Oracle Advanced Security Data Redaction provides selective, on-the-fly redaction of sensitive data in database query results prior to display by applications so that unauthorized users cannot view the sensitive data. The stored data remains unaltered, while displayed data is transformed and redacted on-the-fly before it leaves the database. Data Redaction reduces exposure of sensitive information and helps prevent exploitation of application flaws that may disclose sensitive data in application pages. It is well suited for both new and legacy applications that need to limit exposure of sensitive data without invasive application changes.
Data redaction works by defining polices for tables and views using the package dbms_redact. A few things to note about data redaction.
- With sysdba privileges grant execute on DBMS_REDACT to the user creating the policy
- Only one policy may exist for a table or view
- Data redaction does support view chaining so child views do inherit polices from parent views and tables