Forum Stats

  • 3,836,755 Users
  • 2,262,182 Discussions
  • 7,900,095 Comments

Discussions

REDACTION policy doesn't work on my table-column Any thought?

User_TQYOY
User_TQYOY Member Posts: 13 Red Ribbon
edited May 28, 2020 2:38PM in Database Security - General

Hello Oracle Geeks,

I am trying to figure out, I have a partitioned table and I wanted to set REDACTION policy on particular column, tried full, partial etc, However, I could still see the column through different user which only does have select priv on that particular table.

Any thought on that. Thanks in advance.

Here is an excerpt.

test101 > BEGIN

DBMS_REDACT.ADD_POLICY  (OBJECT_SCHEMA => 'ORDER_ADMIN',  object_name => 'BASKET_ORDERER2',  policy_name => 'REDACT_CARD_NO',  expression => '1=1');

DBMS_REDACT.ALTER_POLICY  (OBJECT_SCHEMA => 'ORDER_ADMIN',  object_name => 'BASKET_ORDERER2',  policy_name => 'REDACT_CARD_NO',  action => DBMS_REDACT.ADD_COLUMN,  column_name => '"CARD_NUMBER"',  function_type => DBMS_REDACT.FULL);

END;

/  2    3    4    5

PL/SQL procedure successfully completed.

test101 > SELECT OBJECT_OWNER

,      OBJECT_NAME

,      POLICY_NAME

,      EXPRESSION

FROM REDACTION_POLICIES

/  2    3    4    5    6

OBJECT_OWNER      OBJECT_NAME     POLICY_NAME    EXPRESSION

-------------------- ------------------------------ ------------------------------ ------------------------------

ORDER_ADMIN      BASKET_ORDERER2     REDACT_CARD_NO    1=1

test101 > SELECT OBJECT_OWNER

,      OBJECT_NAME

,      COLUMN_NAME

,      FUNCTION_TYPE

,      FUNCTION_PARAMETERS

FROM REDACTION_COLUMNS

/

OBJECT_OWNER      OBJECT_NAME     COLUMN_NAME      FUNCTION_TYPE.  FUNCTION_PARAMETERS

-------------------- ------------------------------ ----------------------------------------------------------------------------------

ORDER_ADMIN      BASKET_ORDERER2     CARD_NUMBER      FULL REDACTION

Now creating a user RDC_TEST, granting select on ORDER_ADMIN.BASKET_ORDERER2 to RDC_TEST

When i login to this user:

I see all the data which is same like PRE-REDACTION. Why? I don't find any clue, Is it something related to Partition or any other policy.

Regards,

Shahzada

Answers