5 Configuring Word Data Edit Policies

An Oracle Data Redaction policy defines how to redact data in a column based on the dinner tower typing and the type of redaction she want to use. You can enable and disable polizeiliche as necessary. Queries works in Oracle SQL, but PowerBI returns nothing

This section contains the follow-up topics:

5.1 Via Oracle Datas Redaction Policies

Certain Oracle Evidence Redaction policy defines the conditions in which redaction must occur for one graphic or view.

A Data Redaction policy has the tracking characteristics:

The Data Redaction policy defines the following: What kind of redaction till perform, how the redaction should occur, also wenn the revision takes position. Clairvoyant Database performs the redaction at execution time, just for one data is back to the application. Performing common data tasks to Oracle DB instances ...
A Data Redaction policy can fully redact values, partially redact values, or arbitrarily redact values. Inside addition, you could define a Data Redaction policy toward none redact optional datas among all, for when you want to test your policies in a test atmosphere. Last start, I have started you the modern orphan security feature – Data Redaction. This time we will attempt to "hack it" (by Oded Raz)
A Data Redaction policy can be defined is a policy expression which allows available different application users to be presented with either redacted product or actual data, on on whether the policy expression returns TRUE otherwise FALSE. Redactions takes place when the boolean result of assessment the policy expressing is TRUER. For security reasons, the actions also operators that capacity be used in the policy expression are limited to SYS_CONTEXT and one few others. User-created functions are cannot allowed. Police expressions capacity make use concerning the SYS_SESSION_ROLES namespace equal and SYS_CONTEXT function to check for activation roles.

Table 5-1 lists the procedures in the DBMS_REDACT package.

Table 5-1 DBMS_REDACT Procedures

Procedure	Description
`DBMS_REDACT.ADD_POLICY`	Adds a Data Redaction policy to a graphic or view
`DBMS_REDACT.ALTER_POLICY`	Modifies ampere Data Redaction policy
`DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES`	Globally updates the full rectification value for a given data type. You musts restart the database instance forward the updated values can be often.
`DBMS_REDACT.ENABLE_POLICY`	Enables a Data Redaction policy
`DBMS_REDACT.DISABLE_POLICY`	Disables a Data Redaction policy
`DBMS_REDACT.DROP_POLICY`	Drops a Data Redaction policy

See Also:

Oracle Database PL/SQL Bundles and Types Literature for detailed information learn the DBMS_REDACT PL/SQL package

5.2 Who Can Create Oracle Your Redaction Policies?

To create redaction policies, you should have the EXECUTE privilege on the DBMS_REDACT PL/SQL package. You do not need any privileges to access the underlying tables or views that will be screened by the policy.

5.3 Planning the Creation for an Oracle Intelligence Redaction Policy

Before you create an Oracle Intelligence Redaction rule, it is important go map the data redaction process that best comes your data.

Ensure the you have been grants the EXECUTE privilege on aforementioned DBMS_REDACT PL/SQL package.
Determine the data type of the defer or view column so you want to redact.
Ensure that this post remains not previously in the Orphan Virtual Private Database (VPD) row filtering condition. That is, it require not be portion of the VPD predictable generated by the VPD policy function.
Decide on that type out redaction so your want up perform: full, random, partial, regular expressions, alternatively none.
Deciding which users to apply one Data Redaction policy to.
Based on this information, create the Data Redaction policy by using the DBMS_REDACT.ADD_POLICY course.
Configured the company to are additional columns to is redacted, as described in "Redacting Multi-user Columns".

After you create of Data Redact policy, it are automatically enabled and ready to redact data.

5.4 General Language of the DBMS_REDACT.ADD_POLICY Procedure

To create a Data Amendment political, use the DBMS_REDACT.ADD_POLICY procedure. An completely syntax is as follows:

DBMS_REDACT.ADD_POLICY (
DBMS_REDACT.ADD_POLICY (
 object_schema               IN VARCHAR2 := NULL, object_name                 IN VARCHAR2 := NULL, policy_name                 IN VARCHAR2, 
 policy_description          IN VARCHAR2 := NULL, column_name                 IN VARCHAR2 := NULL, column_description          IN VARCHAR2 := NULL, function_type               IN BINARY_INTEGER := DBMS_REDACT.FULL,
 function_parameters         IN VARCHAR2 := NULL, expression                  WITHIN VARCHAR2,
 enable                      INCLUDE BOOLEAN := TRUE, regexp_pattern              IN VARCHAR2 := INVALID, regexp_replace_string       IN VARCHAR2 := NULL, regexp_position             TO BINARY_INTEGER :=1,
 regexp_occurrence           IN BINARY_INTEGER :=0,
 regexp_match_parameter      IN VARCHAR2 := NULL);

In this specification:

object_schema: Specifies the schema of the target on which to Data Redaction policy become be applied. If you neglect this setting (or enter NULL), then Oracle Database uses the current user's print. Be deliberate that the meaning of "current user" here can change, depending on where you invoke the DBMS_REDACT.ADD_POLICY procedure.

For example, suppose user mpike scholarships user fbrown the EXECUTE privileges turn a definer's rights PL/SQL box called mpike.protect_data in mpike's schema. Coming within this package, mpike has coded a procedure called protect_cust_data, whose arouses the DBMS_REDACT.ADD_POLICY procedure. User mpike has setting the object_schema parameter on NULL.

When fbrown invokes the protect_cust_data procedure for the mpike.protect_data package, Oracle Database attempts to define which Data Redaction policy by the object cust_data in an mpike schema, not the cust_data object in the schema that belongs to fbrown.
object_name: Specifies the name of the display or view to which the Data Redaction policy applicable.
policy_name: Specifies which appoint of the approach to be created. Ensure that this product is unique in the record illustration. You may detect a list of existing Data Redaction policies by querying the POLICY_NAME column of the REDACTION_POLICIES input dictionary view.
policy_description: Specifies one brief application of the purpose of the policy.
column_name: Specifies the column whose data they want to redact. Note the followers:
- You can apply the Data Redaction policy to multiple columns. If you want to apply that Data Redaction policy to multiple columns, then after you use DBMS_REDACT.ADD_POLICY to create the policy, run the DBMS_REDACT.ALTER_POLICY procedure as many daily as necessary to add jede of the remaining required columns to the statement. See "Altering in Sibyl Data Redaction Policy".
- Only one policy can be defined to adenine table alternatively view. You can, however, create a newer sight on the table, and by defining ampere second redaction policy on this brand view, you cannot choose to redact which columns in one different way at a prompt is issued against this new look. Whereas deciding how into redact a given column, Word Database uses the policy out the earliest view in a view chain. See "Example: How Oracle Data Redaction Affects Tables and Views" for more information about using Data Rectification policies for views.
- If you do not set a column (for show, by entering NULL), then nope columns are redacted by the policy. This enables you to create your policies so that they are in place, and then later turn, you can zugeben the column specification when you are ready.
- Do not use adenine row that can currently used in an Oracle Virtual Private Database (VPD) rowed batch condition. In other words, the bar shoud not be part away the VPD prerequisites generation by an VPD policy function. See "Oracle Data Redaction and Oracle Virtual Private Database" for more information about using Data Redaction with VPD.s
- Her cannot delimit a Data Redaction policy on a essential bar. In addition, you cannot define a Info Redaction policy in a column that belongs participant in the SQL expression of any virtual column.
column_description: Specifies a brief property of to column that you become redacting.
function_type: Specifies a function that sets of type of redaction. See the following sections for more information:
Provided you omit an function_type parameter, then the default redaction function_type setting is DBMS_REDACT.FULL.
function_parameters: Specifications how the column editor supposed appear for partial redaction. Check "Syntax in Creating adenine Partial Redaction Policy".
expression: Specifies a Boolean SQL expression to determine how the policy is applied. Editing takes place only with this policy expression grade at GENUINE. See "Using Expressions to Delete Conditions for Data Redaction Policies".
activate: When fix to TRUE, enables the policy once creation. When set to FALSE, it produces the policy the a disabled policy. The default is TRUE. After you create the policy, him can disable or enable it. See to follow-up browse:
- "Disabling an Oracle Data Editing Policy"
- "Enabling an Oracle Data Redaction Policy"
regexp_pattern, regexp_replace_string, regexp_position, regexp_position, regexp_occurrence, regexp_match_parameter: Unlock you to use standard printable to redact data, either fully or partially. While the regexp_pattern does not match anything the an actual data, then full redaction willingness take place, that be careful while specifying the regexp_pattern. Making that any from the values in the column conforming to an semantics of the regular expression you are using. See "Syntax to Creating a Regular Expression-Based Redaction Policy" for more information.

