redaction for the number datatype.
Table 136-3 Data Redaction Function Types
function_type | function_parameters | Examples |
---|---|---|
|
- |
- |
|
- |
- |
|
A comma-separated list, containing the following five fields (with no spaces after the commas delimiting the fields):
See Table 136-4. |
|
|
|
The |
|
|
The REDACT_PARTIAL_OUTPUT_FORMATfield value |
|
|
The value |
|
|
The value |
|
|
The value |
|
The |
- |
|
A comma-separated list, containing the following three fields (with no spaces after the commas delimiting the fields):
See Table 136-4. |
|
|
|
- |
|
A list, containing the following five fields (concatenated so that there is no space between the fields):
See Table 136-4. |
|
|
|
- |
|
Same as |
- |
|
- |
- |
Table 136-4 Format Descriptors with Component Field Names and Delimiters
Datatype | Format Descriptor for Partial redaction |
---|---|
Character |
|
Number |
|
Datetime |
|
136.5 Summary of DBMS_REDACT Subprograms
This table lists and briefly describes the DBMS_REDACT
package subprograms.
Table 136-5 DBMS_REDACT Package Subprograms
Subprogram | Description |
---|---|
Defines a Data Redaction policy for a table or view |
|
Alters a Data Redaction policy for a table or view |
|
Applies a Data Redaction policy expression to a redacted column |
|
Creates a Data Redaction policy expression |
|
Disables a Data Redaction policy |
|
Drops a Data Redaction policy |
|
Drops a Data Redaction policy expression |
|
Enables a Data Redaction policy |
|
Modifies the default displayed values for a Data Redaction policy for full redaction |
|
Updates a Data Redaction policy expression |
136.5.1 ADD_POLICY Procedure
This procedure defines a Data Redaction policy for a table or view.
Syntax
DBMS_REDACT.ADD_POLICY ( object_schema IN VARCHAR2 := NULL, object_name IN VARCHAR2, policy_name IN VARCHAR2, column_name IN VARCHAR2 := NULL, function_type IN BINARY_INTEGER := DBMS_REDACT.FULL, function_parameters IN VARCHAR2 := NULL, expression IN VARCHAR2, enable IN BOOLEAN := TRUE, regexp_pattern IN VARCHAR2 := NULL, regexp_replace_string IN VARCHAR2 := NULL, regexp_position IN BINARY_INTEGER := 1, regexp_occurrence IN BINARY_INTEGER := 0, regexp_match_parameter IN VARCHAR2 := NULL, policy_description IN VARCHAR2 := NULL, column_description IN VARCHAR2 := NULL);
Parameters
Table 136-6 ADD_POLICY Procedure Parameters
Parameter | Description |
---|---|
|
Schema owning the table, current user if |
|
Name of table or view to which to add a Data Redaction policy |
|
Name of policy |
|
[Optional] Name of one column to which the redaction policy applies. If you must redact more than one column, use the ALTER_POLICY Procedure to add the additional columns. |
|
Type of redaction function to use. Possible values are: - - - - - - - If the See Table 136-1 for an overview of the meanings of these values, and for some examples of their use. |
|
Parameters to the redaction function. The possible values depend on the value of the If the - - - Masking parameters for partial character masking. For character datatypes, a comma-separated list containing these fields:
For number datatypes, a comma-separated list containing these fields:
For datetime datatypes, the format is a packed string (no spaces or commas) containing the following sequence of fields. Please note that each field can consist of one or more characters, and the field length depends on whether masking is required. The one-character fields are used to specify that no redaction of that component of the datetime value is to take place. The longer fields indicate a specific time or date to use as the redacted value of that component of the datetime value.
