Although its primary target is redaction of production data for applications, Oracle Data Redaction also can be used in combination with Oracle Enterprise Manager Data Masking and Subsetting Pack for protecting sensitive data in testing and development environments.ģ.4.2 Considerations When Using Oracle Data Redaction with Ad Hoc Database Queries These characteristics make Oracle Data Redaction particularly well suited for usage by a range of applications, analytics tools, reporting tools, and monitoring tools that share common production databases. In addition, Data Redaction is implemented in a way that minimizes performance overhead. You can specify which application users should see only redacted data by checking application user information that is passed into the database through the SYS_CONTEXT function you can redact data based on attributes of the current database or application user and you can implement multiple logical conditions within a given redaction policy. The redaction is enforced consistently across all of the applications that use the same underlying database. It is highly transparent to the database because the data remains the same in buffers, caches, and storage-only being changed at the last minute just before SQL query results are returned to the caller. Data Redaction is transparent to application users because it preserves the original data type and (optionally) the formatting. Oracle Data Redaction protects sensitive data that is displayed in database applications. During the time that the data is being redacted, all of the data processing is performed normally, and the back-end referential integrity constraints are preserved.ĭata redaction can help you to comply with industry regulations such as Payment Card Industry Data Security Standard (PCI DSS) and the Sarbanes-Oxley Act.ģ.4.1 Using Oracle Data Redaction with Database Applications This solution works well in a production system. Oracle Database applies the redaction at runtime, when users access the data (that is, at query-execution time). You can use this option to test the redaction policy definitions before applying them to a production environment. The None redaction type option enables you to test the internal operation of your redaction policies, with no effect on the results of queries against tables with policies defined on them. The redacted data presented to the querying application user appears as randomly generated values each time it is displayed, depending on the data type of the column. It is designed for use with character data only. For example, you can use regular expressions to redact email addresses, which can have varying character lengths. You can use regular expressions to look for patterns of data to redact. For example, you can redact a Social Security number with asterisks (*), except for the last 4 digits. For example, columns of the NUMBER data type are redacted with a zero ( 0), and character data types are redacted with a single space. The redacted value returned to the querying application user depends on the data type of the column. You redact all of the contents of the column data. You can redact column data by using one of the following methods:įull redaction. Oracle Data Redaction enables you to mask (redact) data that is returned from queries issued by applications.
0 Comments
Leave a Reply. |