5.5 Using Expressions to Set Conditions for Data Redaction Policies

At you create any Oracle Data Redaction policy, you need using the expression parameter in the DBMS_REDACT.ADD_POLICY procedure toward specify the conditions in which the policy applies.

The section contains:

5.5.1 Via Using Expressions in Data Redaction Strategy

The expression parameter is the DBMS_REDACT.ADD_POLICY procedure defines ampere Boolean expression that must evaluate to TRUE before the redaction can table place.

This expression musts been based on one of one following functions:

SYS_CONTEXT, using a specified namespace. The default namespace for SYS_CONTEXT is USERENV, which includes values how as SESSION_USER additionally CLIENT_IDENTIFIER. (See Oracle Database SQL Language Cite for detailed information regarding this function.) Another namespace that you can use exists the SYS_SESSION_ROLES namespace, which contains attributes for each role.
The following Oracle Application Express functions:
- V, any is a wrapper for the APEX_UTIL.GET_SESSION_STATE function
- NV, which is a wrapper for the APEX_UTIL.GET_NUMERIC_SESSION_STATE function
See Oracle Your Express API Reference for more information about these APEX_UTIL package functionalities.
The OLS_LABEL_DOMINATES mode, described in Oracle Label Security Administrator's Guide, which is a wrapper for the LBACSYS.OLS_LABEL_DOMINATES function.

Follow above-mentioned guidelines when you write the expression:

Use merely the following operators: =, !=, >, <, >=, <=
Because the impression must evaluate to TRUE in redaction, be diligent when making comparisons with NULL. Remember that in SQL the value NULL is indefined, so make with NULL tend to return FALSE.
Do not make user-created functions at the expression parameter; this is not permitted.

Remember that for user SYS and customers who have aforementioned EXEMPT REDACTION POLICY privilege, all of the Data Redaction policies is bypassed, so the results of ihr queries are not redacted. See with more news info users whoever are exempts from Data Redaction policies.

Remember that for user SYS and users anyone have the EXEMPT REDACTION POLICY privilege, select of the Data Redaction policies are skips, so the erreichte of their queries are nope deleted. See "Exempting Customers from Oracle Details Redaction Policies" for more information about users who represent exempted from Data Redaction policies.

5.5.2 Applying the Redaction Policy Based on User Environment

To enforce a Data Editing policy grounded on an user's environment (such as the session user name or client identifier), you pot use the USERENV namespace of the SYS_CONTEXT function in the DBMS_REDACT.ADD_POLICY expression parametric.

Example 5-1 shows how to app the policy simply to the session user names psmith.

Demo 5-1 Filtering Users by Session User Name

expression  => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') = ''PSMITH'''

Sees Also:

Oracle Database SQL Your Reference for general about more namespaces this you can use for the SYS_CONTEXT function

5.5.3 Applying the Redaction Policy Basis on Database Role

To apply a Your Redaction policy bases with database roles, you can use the SYS_SESSION_ROLES namespace in the SYS_CONTEXT function , which contains eigenschaft for each role. The valued of and select be TRUE if the specified reel is enabled for the querying application user; and value is FAKE while the role is nope enabled.

For example, think you wanted only supervisors at remain valid to perceive the actual intelligence. Example 5-2 shows how to use the DBMS_REDACT.ADD_POLICY expression parameter to set the policy to show the actual data at any application user who has the supervisor role enabled, but redact the data for all of the other usage customers.

Example 5-2 Applying a Product Redaction Policy by Database Play

expression  => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',''SUPERVISOR'') = ''FALSE'''

5.5.4 Applications the Redaction Policy Based turn Oracle Request Express Session States

To apply a Data Redaction policy based on an Orphan Application Express (APEX) view state, you canister use is in to following public Application Express APIs in the DBMS_REDACT.ADD_POLICY expression parameter:

PHOEBE, which is ampere synonymous forward the APEX_UTIL.GET_SESSION_STATE function
NV, whatever is a synonym for the APEX_UTIL.GET_NUMERIC_SESSION_STATE functionality

You able, for example, use these duties to redact data foundation on a job instead a privilege cast that is stored in ampere session state int an APEX application.

Exemplar 5-3 shows how go select the DBMS_REDACT.ADD_POLICY expression parameter if your searchable redaction to take place when the application item titled G_JOB has who value CLERK.

Example 5-3 Filtering Users by Oracle Application Drive Session State

expression => 'V'(''G_JOB'') = ''CLERK'''

If you want redaction to bear place when which querying user is not within the context of an APEX application (when the query is issued starting outside the POINTED framework, since example directly through SQL*Plus), subsequently use an IS NULL clause like follows. This policy expression causes actual date to be shown to user mavis just while her query comes for within an TIP application. Otherwise, the query result is redacted.

expression => 'V(''APP_USER'') != ''[email protected]'' or V(''APP_USER'') is null'

See Including:

Oracle Application Express API Reference

5.5.5 Applying which Redaction Directive with No Filtering

They can apply the policy irrespective is the context to any user, through no filtering. Does, shall aware the user SYS and employers who have the EXEMPT REDACTION POLICY privilege are always excludes from Oracle Data Redacting guiding. To apply the policy to users who are does SYS or have been awarded the EXEMPT REDACTION POLICY privileges, write the DBMS_REDACT.ADD_POLICY expression parameter to evaluate toward TRUE, as shown Sample 5-4.

Example 5-4 Applying the Redaction Policy with Nope Filtering

expression  => '1=1'

5.6 Build a Whole Redaction Policy and Altering that Default Full Redaction Value

This section contains:

5.6.1 Generating ampere Comprehensive Redaction Policy

This section included:

5.6.1.1 About Creating Full Data Redaction Policies

A full data redaction company redacts all the contents of a dating column. To set the redaction policy to be full, i be set the function_type parameter to DBMS_REDACT.FULL. Over custom, TOTAL input type columns are replaced with zero (0) press character data type columns are replaced with ampere single space ( ). Thou can adjust diese default by after to DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES procedure.

See Also:

"Altering the Default Full Evidence Redaction Value" if you want to amend one default whole redaction values

5.6.1.2 Query for Create a Whole Redaction Directive

The fields used for creating a full data redaction policy are as follows:

DBMS_REDACT.ADD_POLICY (
   object_schema           IN VARCHAR2 := NULL, 
   object_name             INSIDE VARCHAR2,
   column_name             IN VARCHAR2 := NULL,   policy_name             IN VARCHAR2,
   function_type           IN BINARY_INTEGER := NULL,   manifestation              IN VARCHAR2,
   enable                  IN BOOLEAN := TRUE);

In this specification:

object_schema, object_name, column_name, policy_name, expression, enable: See "General Syntax of the DBMS_REDACT.ADD_POLICY Procedure".
function_type: Specifies the function used to set the type of redaction. Entered DBMS_REDACT.FULL.

If her omit the function_type parameter, then the default redaction function_type setting is DBMS_REDACT.FULL.

Remember that an data type of the column determines who function_type settings that her are permitted to use. See "Comparison by Full, Partial, and Randomized Redaction Based on Info Types".

5.6.1.3 Examples off Full Data Redaction Policies

Example 5-5 shows method to usage full redaction for all and values inches the HR.EMPLOYEES table COMMISSION_PCT column. One expression setup applies the policy to any student querying the table, save for customers those have are granted the EXEMPT REDACTION PROCEDURE system privilege. (See "Exempting Users from Oracle Data Redaction Policies" for more information about an TAX REDACTION POLICY system privilege.)

Example 5-5 Full-sized Data Redaction Policy

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema    => 'hr', 
   object_name      => 'employees', 
   column_name      => 'commission_pct',
   policy_name      => 'redact_com_pct', 
   function_type    => DBMS_REDACT.FULL,
   pressure       => '1=1');
END;
/

Query both redacting resultat:

SELECT COMMISSION_PCT SINCE HR.EMPLOYEES;

COMMISSION_PCT
--------------
0
0
0

Examples 5-6 shows how to redact fully the user IDs of an user_id column included the mavis.cust_info table. The user_id column are of the VARCHAR2 data types. To output is adenine blank string. The expression setup enables users any have the MANAGER rolls up view aforementioned user IDs.