An example is For partial character and number-masking shortcuts, see Oracle Database Advanced Security Guide. |
|
Default boolean expression for the table or view. If this expression is used, then redaction takes place only if this policy expression evaluates to See The following functions are supported:
See Oracle Database Advanced Security Guide for more information about these supported functions |
|
Boolean value that determines whether the Data Redaction policy is enabled on creation. The default value is |
|
Regular expression pattern up to 512 bytes. Use only if the See Oracle Database SQL Language Reference for more information and examples on using regular expression patterns. |
|
Replacement string (up to 4000 characters in length) with up to 500 back-references to subexpressions in the form Use only if the |
|
Integer counting from 1, specifies the position where the search must begin. Use only if the |
|
Use only if the |
|
Changes the default matching behavior, possible values are a combination of 'i', 'c', 'n', 'm', 'x' Use only if the See Oracle Database SQL Language Reference for more information and examples on using regular expression match parameters. |
|
Description of redaction policy |
|
Description of the column being redacted |
Exceptions
-
ORA-28060
- A Data Redaction policy already exists on this column. -
ORA-28061
- This object cannot have a Data Redaction policy defined on it. -
ORA-28062
- The policy expression is too long. -
ORA-28063
- The policy expression is empty. -
ORA-28064
- The type of redaction function is not valid. -
ORA-28066
- Invalid columncolumn
-
ORA-28069
- A Data Redaction policy already exists on this object. -
ORA-28073
- The columncolumn_name
has an unsupported datatype. -
ORA-28074
- Thefield
field_name
of the masking parameters is not validThe field can be any of the following:
-
REDACT_PARTIAL_INPUT_FORMAT
-
REDACT_PARTIAL_OUTPUT_FORMAT
-
REDACT_PARTIAL_MASKCHAR
-
REDACT_PARTIAL_MASKFROM
-
REDACT_PARTIAL_MASKTO
-
REDACT_PARTIAL_DATE_MONTH
-
REDACT_PARTIAL_DATE_DAY
-
REDACT_PARTIAL_DATE_YEAR
-
REDACT_PARTIAL_DATE_HOUR
-
REDACT_PARTIAL_DATE_MINUTE
-
REDACT_PARTIAL_DATE_SECOND
See Table 136-3 and Table 136-4 for examples of the field contents and field ordering.
-
-
ORA-28075
- The policy expression has unsupported functions -
ORA-28076
- An attribute was not specified forSYS_SESSION_ROLES
-
ORA-28077
- The attribute specified (attribute
) exceeds the maximum length -
ORA-28078
- A regular expression parameter is missing or invalid -
ORA-28082
- The parameter parameter is invalid (where the possible values arefunction_parameters
,column_description
,policy_name
andpolicy_description
) -
ORA-28085
- The input and output lengths of the redaction do not match.
Usage Notes
See Operating Procedures for more information regarding function types and function parameters with related examples.
A named Data Redaction policy expression that has been applied to a redacted column takes precedence over the expression defined in the expression
parameter. To find redacted columns that are affected by named policy expressions, query the REDACTION_EXPRESSIONS
data dictionary view.
Example
Partial redaction policy:
BEGIN DBMS_REDACT.ADD_POLICY( object_schema => 'hr', object_name => 'employees', column_name => 'employee_id', policy_name => 'mask_emp_id_nums', function_type => DBMS_REDACT.PARTIAL, function_parameters => '7,1,5', expression => '1=1'); END;
Full redaction policy:
BEGIN DBMS_REDACT.ADD_POLICY( object_schema => 'hr', object_name => 'employees', column_name => 'employee_id', policy_name => 'mask_emp_ids', function_type => DBMS_REDACT.FULL, expression => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',''CLERK'') = ''FALSE'''); END;
136.5.2 ALTER_POLICY Procedure
This procedure alters an existing Data Redaction policy for a table or view.
It alters a the policy in one or more of the following ways:
-
By changing the policy expression
-
By changing the type of redaction for a specified column
-
By changing the parameters to the redaction function for a specified column
-
By adding a column to the redaction policy (the redaction type and any parameters must be specified).
