[20181018]Oracle Database 12c: Data Redaction.txt
[20181018]Oracle Database 12c: Data Redaction.txt
--//簡單測試Data Redaction.Data Redaction主要目的對敏感資訊的保護,隨著對個人隱私的保護力度以及法律的加強,
--//這方面也許越來越重要.
1.環境:
SCOTT@test01p> @ ver1
PORT_STRING VERSION BANNER CON_ID
------------------------------ -------------- -------------------------------------------------------------------------------- ----------
IBMPC/WIN_NT64-9.1.0 12.2.0.1.0 Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production 0
create table empx as select * from emp;
Avalible Redaction Methods:
Type Description
None No redaction is performed.
Full Columns are redacted to constant values based on the column data type.
Partial User-specified positions are replaced by a user-specified character.
Random Data type is preserved and different values are output each time.
Regular Expression A "match and replace" is performed based on parameters
--//具體細節還給看看文件.
SCOTT@test01p> select * from scott.empx where rownum<=3;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
----- ---------- --------- ---------- ------------------- ---------- ---------- ----------
7369 SMITH CLERK 7902 1980-12-17 00:00:00 800 20
7499 ALLEN SALESMAN 7698 1981-02-20 00:00:00 1600 300 30
7521 WARD SALESMAN 7698 1981-02-22 00:00:00 1250 500 30
--//另外注意不能對sys和system使用者進行資料的redact。因為他們都有EXP_FULL_DATABASE這個角色,而這個角色又包含了EXEMPT
--//REDACTION POLICY系統許可權。同理,也不能直接賦予使用者dba許可權,dba自動包含EXP_FULL_DATABASE角色。
SYSTEM@test01p> revoke dba from scott;
Revoke succeeded.
2.測試:
--//define Redaction Policy,以system使用者執行:
begin
DBMS_REDACT.ADD_POLICY
(policy_name => 'EMPSAL_POLICY',
object_schema => 'SCOTT',
object_name => 'EMPX',
column_name => 'SAL',
expression => '1=1',
function_type => DBMS_REDACT.FULL);
end;
/
--//以scott使用者登入執行:
SCOTT@test01p> select * from scott.empx where rownum<=3;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- ------------------- ---------- ---------- ----------
7369 SMITH CLERK 7902 1980-12-17 00:00:00 0 20
7499 ALLEN SALESMAN 7698 1981-02-20 00:00:00 0 300 30
7521 WARD SALESMAN 7698 1981-02-22 00:00:00 0 500 30
--//sal=0
--//Modifiying Redaction Policy:
begin
DBMS_REDACT.ALTER_POLICY(
policy_name => 'EMPSAL_POLICY',
object_schema => 'SCOTT',
object_name => 'EMPX',
column_name => 'SAL',
action => DBMS_REDACT.MODIFY_column,
function_type => DBMS_REDACT.partial,
function_parameters => '9,1,10'
);
end;
/
SCOTT@test01p> select * from scott.empx where rownum<=3;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- ------------------- ---------- ---------- ----------
7369 SMITH CLERK 7902 1980-12-17 00:00:00 999 20
7499 ALLEN SALESMAN 7698 1981-02-20 00:00:00 9999 300 30
7521 WARD SALESMAN 7698 1981-02-22 00:00:00 9999 500 30
--//全部換成999
--//Drop a redact policy:
BEGIN
DBMS_REDACT.DROP_POLICY(
object_schema => 'SCOTT',
object_name => 'EMPX',
policy_name => 'EMPSAL_POLICY'
);
END;
/
SCOTT@test01p> select * from scott.empx where rownum<=3;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- ------------------- ---------- ---------- ----------
7369 SMITH CLERK 7902 1980-12-17 00:00:00 800 20
7499 ALLEN SALESMAN 7698 1981-02-20 00:00:00 1600 300 30
7521 WARD SALESMAN 7698 1981-02-22 00:00:00 1250 500 30
3.還有許多功能,不測試了.
--//收尾.
SYSTEM@test01p> grant dba to scott;
Grant succeeded.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/267265/viewspace-2216853/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- [20181018]12c Pluggable Database save state.txtDatabase
- Oracle 12c - Data RedactionOracle
- Oracle Database 12C New FeatureOracleDatabase
- Oracle 12c Data Guard搭建(一)Oracle
- Oracle Data Guard 12c 新功能Oracle
- Oracle Database Change Data Capture featureOracleDatabaseAPT
- Unload data to a flat file from Oracle databaseOracleDatabase
- Oracle 12C Database File Mapping for Oracle ASM FilesOracleDatabaseAPPASM
- 解析Oracle Database Concepts 12c(4)OracleDatabase
- 解析Oracle Database Concepts 12c(2)OracleDatabase
- 解析Oracle Database Concepts 12c(1)OracleDatabase
- 【OH】Deprecated and Desupported Features for Oracle Database 12cOracleDatabase
- Oracle 12C pluggable database自啟動OracleDatabase
- 解析Oracle Database Concepts 12c(5)OracleDatabase
- 解析Oracle Database Concepts 12c(3)OracleDatabase
- Oracle 12c Enterprise Manager Database ExpressOracleDatabaseExpress
- Oracle Database 12c十二大新特性OracleDatabase
- 小丸子學Oracle 12c系列之——Oracle Pluggable DatabaseOracleDatabase
- Oracle 12c RMAN Duplicating a Subset of the Source Database TablespacesOracleDatabase
- Oracle Database 12c可插拔資料庫案例OracleDatabase資料庫
- Oracle 11g Data Guard 使用 duplicate from active database 建立 standby databaseOracleDatabase
- Oracle 11g Data Guard 使用duplicate from active database 建立 standby databaseOracleDatabase
- Oracle 12c 新特性 Active Data Guard Far SyncOracle
- Seed Database (pdb$seed) - Read Write OR Read Only Mode in Oracle Database 12cDatabaseOracle
- Oracle 12C Transport a Database to a Different Platform Using Backup SetsOracleDatabasePlatform
- Oracle Database 12c新特性 In-Database Archiving資料庫內歸檔OracleDatabase資料庫
- Oracle 12c新特性 - Active Data Guard功能增強Oracle
- Oracle 11g Data Guard 使用duplicate from active databaseOracleDatabase
- oracle10g data guard(dg)__flashback_physical databaseOracleDatabase
- Transparent Data Encryption (TDE) in Oracle 10g Database Release 2Oracle 10gDatabase
- 12c in-database archiveDatabaseHive
- 12c EM Database ExpressDatabaseExpress
- Oracle資料庫12c最新安全工具Data RedactionFPOracle資料庫
- Oracle 12c新特性 - Data Pump (expdp/impdp) 功能增強Oracle
- ORACLE-1Z0-060題庫(Upgrade to Oracle Database 12c)OracleDatabase
- 嚐鮮Oracle Database 12c的十二大新特性VKOracleDatabase
- Oracle Database 12C 新功能 rman RECOVER TABLE (文件 ID 2047644.1)OracleDatabase
- Oracle Database 12c Release 2 (12.2) RAC On Oracle Linux 7 Using VMwareOracleDatabaseLinux