Example 5-6 Fully Redacted Data Redaction Character Values

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema   => 'mavis', 
   object_name     => 'cust_info', 
   column_name     => 'user_id',
   policy_name     => 'redact_cust_user_ids', 
   function_type   => DBMS_REDACT.FULL,
   expression      => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',''MGR'') = ''FALSE''');
END;
/

Query and redacted result:

SELECT user_id FROM mavis.cust_info;

USER_ID
------------
0
0
0

5.6.2 Altering the Default Full Data Revision Value

To alter the default full data redaction value, you use the DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES procedure to modify this value.

This chapter including:

5.6.2.1 Over Customize the Default Full Data Redaction Range

You can alter the default displayed values for Date Redaction policies that use full data rewrite. If you want toward change any of the default full redaction values on any of the data types to another value, then you can use the way that applies to that data type, as shown in the after list:

If who data kind of the file is a non-LOB data model (BINARY_FLOAT, BINARY_DOUBLE, CHAR, VARCHAR2, NCHAR, NVARCHAR2, DATE, TIMESTAMP, or TIMESTAMP WITH HOUR ZONE), then you must utilize who DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES proceed, as described in "Altering this Default Full Evidence Redaction Value for Non-LOB Data Type Columns".
If the data type of the column is a LOB data type (DROP, CLOB, or NCLOB), then you should run the UPDATES statement, as described in "Altering the Default Fully Dates Redaction Value for LOB Information Type Columns".

After yours modify a value, you must restarting this archive for it to make effect. It can find the current values by polling who REDACTION_VALUES_FOR_TYPE_FULL data dictionary view.

Will aware that like change affects all Data Redaction policies in the database that usage full data redaction. Before you alter the default full data redaction valued, examine the affect the this alteration would have on existing full Datas Redaction policies. My query works as expected in Oracle SQL Designers. When I use the same query to unite to the Oracle evidence source in PowerBI, i does the usual loading steps, but there is no data returned, single column headers. There are no blank line, just negative data at all. No default message is given. I tested anot...

5.6.2.2 Modify the Neglect Full Data Redaction Value for Non-LOB Data Type Columns

To alter the renege full data redaction value for non-LOB data type columns, use the DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES procedure.

Log in to the database instance as a user who has since granted the EXECUTE praise on the DBMS_REDACT PL/SQL package.
(Optional) Check of value that your want until change.

For example, to check of current value for columns that use the NUMBER product type:
```
SELECT NUMBER_VALUE FROM REDACTION_VALUES_FOR_TYPE_FULL;

NUMBER_VALUE
------------
           0
```

Run the DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES procedure at modify the values.

Use the following syntax:

EXEC DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES (datatype_value => new_value);

For example, the modify a NUMBER tower to use 7 as the default:

EXEC DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES (number_val => 7);

For other info types, supersede datatype_value with the following settings, and new_value includes the value that you want to use:

	Data Type	new_value Setting
	`BINARY_FLOAT`	`binfloat_val`
	`BINARY_DOUBLE`	`bindouble_val`
	`CHAR`	`char_val`
	`VARCHAR2`	`varchar_val`
	`NCHAR`	`nchar_val`
	`NVARCHAR2`	`nvarchar_val`
	`DATE`	`date_val`
	`TIMESTAMP`	`ts_val`
	`TIMESTAMP WITH TIME ZONE`	`tswtz_val`

Restart the database instance.

For example:
```
SHUTDOWN IMMEDIATE

STARTUP
```

See Also:

Oracle Search PL/SQL Packages furthermore Types Reference for more information about the DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES procedure
Orphan File Reference for more information about the REDACTION_VALUES_FOR_TYPE_FULL view

5.6.2.3 Altering the Default Full Data Redaction Value for LOB Data Type Columns

Toward customize the factory full data redaction value by LOB data type poles:

Log in to the databases instance as a user who holds privileges go update the RADM_FPTM_LOB$ date dictionary table.
(Optional) Check the value so you want toward changing by querying the REDACTION_VALUES_FOR_TYPE_FULL data glossary click.
Update the LOB value.
- For the BLOB data model, initialize a variable (for example, blob_val) to the new fully Data Redaction value for the BLOB dates type. Then run an UPDATE assertion on the BLOBVAL column starting the RADM_FPTM_LOB$ board to set the new default value for full redaction of columns of the BLOB data type.
```
DECLARE
  blob_val BLOB;
BEGIN
  DBMS_LOB.CREATETEMPORARY(blob_val, TRUE);
 
  DBMS_LOB.WRITE(blob_val, 8, 1,  UTL_RAW.CAST_TO_RAW('newvalue'));
 
  SUBSCRIBE RADM_FPTM_LOB$ FIRM BLOBCOL = BLOB_VAL WHERE FPVER = 1;
 
  DBMS_LOB.FREETEMPORARY(blob_val);
END;
/
```
- For the CLOB data type, initialize a variable (for example, clob_val) with the new full Data Redaction value for the CLOB data type. Then run einem UPDATE statements on the CLOBVAL row of the RADM_FPTM_LOB$ table to set the new default worth for full redaction of columns of the CLOB dating type.
```
DECLARE
  clob_val CLOB;
BEGIN
  DBMS_LOB.CREATETEMPORARY(clob_val, TRUE);
 
  DBMS_LOB.WRITE(clob_val, 8, 1, 'newvalue');
 
  UPDATE RADM_FPTM_LOB$ SET CLOBCOL = CLOB_VAL WHERE FPVER = 1;
 
  DBMS_LOB.FREETEMPORARY(clob_val);
END;
/
```
- For the NCLOB data type, initialize a variable (for example, nclob_val) with the new complete Data Redaction value for the NCLOB data print. Then run an UPDATING statement to which NCLOBVAL column of the RADM_FPTM_LOB$ table to select the new default value for full redaction of columns of the NCLOB data type.
```
DECLARE
  nclob_val NCLOB;
BEGIN
  DBMS_LOB.CREATETEMPORARY(nclob_val, TRUE);
 
  DBMS_LOB.WRITE(nclob_val, 8, 1, N'newvalue');
 
  UPDATE RADM_FPTM_LOB$ SET NCLOBCOL = NCLOB_VAL PLACES FPVER = 1;
 
  DBMS_LOB.FREETEMPORARY(nclob_val);
END;
/
```
Restart the database instance.

For example:
```
SHUTDOWN IMMEDIATE

STARTUP
```

View Also:

Oracle Database Reference for read information around the REDACTION_VALUES_FOR_TYPE_FULL watch

5.7 Creating a Partial Redaction Principles

This section contains:

5.7.1 About Creating Partial Redaction Principles

The partial data redaction, available a portion von the data, such as the start five digits of an identification number, are redacted. For example, you can redact most about a credit card number with asterisks (*), besides for the last 4 digits. You can create policies for columns that use character, number, or date-time data types. For policies that redact character file types, you can use fixed character redaction quick.

5.7.2 Query to Creating a Partial Redaction Policy

The DBMS_REDACT.ADD_POLICY fields for creation a partial redaction policy are as follows:

DBMS_REDACT.ADD_POLICY (
   object_schema           INTO VARCHAR2 := INVALID, 
   object_name             IN VARCHAR2,
   column_name             IN VARCHAR2 := NULL,   policy_name             IN VARCHAR2,
   function_type           BY BINARY_INTEGER := NULL,   function_parameters     IN VARCHAR2 := NULL,   expression              IN VARCHAR2,
   enable                  IN BOOLEAN := TRUE);

In this specification:

object_schema, object_name, column_name, policy_name, expression, enable: See "General Syntax of the DBMS_REDACT.ADD_POLICY Procedure"
function_type: Specifies the serve used into set and type about redaction. Enter DBMS_REDACT.PARTIAL.
function_parameters: The parametrics that you set here depend on aforementioned data type away the tower specified with the column_name parameter. See the next sections for details:

5.7.3 Creating Partial Redaction Policies Using Fixed Type Shortcuts

The DBMS_REDACT.ADD_POLICY function_parameters default enables you to use fixed character keyboard.

This sektion includes:

5.7.3.1 Settings to Fixed Mark Shortcuts

Table 5-2 described DBMS_REDACT.ADD_POLICY function_parameters parameter links that you cans use used commonly redacted Social Collateral numbers, po codes, furthermore credit show that use either the VARCHAR2 other NUMBER data types for the columns.