-
By removing a column from the redaction policy
Syntax
DBMS_REDACT.ALTER_POLICY ( object_schema IN VARCHAR2 := NULL, object_name IN VARCHAR2, policy_name IN VARCHAR2, action IN BINARY_INTEGER := DBMS_REDACT.ADD_COLUMN, column_name IN VARCHAR2 := NULL, function_type IN BINARY_INTEGER := DBMS_REDACT.FULL, function_parameters IN VARCHAR2 := NULL, expression IN VARCHAR2, regexp_pattern IN VARCHAR2 := NULL, regexp_replace_string IN VARCHAR2 := NULL, regexp_position IN BINARY_INTEGER := 1, regexp_occurrence IN BINARY_INTEGER := 0, regexp_match_parameter IN VARCHAR2 := NULL, policy_description IN VARCHAR2 := NULL, column_description IN VARCHAR2 := NULL);
Parameters
Table 136-7 ALTER_POLICY Procedure Parameters
Parameter | Description |
---|---|
|
Schema owning the table, current user if |
|
Name of table or view to which to alter a Data Redaction policy |
|
Name of policy limited to 30 bytes |
|
Action to take. For more information see Table 136-2. |
|
[Optional] Name of one column to which the redaction policy applies. |
|
Type of redaction function to use. Possible values are: - - - - - - - If the See Table 136-1 for an overview of the meanings of these values, and for some examples of their use. |
|
Parameters to the redaction function. The possible values depend on the value of the If the - If the - If the - If the
For number datatypes, a comma-separated list containing these fields:
For datetime datatypes, the format is a packed string (no spaces or commas) containing the following sequence of fields. Please note that each field can consist of one or more characters, and the field length depends on whether masking is required. The one-character fields are used to specify that no redaction of that component of the datetime value is to take place. The longer fields indicate a specific time or date to use as the redacted value of that component of the datetime value.
An example is For partial character and number-masking shortcuts, see Oracle Database Advanced Security Guide. |
|
Default boolean expression for the table or view. If this expression is used, then redaction takes place only if this policy expression evaluates to The following functions are supported:
|
|
Regular expression pattern up to 512 bytes. Use only if the See Oracle Database SQL Language Reference for more information and examples on using regular expression patterns |
|
Replacement string (up to 4000 characters in length) with up to 500 back-references to subexpressions in the form Use only if the |
|
Integer counting from 1, specifies the position where the search must begin. Use only if the |
|
Use only if the |
|
Changes the default matching behavior, possible values are a combination of 'i', 'c', 'n', 'm', 'x' Use only if the See Oracle Database SQL Language Reference for more information and examples on using regular expression match parameters. |
|
Description of redaction policy |
|
Description of the column being redacted |
Exceptions
-
ORA-28062
- The policy expression is too long. -
ORA-28063
- The policy expression is empty. -
ORA-28064
- The type of redaction function is not valid. -
ORA-28066
- Invalid columncolumn
-
ORA-28067
- Missing or invalid column name -
ORA-28068
- The objectobject
does not have a Data Redaction policy. -
ORA-28070
- The columncolumn
does not have a Data Redaction policy. -
ORA-28071
- The action is not valid. -
ORA-28072
- The specified policy name is incorrect. -
ORA-28073
- The columncolumn_name
has an unsupported datatype. -
ORA-28074
- The fieldfield_name
of the masking parameters is not validThe field can be any of the following:
-
REDACT_PARTIAL_INPUT_FORMAT
-
REDACT_PARTIAL_OUTPUT_FORMAT
-
REDACT_PARTIAL_MASKCHAR
-
REDACT_PARTIAL_MASKFROM
-
REDACT_PARTIAL_MASKTO
-
REDACT_PARTIAL_DATE_MONTH
-
REDACT_PARTIAL_DATE_DAY
-
REDACT_PARTIAL_DATE_YEAR
-
REDACT_PARTIAL_DATE_HOUR
-
REDACT_PARTIAL_DATE_MINUTE
-
REDACT_PARTIAL_DATE_SECOND
See Table 136-3 and Table 136-4 for examples of the field contents and field ordering.
-
-
ORA-28075
- The policy expression has unsupported functions. -
ORA-28076
- An attribute was not specified forSYS_SESSION_ROLES.
-
ORA-28077
- The attribute specified (attribute
) exceeds the maximum length. -
ORA-28078
- A regular expression parameter is missing or invalid. -
ORA-28082
- The parameter parameter is invalid (where the possible values arefunction_parameters
,column_description,
policy_name
andpolicy_description
) -
ORA-28085
- The input and output lengths of the redaction do not match.
Usage Notes
See Operating Procedures for more information regarding Function Types and Function Parameters with related examples.
A named Data Redaction policy expression that has been applied to a redacted column takes precedence over the expression defined in the expression
parameter. To find redacted columns that are affected by named policy expressions, query the REDACTION_EXPRESSIONS
data dictionary view.
