- Posted by Gavin Soorma
- On June 27, 2017
- 1 Comments
- 12c Release 2, advanced security, dbms_redact, expressions, new features, policy, redaction, security
Data Redaction was introduced in Oracle Database 12c Release 1 (read a note on this)
where we could hide or mask sensitive data in tables from non-privileged users. The data was ‘redacted’ at query run time and was stored in the database in its normal non-redacted form. The redaction could be full (no original data displayed) or partial (some portion of the original data is returned). We could also randomly redact data or use regular expressions to look for patterns of data to redact.
A number of new features related to Data Redaction have been introduced in Oracle 220.127.116.11.
We can now redact data based on different run time conditions as well as centrally manage and control data redaction policy expressions stored in the database. If we make a change to a data redaction policy expression, the change will cascade to all tables and columns which use the associated data redaction policy. Also new in 12.2, is the ability to use NULL as the redacted value.