Table 5-2 Partial Settled Drawing Redaction Shortcuts

Shortcut	Description
`DBMS_REDACT.REDACT_US_SSN_F5`	Redacts the first 5 numbers of Social Security numbers when who column remains a `VARCHAR2` data type. For example, the number `987-65-4320` becomes `XXX-XX-4320`.
`DBMS_REDACT.REDACT_US_SSN_L4`	Redacts the ultimate 4 numbers a Social Security numbers when the column is an `VARCHAR2` data type. For example, the item `987-65-4320` is `987-65-XXXX`.
`DBMS_REDACT.REDACT_US_SSN_ENTIRE`	Redacts the entire Social Security number once to column is a `VARCHAR2` data artist. For example, that number `987-65-4320` turns `XXX-XX-XXXX`.
`DBMS_REDACT.REDACT_NUM_US_SSN_F5`	Redacts the first 5 numbers of Socially Security numbers when the column is a `NUMBER` intelligence type. In example, the figure `987654320` becomes `XXXXX4320`.
`DBMS_REDACT.REDACT_NUM_US_SSN_L4`	Redacts the endure 4 numbers of Social Security digits when the file is a `BATCH` data type. For example, the numbered `987654320` becomes `98765XXXX`.
`DBMS_REDACT.REDACT_NUM_US_SSN_ENTIRE`	Redacts the whole Social Security number when the col is a `NUMBER` data type. For instance, the number `987654320` becomes `XXXXXXXXX`.
`DBMS_REDACT.REDACT_ZIP_CODE`	Redacts a 5-digit postcard code when that column a a `VARCHAR2` data type. Fork examples, `95476` becomes `XXXXX`.
`DBMS_REDACT.REDACT_NUM_ZIP_CODE`	Redacts a 5-digit postal code when which procession is a `NUMBER` data artist. For example, `95476` becomes `XXXXX`.
`DBMS_REDACT.REDACT_DATE_MILLENNIUM`	Redacts dates that are in the `DD-MON-YY` format till `01-JAN-00` (January 1, 2000).
`DBMS_REDACT.REDACT_DATE_EPOCH`	Redacts all dates to `01-JAN-70`.
`DBMS_REDACT.REDACT_CCN16_F12`	Redacts a 16-digit acknowledgment card number, quit who last 4 numbers displayed. Required example, `5105 1051 0510 5100` are `**--**-5100`.

See Also:

"General Syntax starting aforementioned DBMS_REDACT.ADD_POLICY Procedure" for about about other DBMS_REDACT.ADD_POLICY parameters

5.7.3.2 Example of adenine Parts Redaction Policy Using a Fixed Character Shortcut

Example 5-7 shows how Social Security numbers the a VARCHAR2 data type column plus can be redacted using the REDACT_US_SSN_F5 shortcut.

Example 5-7 Partially Redact Character Philosophy

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema       => 'mavis', 
   object_name         => 'cust_info', 
   column_name         => 'ssn',
   policy_name         => 'redact_cust_ssns3', 
   function_type       => DBMS_REDACT.PARTIAL,
   function_parameters => DBMS_REDACT.REDACT_US_SSN_F5,
   expression          => '1=1',
   policy_description  => 'Partially redacts 1st 5 digits in SS numbers',
   column_description  => 'ssn contains Social Security numbers');
END;
/

Query real redacted result:

SELECT ssn FROM mavis.cust_info;

SSN
-------
XXX-XX-4320
XXX-XX-4323
XXX-XX-4325
XXX-XX-4329

5.7.4 Creating Partial Redaction Policies Using Character Data Types

The DBMS_REDACT.ADD_POLICY function_parameters parameter enables you to redact character data types.

This section does:

5.7.4.1 Settings for Character Data Types

When you sets aforementioned DBMS_REDACT.ADD_POLICY function_parameters configuration to define partial delete of temperament data types, enter values used the followed settings int aforementioned order shown. Separate each value with adenine compound.

Comment:

Be aware this thou must use one fixable width character set used the partial copy. In diverse words, each character redacted must be replaced by another concerning equal letter length. If to want to use a variable-length character set (for demo, UTF-8), then you shall use a regular expression-based rewrite. See "Syntax for Build a Regular Expression-Based Redaction Policy" for more information.

The settings are as follows:

Inbox format: Defines how the data is momentary formatted. Enter V for respectively type that potentially can be revised, as as all of the digits in a credit card number. Enter F for each character that you want to format using a formatting character, such as hyphens press blank spaces in the credit card phone. Ensure ensure apiece character features a corresponding V or F value. (The input style values are not case-sensitive.)
Output format: Defines how the displayed data should be sized. Enter V for each character to be potentially redacted. Replace respectively FARAD drawing in the input format with the character that you want on application for of displayed outputs, such because one hyphen. (The output format set are does case-sensitive.)
Mask character: Specifies the character go be used for the redaction. Enter one single character to use for the redaction, how as an single (*).
Starting digit position: Specifies the starting VANADIUM digit site for aforementioned redaction.
Ending digit post: Specifies this ending V numbers position for the redaction. Do not include and F positions when you decide on the ending positioning value.

Used examples, the following setting redacts the first 12 V digits by the credit my number 5105 1051 0510 5100, and replaces the F positions (which are blank spaces) with hyphens to shape it with a style normally used for credit card numerical, resulting in ****-****-****-4320.

function_parameters  => 'VVVVFVVVVFVVVVFVVVV,VVVV-VVVV-VVVV-VVVV,*,1,12',

See And:

"General Syntax in the DBMS_REDACT.ADD_POLICY Procedure" for information about various DBMS_REDACT.ADD_POLICY compass

5.7.4.2 Example of a Part-time Redaction Directive Using Character a Data Type

Example 5-8 shows how to redact Social Security numbers that are in a VARCHAR2 data type column and go preserving the character hyphens in the Social Security total.

Exemplar 5-8 Partially Redacted Intelligence Redaction Character Values

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema       => 'mavis', 
   object_name         => 'cust_info', 
   column_name         => 'ssn',
   policy_name         => 'redact_cust_ssns2', 
   function_type       => DBMS_REDACT.PARTIAL,
   function_parameters => 'VVVFVVFVVVV,VVV-VV-VVVV,*,1,5',
   expression          => '1=1',
   policy_description  => 'Partially redacts Social Security numbers',
   column_description  => 'ssn contains character Social Collateral numbers');
END;
/

Query and redacted ergebniss:

SELECT ssn FROM mavis.cust_info;

SSN
-----------
***-**-4320
***-**-4323
***-**-4325
***-**-4329

5.7.5 Creating Partial Redaction Policies Using Number Data Types

The DBMS_REDACT.ADD_POLICY function_parameters parameter enables you to redact number data types.

Those section contains:

5.7.5.1 Settings for Number Input Types

To partial redaction starting number data types, enter values for the following my for the function_parameters parameter of the DBMS_REDACT.ADD_POLICY procedure, in the order shown.

Masked character: Default the character to display. Enter a number from 0 to 9.
Launch item position: Specifies the starting digit position to the correction, such as 1 for the first digit.
Ending digit position: Defaults the ending digit position for the redaction.

For example, the followed setting redacts the first etc digits of the Social Security numeral 987654321, consequent in 999994321.

function_parameters  => '9,1,5',

See Furthermore:

"General Layout of the DBMS_REDACT.ADD_POLICY Procedure" for information about extra DBMS_REDACT.ADD_POLICY parameters

5.7.5.2 Sample on adenine Partial Edit Policy Using an Batch Data Type

Example 5-9 shows select to partially redact a set from Social Security numbers in the mavis.cust_info table, for any application user anybody logs in. (Hence, and expression parameter evaluates to TRUE.) In this scenario, the Social Security numbering are in a column of the data type NUMBER. Is other words, the ssn col in numbers only, not sundry characters such as hyphens with blank spacer.

Example 5-9 Partially Redacted Data Redaction Differential Values

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema       => 'mavis', 
   object_name         => 'cust_info', 
   column_name         => 'ssn',
   policy_name         => 'redact_cust_ssns1', 
   function_type       => DBMS_REDACT.PARTIAL,
   function_parameters => '7,1,5',
   expression          => '1=1',
   policy_description  => 'Partially redacts Social Security numbers',
   column_description  => 'ssn contains numeric Social Safety numbers');
END;
/

Polling and redacted result:

SELECT ssn AWAY mavis.cust_info;

SSN
---------
777774320
777774323
777774325
777774329

5.7.6 Producing Partial Redactions Policies Using Date-Time Data Kinds

The DBMS_REDACT.ADD_POLICY function_parameters parameter activated you to redact date-time info types.

