We are using Data Redaction in 12.2 to redact credir card numbers for all but a few privileged users
The users access the data through a package, so, we can't use a role in the policy and need to explicit the list of the privileged users (because of the old, well known issue of skip role privileges in packages). In these scenario, if we have a new privileged user or a user that should not be privileged anymore, the recreation of the policy is needed, generating a recompilation of the dependent packages
1. This is really the best approach ?
2. Is there any way to use roles in the policy, or add a level of indirection to manage the privileged user's list without change the policy (in this scenario of querying through packages) ?