Examples
BEGIN DBMS_REDACT.ALTER_POLICY( object_schema => 'HR', object_name => 'EMPLOYEES', policy_name => 'mask_emp_id_nums', action => DBMS_REDACT.DROP_COLUMN, column_name => 'EMAIL'); END;
136.5.3 APPLY_POLICY_EXPR_TO_COL Procedure
This procedure associates a named Oracle Data Redaction policy expression with a redacted column from a table or view.
Syntax
DBMS_REDACT.APPLY_POLICY_EXPR_TO_COL ( object_schema IN VARCHAR2 := NULL, object_name IN VARCHAR2, column_name IN VARCHAR2, policy_expression_name IN VARCHAR2 := NULL);
Parameters
Table 136-8 APPLY_POLICY_EXPR_TO_COL Procedure Parameters
Parameter | Description |
---|---|
|
Name of the schema that contains the redacted column |
|
Name of the object (table or view) that contains the redacted column |
|
Name of the redacted column to which the policy expression is applied |
|
Name of the policy expression |
Exceptions
-
ORA-28068
- The object object does not have a Data Redaction policy. -
ORA–28082
- The parameter parameter is invalid. -
ORA-28092
- The parameter parameter with value value has an error.
Usage Notes
You can find existing Data Redaction policy expressions by querying the REDACTION_EXPRESSIONS
data dictionary view. To find columns that have been redacted, query the REDACTION_COLUMNS
data dictionary view.
Example
BEGIN DBMS_REDACT.APPLY_POLICY_EXPR_TO_COL( object_schema => 'OE', object_name => 'CUSTOMERS', column_name => 'INCOME_LEVEL', policy_expression_name => 'oe_redact_pol'); END;
136.5.4 CREATE_POLICY_EXPRESSION Procedure
This procedure creates a named Oracle Data Redaction policy expression.
Syntax
DBMS_REDACT.CREATE_POLICY_EXPRESSION ( policy_expression_name IN VARCHAR2, expression IN VARCHAR2, policy_expression_description IN VARCHAR2 := NULL);
Parameters
Table 136-9 CREATE_POLICY_EXPRESSION Procedure Parameters
Parameter | Description |
---|---|
|
Name of the policy expression |
|
Definition of the policy expression |
|
Description of the policy expression |
Exceptions
-
ORA–28082
- The parameter parameter is invalid. -
ORA-28092
- The parameter parameter with value value has an error.
Usage Notes
See Operating Procedures for more information regarding function types and function parameters with related examples.
After you create a policy expression, you can associate it with a redacted table or view column by running the DBMS_REDACT.APPLY_POLICY_EXPR_TO_COL
procedure. To find existing redacted columns, query the REDACTION_COLUMNS
data dictionary view.
Example
BEGIN DBMS_REDACT.CREATE_POLICY_EXPRESSION( policy_expression_name => 'oe_redact_pol', expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') = ''OE'''), policy_expression_description => 'Enables policy for user OE '); END;
136.5.5 DISABLE_POLICY Procedure
This procedure disables a Data Redaction policy.
Syntax
DBMS_REDACT.DISABLE_POLICY ( object_schema IN VARCHAR2 := NULL, object_name IN VARCHAR2, policy_name IN VARCHAR2);
Parameters
Table 136-10 DISABLE_POLICY Procedure Parameters
Parameter | Description |
---|---|
|
Schema owning the table or view, current user if |
|
Name of table or view for which to disable a Data Redaction policy |
|
Name of policy to be disabled |
Exceptions
-
ORA-28068
- The objectobject
does not have a Data Redaction policy. -
ORA-28072
- The specified policy name is incorrect. -
ORA-28080
- The policy was already disabled.
Examples
BEGIN DBMS_REDACT.DISABLE_POLICY ( object_schema => 'hr', object_name => 'employees', policy_name => 'mask_emp_ids'); END;
136.5.6 DROP_POLICY Procedure
This procedure drops a Data Redaction policy by removing a masking policy from the table or view.
Syntax
DBMS_REDACT.DROP_POLICY ( object_schema IN VARCHAR2 := NULL, object_name IN VARCHAR2, policy_name IN VARCHAR2);
Parameters
Table 136-11 DROP_POLICY Procedure Parameters
Parameter | Description |
---|---|
|
Schema owning the table or view, current user if |
|
Name of table or view from which to drop a Data Redaction policy |
|
Name of policy to be dropped |
Exceptions
-
ORA-28068
- The objectobject
does not have a Data Redaction policy. -
ORA-28072
- The specified policy name is incorrect.