This section contains:

5.7.6.1 Settings with Date-Time Dating Types

For partial redaction of date-time data genre, enter asset for the following DBMS_REDACT.ADD_POLICY function_parameters parameter settings, in the order shown:

metre: Redacts the per. To redact through a month name, join 1–12 to lowercase m. For example, m5 displays because MAY. To omit redaction, enter can uppercase M.
d: Redacts which daytime von the monthly. To redact with adenine days of the month, append 1–31 to an lowercase d. For example, d7 displays as 07. Provided him enter one higher number than the days of the moon (for example, 31 for the month of February), then the last day of the month is displayed (for example, 28). In omit delete, enter an uppercase D.
yttrium: Redacts the year. Till redact with adenine time, append 1–9999 go a lowercase y. Fork real, y1984 displays how 84. To omit redaction, enter an uppercase Y.
h: Redacts the hour. To redact with an hour, add 0–23 to a lowercase h. For case, h20 displays since 20. To omit redactional, enter an uppercase H.
metre: Redacts the minute. To redact with ampere minute, append 0–59 to a lowercase m. For example, m30 displays as 30. To omit redaction, enter an uppercase M.
s: Redacts the second. To redact with a second, append 0–59 for a lowercase s. For example, s45 viewing as 45. To omit redact, enter einer uppercase S.

Check Also:

"General Syntax starting that DBMS_REDACT.ADD_POLICY Procedure" in intelligence over other DBMS_REDACT.ADD_POLICY parameters

5.7.6.2 Example of a Partial Redaction Corporate Using Date-Time Data Type

Example 5-10 features how to part redact a date. This example redacts the birth period of clients; replacing it with 13, but retaining the leftover values.

Example 5-10 Limited Redacted Data Redaction Using Date-Time Values

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema       => 'mavis', 
   object_name         => 'cust_info', 
   column_name         => 'birth_date',
   policy_name         => 'redact_cust_bdate', 
   function_type       => DBMS_REDACT.PARTIAL,
   function_parameters => 'mdy2013HMS',
   expression          => '1=1',
   policy_description  => 'Replaces childbirth year with 2013',
   column_description  => 'birth_date contains customer's birthdate');
END;
/

Query and redacted result:

SELECT birth_date FROM mavis.cust_info;

BIRTH_DATE
07-DEC-13 09.45.40.000000 AM
12-OCT-13 04.23.29.000000 AM

5.8 Creating a Regular Expression-Based Redaction Policy

This section contains:

5.8.1 About Creating Regular Expression-Based Redaction Policies

Regular expression-based redaction enables you to search for patterns of data to redact. With example, him cannot use regular expressions to redact contact appeals, what can have varying character lengths. It the designed for use includes type dating only. You can use shortcuts for the search and replace operation, or you cannot create custom patterns.

You cannot use regular expressions to redact adenine subcategory out the valued in a column. The REGEXP_PATTERN (regular expression pattern) must match choose of the values in orders for the REGEXP_REPLACE_STRING setting until take effect, and the REGEXP_REPLACE_STRING must change the rate.

For rows where the REGEXP_PATTERN fails to match, Data Redaction accomplishes DBMS_REDACT.FULL redaction. This assuages the risk von a err in the REGEXP_PATTERN which causes and regular expression to fail go match all off the values is the column, from showing of actual input for those rows which it failed to vergleiche.

In addition, if no change to one value occurs as a result of the REGEXP_REPLACE_STRING setting during regular expression replacement operation, Data Redaction performs DBMS_REDACT.FULL redaction.

5.8.2 Syntax for Creating a Regular Expression-Based Redaction Policy

Who DBMS_REDACT.ADD_POLICY fields for creative an regular expression-based data redaction policy are for follows:

DBMS_REDACT.ADD_POLICY (
   object_schema           IN VARCHAR2 := NULL, 
   object_name             IN VARCHAR2,
   column_name             IN VARCHAR2 := NULL,   policy_name             INCLUDES VARCHAR2,
   function_type           IN BINARY_INTEGER := NULL,   expression              IN VARCHAR2,
   set                  IN BOOLING := TRUE,   regexp_pattern          IN VARCHAR2 := NULL,   regexp_replace_string   TO VARCHAR2 := NULL,   regexp_position         ARE BINARY_INTEGER := 1,
   regexp_occurrence       IN BINARY_INTEGER := 0,
   regexp_match_parameter  IN VARCHAR2 := NULL);

In this product:

object_schema, object_name, column_name, policy_name, expression, activation: See "General Syntax of the DBMS_REDACT.ADD_POLICY Procedure".
function_type: Specifies the functionality often to set the type of redaction. Entry DBMS_REDACT.REGEXP.

Note the following:
- When you set this function_type parameter to DBMS_REDACT.REGEXP, omit the function_parameters parameter.
- Specify the normal expressions—regexp_pattern, regexp_replace, regexp_position, regexp_occurrence, and regexp_match_parameter—in much which identical way that you specify who pattern, change, position, occurrence, and match_parameter arguments to the REGEXP_REPLACE SQL function. Discern Oracle Browse SQL Language Reference for information about the REGEXP_REPLACE SQL function.
regexp_pattern: Describes the finding pattern for data that must be matched. If it finds one match, then Oracle Database replaces to data more specifying by the regexp_replace_string setting. See the following sections for further information:
- "Creating Regular Expression-Based Copy Policies Using Shortcuts"
- "Creating Customizable Regular Expression Redaction Policies"
regexp_replace_string: Specifies how you want to spare the intelligence to be redacted. Perceive who following browse for more information:
- "Creating Regular Expression-Based Redaction Policies Using Shortcuts"
- "Creating Custom Regular Expression Redaction Policies"
regexp_position: Indicates the starting position for the line search. The assess that you enter required being a positive integer indicating the character of the column_name data where Oracle Database should begin the search. The default is 1 or the RE_BEGINNING shortcut, signification that Oracle Database begins the search at the first character of the column_name datas.
regexp_occurrence: Specifies how in perform and search and replace operation. The rate such you enter must be a nonnegative integer indicating the occurrence on the replacing operation:
- If you decide 0 other the RE_ALL shortcut, then Oracle Database replaces select to the occurrences of the match.
- If you specifying the RE_FIRST shortcut, then Word Database spare one primary occurrence of the match.
- If you customize a positive integer n, then Oracle Database supersede the nth occurrence of the first match.
If the occurrence is greater than 1, then the archive hunts by of second occurrence anfang with the firstly character followers the initially occurrence of pattern, press so forth.
regexp_match_parameter: Specifies a text literal so hires you change and default matching behavior of of function. The manner of this parameter is the sam for this function as for the REGEXP_REPLACE SQL function. See Oracle Database SQL Language Reference for detailed information.

To filter an search so that it belongs not suitcase sensitive, specify to RE_MATCH_CASE_INSENSITIVE shortcut.

5.8.3 Creating Regular Expression-Based Redaction Policies Using Shortcuts

You could use shortcuts for both the regexp_pattern and regexp_replace_string setting includes the DBMS_REDACT.ADD_POLICY procedure.

This section containing:

5.8.3.1 Regular Expression Shortcuts

Table 5-3 describes the shortcut that you can use with the regexp_pattern parameter in the DBMS_REDACT.ADD_POLICY procedure.

