Published by : Obay Salah , November 20, 2024

Redaction Types (Function Type):

Full Data Redaction:

Performs a full Redact of the contents of the specified column in the table or View.

It is activated through the setting.


function_type    => DBMS_REDACT.FULL

Full Data Redaction is the default setting when redacting columns.

You can use the procedure DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES to change the Full Redaction to other values.

You can also find the current values through the query REDACTION_VALUES_FOR_TYPE_FULL.

By default, the output is displayed as follows:

  • Character data types: The output text is a single blank space.
  • Number data types: The output text is a zero (0).
  • Date-time data types: The output text is set to the first day of January, 2001, which appears as 01-JAN-2001.
function_type    => DBMS_REDACT.PARTIAL


The function_parameters variable is used to define how the redaction is applied.

The output of this type of redaction, Partial Redaction, will be when the value is 123456789, and the following expression is used:

function_parameters => '9,1,5' results in 999994321


Regular Expressions:

This type performs a Redact on a specific part of the column's data based on the data you want to redact. The column data can vary in length. For example, if you want to redact the part of the email address before the domain, such as if the email is Obay@gmail.com, the data will be displayed as (redacted@gmail.com) after redaction.

To enable this type of redaction, you use the procedure DBMS_REDACT.ADD_POLICY or DBMS_REDACT.ALTER_POLICY.

DBMS_REDACT.ADD_POLICY )
   object_schema           IN VARCHAR2 := NULL,
   object_name             IN VARCHAR2,
   column_name             IN VARCHAR2 := NULL,
   policy_name             IN VARCHAR2,
   function_type           IN BINARY_INTEGER := NULL,
   expression              IN VARCHAR2,
   enable                  IN BOOLEAN := TRUE,
   regexp_pattern          IN VARCHAR2 := NULL,
   regexp_replace_string   IN VARCHAR2 := NULL,
   regexp_position         IN BINARY_INTEGER := 1,
   regexp_occurrence       IN BINARY_INTEGER := 0,
   regexp_match_parameter  IN VARCHAR2 := NULL
);

 

Redaction Using Null Values:

With this type, you can create an Oracle Data Redaction Policy that redacts the column data by replacing it with the null value.

This type allows you to use the function DBMS_REDACT.NULLIFY to hide all sensitive data in the table or View and replace it with the null value. You can use this function by utilizing the function_type variable in the procedure DBMS_REDACT.ADD_POLICY or the procedure DBMS_REDACT.ALTER_POLICY as follows:

function_type => DBMS_REDACT.NULLIFY


Random Data Redaction:

In random data redaction, the entire value is redacted by replacing it with a random value. The redacted value displayed in the query result set changes randomly each time the user runs the query. This type is useful in situations where you do not want it to be obvious that the data has been redacted. It works particularly well with numeric and date data types, where it is difficult to distinguish between random and real data.

function_type => DBMS_REDACT.RANDOM


Tags : Advanced Security

You May Also Like

Comments

no comment yet!