Examples
BEGIN DBMS_REDACT.DROP_POLICY ( object_schema => 'hr', object_name => 'employees', policy_name => 'mask_emp_ids'); END;
136.5.7 DROP_POLICY_EXPRESSION Procedure
This procedure drops a named policy expression.
Syntax
DBMS_REDACT.DROP_POLICY_EXPRESSION ( policy_expression_name IN VARCHAR2);
Parameters
Table 136-12 DROP_POLICY_EXPRESSION Procedure Parameters
Parameter | Description |
---|---|
|
Name of the policy expression |
Exceptions
-
ORA–28082
- The parameter parameter is invalid. -
ORA-28092
- The parameter parameter with value value has an error.
Usage Notes
You can find existing Data Redaction policy expressions by querying the REDACTION_EXPRESSIONS
data dictionary view.
Example
BEGIN DBMS_REDACT.DROP_POLICY_EXPRESSION( policy_expression_name => 'oe_redact_pol'); END;
136.5.8 ENABLE_POLICY Procedure
This procedure re-enables a Data Redaction policy.
Syntax
DBMS_REDACT.ENABLE_POLICY ( object_schema IN VARCHAR2 := NULL, object_name IN VARCHAR2, policy_name IN VARCHAR2);
Parameters
Table 136-13 ENABLE_POLICY Procedure Parameters
Parameter | Description |
---|---|
|
Schema owning the table or view, current user if |
|
Name of table or view to which to enable a Data Redaction policy |
|
Name of policy to be enabled |
Exceptions
-
ORA-28068
- The objectobject
does not have a Data Redaction policy. -
ORA-28071
- The action is not valid. -
ORA-28072
- The specified policy name is incorrect. -
ORA-28079
- The policy was already enabled.
Examples
BEGIN DBMS_REDACT.ENABLE_POLICY ( object_schema => 'hr', object_name => 'employees', policy_name => 'mask_emp_ids'); END;
136.5.9 UPDATE_FULL_REDACTION_VALUES Procedure
This procedure modifies the default displayed values for a Data Redaction policy for full redaction.
Syntax
DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES ( number_val IN NUMBER := NULL, binfloat_val IN BINARY_FLOAT := NULL, bindouble_val IN BINARY_DOUBLE := NULL, char_val IN CHAR := NULL, varchar_val IN VARCHAR2 := NULL, nchar_val IN NCHAR := NULL, nvarchar_val IN NVARCHAR2 := NULL, date_val IN DATE := NULL, ts_val IN TIMESTAMP := NULL, tswtz_val IN TIMESTAMP WITH TIME ZONE := NULL, blob_val IN BLOB := NULL, clob_val IN CLOB := NULL, nclob_val IN NCLOB NULL);
Parameters
Table 136-14 UPDATE_FULL_REDACTION_VALUES Procedure Parameters
Parameter | Description |
---|---|
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
|
Modifies the default value for columns of the |
Exceptions
ORA-28082
- The parameter parameter is invalid (where the possible values are char_val
, nchar_val
, varchar_val
and nvarchar_val
)
136.5.10 UPDATE_POLICY_EXPRESSION Procedure
This procedure updates a named Oracle Data Redaction policy expression.
Syntax
DBMS_REDACT.UPDATE_POLICY_EXPRESSION ( policy_expression_name IN VARCHAR2, expression IN VARCHAR2, policy_expression_description IN VARCHAR2 := NULL);
Parameters
Table 136-15 UPDATE_POLICY_EXPRESSION Procedure Parameters
Parameter | Description |
---|---|
|
Name of the policy expression |
|
Definition of the policy expression |
|
Description of the policy expression |
Exceptions
-
ORA–28082
- The parameter parameter is invalid. -
ORA-28092
- The parameter parameter with value value has an error.
Usage Notes
You can find existing policy expressions by querying the REDACTION_EXPRESSIONS
data dictionary view.
Example
BEGIN DBMS_REDACT.UPDATE_POLICY_EXPRESSION( policy_expression_name => 'oe_redact_pol', expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''OE'''), policy_expression_description => 'Disables policy for user OE '); END;