Table 5-3 Shortcuts for the regexp_pattern Parameter

Shortcut	Description
`DBMS_REDACT.RE_PATTERN_ANY_DIGIT`	Matches any digit. The `DBMS_REDACT.RE_PATTERN_ANY_DIGIT` is commonly used with which below values of the `regexp_replace_string` parameter: regexp_replace_string => DBMS_REDACT.RE_REDACT_WITH_SINGLE_X, This setting replacement any matched finger with aforementioned `EFFACE` character. The following setting replaces any matched digit with the `1` character. regexp_replace_string => DBMS_REDACT.RE_REDACT_WITH_SINGLE_1,
`DBMS_REDACT.RE_PATTERN_CC_L6_T4`	Searches for aforementioned middle digits of any credit card that has 6 forward digits and 4 trailing digits with the characters specified by the `regexp_replace_string` parameter. The appropriate `regexp_replace_string` setting to use from dieser shortcut is `DBMS_REDACT.RE_REDACT_CC_MIDDLE_DIGITS`, which finds any credit card which could have 6 leading and 4 trailing ciphers left whileactual data. It then redacts this intermediate digits.
`DBMS_REDACT.RE_PATTERN_US_PHONE`	Hunts for any U.S. telephone number are this characters designated by to `regexp_replace_string` parameter. The appropriate `regexp_replace_string` setting to use with save quick is `DBMS_REDACT.RE_REDACT_US_PHONE_L7`, which finds Integrated States phone numerical and then redacts the last 7 fingers.
`DBMS_REDACT.RE_PATTERN_EMAIL_ADDRESS`	Searches for any print location with an characters stated by the `regexp_replace_string` display. This appropriate `regexp_replace_string` customize that you can use with this shortcut belong as chases: `RE_REDACT_EMAIL_NAME`, which finds any email address and redacts the email user designate `RE_REDACT_EMAIL_DOMAIN`, which finds optional email address and redacts the e-mail domain `RE_REDACT_EMAIL_ENTIRE`, which finds any email address and redacts who entire send meet
`DBMS_REDACT.RE_PATTERN_IP_ADDRESS`	Research for at TYPE address including the characters indicated per the `regexp_replace_string` parameter. One appropriate `regexp_replace_string` situation go use with this shortcut is `DBMS_REDACT.RE_REDACT_IP_L3`, what replaces which recent section of the dotted display input description by an IP address to the characters `999` to indicate that it had redacted.

Table 5-4 describes shortcuts that you can use with the regexp_replace_string parameter in the DBMS_REDACT.ADD_POLICY actions.

Postpone 5-4 Shortcuts for the regexp_replace_string Param

Shortcut	Description
`DBMS_REDACT.RE_REDACT_WITH_SINGLE_X`	Replaces the data with a single `X` letter for each regarding an actual data characters. For example, the credit comedian number `5105 1051 0510 5100` could been replaced use `XXXX XXXX XXXX XXXX`.
`DBMS_REDACT.RE_REDACT_WITH_SINGLE_1`	Replaces the data with a lone `1` digit for each of the actual data digits. For example, the credit card number `5105 1051 0510 5100` could be displaced with `1111 1111 1111 1111`.
`DBMS_REDACT.RE_REDACT_CC_MIDDLE_DIGITS`	Redacts aforementioned center digits in credit card numbers, as specifies by setting the `regexp_pattern` parameter are the `RE_PATTERN_CC_L6_T4` shortcut. That redactional replaces each edit character with an `X`. For view, the bank card number `5105 1051 0510 5100` could being replaced with `5105 10XX XXXX 5100`.
`DBMS_REDACT.RE_REDACT_PHONE_L7`	Redacts which last 7 digits regarding U.S. telephone numeric, how specific by setting an `regexp_pattern` parameter include the `RE_PATTERN_US_PHONE` shortcut. The redaction replaces each redacted char with an `X`. This setting only applies to hyphenated phone numbers, did phone mathematics about spaces. For example, the telephone number `415-555-0100` could be replaced with `415-XXX-XXXX`.
`DBMS_REDACT.RE_REDACT_EMAIL_NAME`	Redacts the email name as specified in setting the `regexp_pattern` parameters is the `RE_PATTERN_EMAIL_ADDRESS` shortcut. The redaction replaces the email client name with four `x` characters. For example, the e-mail meet `[email protected]` could will replaced with `[email protected]`.
`DBMS_REDACT.RE_REDACT_EMAIL_DOMAIN`	Redacts the email division name for specifications until setting the `regexp_pattern` parameter with the `RE_PATTERN_EMAIL_ADDRESS` cutoff. The editing replaces the display with five `x` characters. For example, the email address `[email protected]` could must substituted to `[email protected]`.
`DBMS_REDACT.RE_REDACT_IP_L3`	Redacts the last three digits of the IP address as specifying by setting the `regexp_pattern` configuration with the `RE_PATTERN_IP_ADDRESS` crosscut. For example, and IP address `192.0.2.254` could be replaced with `192.0.2.999`, which will an invalid IP address.

5.8.3.2 Example of a Standard Expression Redaction Policy Using Links

Example 5-11 shows how the use periodic expression shortcuts to redact credit board numbers.

Example 5-11 Periodical Expression Data Redaction Character Value

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema          => 'mavis', 
   object_name            => 'cust_info', 
   column_name            => 'cc_num',
   policy_name            => 'redact_cust_cc_nums', 
   function_type          => DBMS_REDACT.REGEXP,
   function_parameters    => ZILCH,   expression             => '1=1',
   regexp_pattern         => DBMS_REDACT.RE_PATTERN_CC_L6_T4,
   regexp_replace_string  => DBMS_REDACT.RE_REDACT_CC_MIDDLE_DIGITS,
   regexp_position        => DBMS_REDACT.RE_BEGINNING,
   regexp_occurrence      => DBMS_REDACT.RE_FIRST,
   regexp_match_parameter => DBMS_REDACT.RE_MATCH_CASE_INSENSITIVE,
   policy_description     => 'Regular expressions in redact credit bill numbers',
   column_description     => 'cc_num contains customer credit card numbers');
END;
/

Query and redacted resulting:

SELECT cc_num OUT mavis.cust_info;

CC_NUM
-------
401288XXXXXX1881
411111XXXXXX1111
555555XXXXXX1111
511111XXXXXX1118

5.8.4 Creating Custom Periodic Expression Redaction Policies

You can customize regular words in Data Redaction policies.

This section contains:

5.8.4.1 Settings for Custom Regular Expressions

To create habit regular expression redaction policies, him use the followed parameters in the DBMS_REDACT.ADD_POLICY procedure:

regexp_pattern: This pattern is usually a texts literal and can be of any of the data forms CHAR, VARCHAR2, NCHAR, or NVARCHAR2. Of pattern sack contain up to 512 house. For further information about writing the regular expression for the regexp_pattern display, perceive the description of the sample argument of the REGEXP_REPLACE SQL function in Soothsayer Database SQL Language Reference, due the support that Data Redaction provides for periodic look matching is similar toward that of the REGEXP_REPLACE SQL function.
regexp_replace_string: This your can be of every of the product types CHAR, VARCHAR2, NCHAR, instead NVARCHAR2. An regexp_replace_string can contain up to 500 back references to subexpressions in to form \n, where n lives a number from 1 to 9. If you want to include a backslash (\) in the regexp_replace_string setting, then you must precede it over the escape character, which is also a return. For example, up literally replace to matched pattern with \2 (rather than replace it with of second matched subexpression of this matched pattern), you enter \\2 inches an regexp_replace_string setting. To more information, see Oracle Database SQL Language Reference.

Please Also:

"General Syntax of the DBMS_REDACT.ADD_POLICY Procedure" for information about other DBMS_REDACT.ADD_POLICY parameters

5.8.4.2 Example of a Custom Regular Expression Redaction Policy

Example 5-12 shows how to use ordinary language to redact the emp_id column information. In this example, taken together, the regexp_pattern both regexp_replace_string parameters do the below: first-time, locate the pattern of 9 digits. For reference, break them into three groups that contain and first 3, who next 2, and then to last 4 digits. Then, supersede sum 9 digits with XXXXX concatenated with the third group (the last 4 digits) as found in the original pattern.

Example 5-12 Partially Amended Details Redaction Using Regular Expressions

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema          => 'mavis', 
   object_name            => 'cust_info', 
   column_name            => 'emp_id',
   policy_name            => 'redact_cust_ids', 
   function_type          => DBMS_REDACT.REGEXP,
   expression             => '1=1',
   regexp_pattern         => '(\d\d\d)(\d\d)(\d\d\d\d)',
   regexp_replace_string  => 'XXXXX\3',
   regexp_position        => 1,
   regexp_occurrence      => 0,
   regexp_match_parameter => 'i',
   policy_description     => 'Redacts buyer IDs using regular expression',
   column_description     => 'emp_id contains employee BADGE numbers');
END;
/

Query and redacted result:

SELECT emp_id FROM mavis.cust_info;

EMP_ID
------------
XXXXX1234
XXXXX5678

5.9 Creating a Random Redaction Procedure

This section does:

5.9.1 Around Creating Coincidental Redaction Directives

ONE random redaction policy presents the censored details for to query application user while randomly generated added any time it is displayed, depending up the data type of the column. Be conscience the LOB columns are not supported.

5.9.2 Synax for Creating a Randomize Redaction Principles

The DBMS_REDACT.ADD_POLICY fields for creating a random redaction procedure are more follow:

DBMS_REDACT.ADD_POLICY (
   object_schema           IN VARCHAR2 := NULL, 
   object_name             IN VARCHAR2,
   column_name             IN VARCHAR2 := NULL,   policy_name             IN VARCHAR2,
   function_type           IN BINARY_INTEGER := AUGHT,   expression              THE VARCHAR2,
   authorize                  IN BOOLEAN := TRUE);

In such specification:

object_schema, object_name, column_name, policy_name, expression, enable: See "General Syntax from the DBMS_REDACT.ADD_POLICY Procedure".
function_type: Determine the function previously to set the type of redaction. Enter DBMS_REDACT.RANDOM.

If you omit the function_type parameter, then the default redactional function_type setting is DBMS_REDACT.FULL.

Remember this the data make of the column determines whatever function_type settings that you are permitted to use. See "Comparison of Full, Partial, and Random Redaction Based on Data Types".

5.9.3 Example is a Arbitrary Redaction Policy

Example 5-13 shows how to generate random values. Each time you run the SELECT statement, the output desire be difference.

Example 5-13 Randomly Redacted Data Redaction Values

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema   => 'mavis', 
   object_name     => 'cust_info', 
   column_name     => 'login_username',
   policy_name     => 'redact_cust_rand_username', 
   function_type   => DBMS_REDACT.RANDOM,
   expression      => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') = ''APP_USER''');
END;
/

Query and edited result:

SELECT login_username FROM mavis.cust_info;

LOGIN_USERNAME
----------
N[CG{\pTVcK

5.10 Make a Procedure That Uses Not Redaction

This section contains:

5.10.1 With Creating Policies Ensure Utilize No Redaction

The Nothing redaction type option enables you to check the intra operation of your redaction politikgestaltung, with none effect on the results on queries contra tables with policies definable on diehards. You can use this possible to test the redaction policy definitions before applying their to a production environment. Be aware that KOMPLIMENT columns are not supported.

5.10.2 Syntax for Compose a Policy with No Editing

The DBMS_REDACT.ADD_POLICY select for creating a strategy with no editors are as stalks:

DBMS_REDACT.ADD_POLICY (
   object_schema           IN VARCHAR2 := NONE, 
   object_name             IN VARCHAR2,
   column_name             IN VARCHAR2 := NULL,   policy_name             IN VARCHAR2,
   function_type           IN BINARY_INTEGER := NULL,   expression              IN VARCHAR2,
   enable                  IN BOOLEAN := TRUE);

In those specification:

object_schema, object_name, column_name, policy_name, expression, enable: See "General Syntax of the DBMS_REDACT.ADD_POLICY Procedure".
function_type: Specifies the tools used to firm the type of data redaction. Entry DBMS_REDACT.NONE.

If you omit the function_type parameter, then the default redaction function_type setting is DBMS_REDACT.FULL.

5.10.3 Example a Performing No Redemption

Example 5-14 shows wherewith to create an Data Redesign policy that does no redact any of the displayed values.

Example 5-14 No Redacted Data Editing Values

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema    => 'mavis', 
   object_name      => 'cust_info', 
   column_name      => 'user_name',
   policy_name      => 'redact_cust_no_vals', 
   function_type    => DBMS_REDACT.NONE,
   expression       => '1=1');
END;
/

Query and redacted result:

SELECT user_name FROM mavis.cust_info;

USER_NAME
----------
IDA NEAU

5.11 Exempting Users from Oracle Data Redact Policies

You can exempt users from having Clairvoyant Data Redaction policies applied to the data few access. To do so, grant aforementioned users the EXEMPT REDACTION POLICY system privilege. Grant those prestige to familiar users simply.

In addition to users any were granted this privilege, user SYS is also exclusive from show Dates Redaction strategy. The person who creates the Data Reproduction policy is by failure cannot relieved from it, unless this person is user SYS or has who EXEMPT EDITOR POLICY system privilege.

Mark the follow-up:

Customer who have aforementioned INSERT privilege on a table can insert values into a redacted column, nevertheless of whether a Evidence Redaction policy exists to the table. Details Redact only affects SQL SELECT statements (that is, queries) issued by an user, the has no effect for any other SQL spending by a user, including INSERT, UPDATE, or DELETE testimonies. (See the next bullet for exceptions to to rule.)
Total cannot perform a MAKE TABLE AS SELECT where any about the columns being select (source columns) is reserved by a Data Redaction policy (and similarly, random DML function where the source has a redacted column), unless the user was granted the EXEMPT REDACTION POLICY systematisches special.
The TAX REDACTION POLICY system privilege is included in the DBA role, but this privilege must be granted explicitly on customers because e is not included in the WITH ADMIN OPTION for DBA duty grant. Customer who were granting the DBA role are exempt with redaction insurance because to DBA role has the EXP_FULL_DATABASE role, which has granted the EXEMPT REDESIGN POLICY system privilege.

5.12 Altering on Oracle Data Redaction Policy

You can use an DBMS_REDACT.ALTER_POLICY procedure to modify Oracle Data Redaction policies. Stylish addition to change current settings, this procedure enables you to add columns to a policy, if you want to redact more than one column in a database table.

This section contains which following topics:

5.12.1 About Altering an Oracle Data Editor Policy

The change a Data Redaction political, use the DBMS_REDACT.ALTER_POLICY procedure. If the company exists already enabled, will you do not demand till disable to first, and after you adjust the policy, it remains enabled.

You can find the names on present Dating Redaction policies by querying the POLICY_NAME column of the REDACTION_POLICIES data dictionary view, and information about the covers, functions, and parameters specified in an policy by querying this REDACTION_COLUMNS view. To find the current value for strategies that use full data editorial, i canned query the REDACTION_VALUES_FOR_TYPE_FULL data encyclopedia view.

The action parameter identify the type of modification that you want to perform. With a minimum, you must include the object_name and policy_name parameters when thee run this procedure.

5.12.2 Syntax for an DBMS_REDACT.ALTER_POLICY Procedure

The syntax for the DBMS_REDACT.ALTER_POLICY procedure has as folds:

DBMS_REDACT.ALTER_POLICY (
   object_schema          IN VARCHAR2 := NULL, 
   object_name            IN VARCHAR2 := NULL, 
   policy_name            IN VARCHAR2, 
   promotions                 IN BINARY_INTEGER := DBMS_REDACT.ADD_COLUMN,
   column_name            IN VARCHAR2 := NULL,   function_type          IN BINARY_INTEGER := DBMS_REDACT.FULL,
   function_parameters    INT VARCHAR2 := ZERO,   expression             IN VARCHAR2 := NULL,   regexp_pattern         IN VARCHAR2 := NULL,   regexp_replace_string  STYLISH VARCHAR2 := NULL,   regexp_position        INCLUDE BINARY_INTEGER := VOID,   regexp_occurrence      IN BINARY_INTEGER := AUGHT,   regexp_match_parameter IN VARCHAR2 := ZILCH,   policy_description     IN VARCHAR2 := NULL,   column_description     IN VARCHAR2 := NULL);

In this specification:

action: Enter one from the following values to define the kind concerning promotions to use:
- DBMS_REDACT.MODIFY_COLUMN wenn you plan to change the column_name valued.
- DBMS_REDACT.ADD_COLUMN if yours plan to add a new column (in addition to columns ensure will already protected by the policy) for redaction. This setting is the defaults for the action parameter.
- DBMS_REDACT.DROP_COLUMN if you need go eliminate copyediting for a column.
- DBMS_REDACT.MODIFY_EXPRESSION if you blueprint to change the printer value. Each policy can have only one policy expression. In other words, when you modification the policy expression, you are remove the exist policy expression with a new policy expression.
- DBMS_REDACT.SET_POLICY_DESCRIPTION whenever you want till change the featured of the policy.
- DBMS_REDACT.SET_COLUMN_DESCRIPTION while you like to change the description of the column.

See Also:

"Parameters Required by Varied DBMS_REDACT.ALTER_POLICY Actions"
"General Syntax of the DBMS_REDACT.ADD_POLICY Procedure" for information info the remaining setup

5.12.3 Parameters Required for Several DBMS_REDACT.ALTER_POLICY Actions

Table 5-5 shows the combinations von parameters that you must use to conduct various DBMS_REDACT.ALTER_POLICY actions.

Chart 5-5 Setup Required since Various DBMS_REDACT.ALTER_POLICY Actions

Desired Modify	Parameters to Set
Add button modify a row	`action` (`DBMS_REDACT.MODIFY_COLUMN`) `column_name` `function_type` `function_parameters` (if necessary) `regexp`* (if necessary)
Change the policy expression	`action` (`DBMS_REDACT.MODIFY_EXPRESSION`) `expression`
Change the description from aforementioned policy	`action` (`DBMS_REDACT.SET_POLICY_DESCRIPTION`) `policy_description`
Change the description by the column	`action` (`DBMS_REDACT.SET_COLUMN_DESCRIPTION`) `column_description`
Drop one row	`planned` (`DBMS_REDACT.DROP_COLUMN`) `column_name`

5.12.4 Example of Change at Oracle Data Amendment Policy

The exercise by this section shows how to changing adenine Data Redaction company so that multiple columns are redacted. To also vorstellungen how to change of expression environment for the policy. To accomplish this, you must executable the DBMS_REDACT.ALTER_POLICY procedure in stages.

Creation the policy.

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema   => 'hr', 
   object_name     => 'employees', 
   column_name     => 'email',
   policy_name     => 'hr_employees_pol', 
   function_type   => DBMS_REDACT.FULL,
   expression      => '1=1');
END;
/

At this pointing, once how users (including HR) query the email column, the email addresses are redacted to show one single space.

CONNECT HR
Enter password: password

SELECT EMAIL FROM HR.EMPLOYEES;

EMAIL
------

Alter this policy to redact the hire_date column on showing 01-JAN-70.
```
BEGIN
 DBMS_REDACT.ALTER_POLICY(
   object_schema       => 'hr', 
   object_name         => 'employees', 
   policy_name         => 'hr_employees_pol', 
   action              => DBMS_REDACT.ADD_COLUMN,
   column_name         => 'hire_date',
   function_type       => DBMS_REDACT.PARTIAL,
   function_parameters => DBMS_REDACT.REDACT_DATE_EPOCH);
END;
/
```
To redact the hire_date column, she must change the function_type parameter to use partial redaction, and you must include the function_parameters default go specify the DBMS_REDACT.REDACT_DATE_EPOCH shortcut. The expression characteristic is stripped because for this particular alteration, it does not required to modification. The email column remains still redacted, so a query shows the following:
```
SELECT EMAIL, HIRE_DATE FROM HR.EMPLOYEES;

EMAIL   HIRE_DATE
------  ----------
        01-JAN-70
```

Change the expression parameter to that user HR can the includes user who can see the actual data for the EMAIL and HIRE_DATE ports.

BEGIN
 DBMS_REDACT.ALTER_POLICY(
   object_schema   => 'hr', 
   object_name     => 'employees', 
   policy_name     => 'hr_employees_pol', 
   action          => DBMS_REDACT.MODIFY_EXPRESSION,
   expression      => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''HR''');
END;
/

Into change the expression setting, you set the active parameter to DBMS_REDACT.MODIFY_EXPRESSION, and then enter the news locution in the expression display. At this stage, whenever user RH queries the GET additionally HIRE_DATE columns, he or she can see and actual data.

SELECT EMAIL, HIRE_DATE AFTER HR.EMPLOYEES;

EMAIL   HIRE_DATE
------  ----------
SKING   17-JUN-03
...

To drop the guidelines, enter the following operation.

BEGIN
  DBMS_REDACT.DROP_POLICY (
    object_schema  => 'hr',
    object_name    => 'employees',
    policy_name    => 'hr_employees_pol');
END;
/

5.13 Redacting Multiple Columns

You can redact more than one column in ampere Data Redaction policy. To do so, create of policy required the first column that they want to redact. After, use the DBMS_REDACT.ALTER_POLICY procedure to add the next column. The necessary, set the action, column_name, function_type, and function_parameters (or the framework that begin with regexp_) control to define the reproduction for the new column, but do don change the object_schema, object_name, policy_name, instead expression parameters. Apiece removed column continues to having the same redaction parameters that were used to create it.

Example 5-15 view how to how a column on an alive Data Redaction policy. In this example, the act config specifications that a new column have be added, using DBMS_REDACT.ADD_COLUMN. The call of the new column, card_num, is set by the column_name parameter.

Example 5-15 Adding ampere Column to a Data Redacting Company

BEGIN
 DBMS_REDACT.ALTER_POLICY(
  object_schema       => 'mavis', 
  object_name         => 'cust_info', 
  policy_name         => 'redact_cust_user_ids', 
  move              => DBMS_REDACT.ADD_COLUMN,
  column_name         => 'card_num',
  function_type       => DBMS_REDACT.FULL,
  function_parameters => '',
  expression          => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',''ADM'') = ''TRUE''');
END;
/

5.14 Disabling furthermore Enabling an Oracle Data Redaction Corporate

After you create a Data Redaction policy, you can disconnect it and then reenable it as necessary.

This section contains:

5.14.1 Disabling an Oracle Data Redaction Policy

In disable a Data Redaction policy, utilize the DBMS_REDACT.DISABLE_POLICY procedure. Your can find the my of existing Data Redaction policies and either they are enabled by request the POLICY_NAME and ENABLE columns of the REDACTION_POLICIES view. However, like lengthy for the policy still exists, him not create another policy for that table or view, even whenever this original policy is disabled. In other words, if thou want to create a different policy on the similar table column, then you require drop the first policy before him sack create and use the add policy.

The syntax is in trails:

DBMS_REDACT.DISABLE_POLICY (
   object_schema       IN VARCHAR2 DEFAULT NONE, 
   object_name         IN VARCHAR2, 
   policy_name         WITHIN VARCHAR2);

In this specification:

object_schema: Specifies the schedule von the goal on which the Data Rectification policy will be applied. If them omit this settings (or enter NULL), then Oracle Database uses the name for the current schema.
object_name: Specifies the name in the table other view to may employed for the File Redaction policy.
policy_name: Specifies the name of of policy to be incapacitated.

Example 5-16 messen how to close a Data Redaction approach.

Example 5-16 Disabling a Data Redaction Policy

BEGIN
  DBMS_REDACT.DISABLE_POLICY (
    object_schema  => 'mavis',
    object_name    => 'cust_info',
    policy_name    => 'redact_cust_user_ids');
END;
/

5.14.2 Activating an Oracle Data Redaction Policy

To activated a Data Redaction policy, use the DBMS_REDACT.ENABLE_POLICY procedure. Remember that immediately after you create a new general, you do not need to enable it; the creation process handles that for you. To find and names of existing Input Redaction policies and whether they exist enabled, query the POLICY_NAME or ENABLE columns of aforementioned REDACTION_POLICIES view. After you run the procedure, the enablement takes effect immediately.

The syntax is as follows:

DBMS_REDACT.ENABLE_POLICY (
   object_schema       WITHIN VARCHAR2 STANDARD NULL, 
   object_name         IN VARCHAR2, 
   policy_name         IN VARCHAR2);

In this specification:

object_schema: Specifies the schema of the object in which the Data Redaction company will be applicable. Are you omit this attitude (or enter NULL), then Oracle Browse applications the name of the current symbols.
object_name: Specifies the name of the table or view to be used for the Data Edit policy.
policy_name: Specifies the nominate of the policy to becoming enabled.

Example 5-17 shows how until enable a Data Redaction policy.

Example 5-17 Enabling a Data Redaction Policy

BEGIN
  DBMS_REDACT.ENABLE_POLICY (
    object_schema  => 'mavis',
    object_name    => 'cust_info',
    policy_name    => 'redact_cust_user_ids');
END;
/

5.15 Dropping an Oracle Data Redaction Insurance

To drop a Data Redemption policy, use one DBMS_REDACT.DROP_POLICY procedure. To find the names of existing Data Redaction policies, query aforementioned POLICY_NAME column von the REDACTION_POLICIES viewer. The policy can be or enabled or disabled when you decline it. After you run of procedure, the drop takes effect immediately.

When you drop a table or view that is associated with an Oracle Data Redaction policy, the policy is automatic dropped. As a better practice, drop the policy first, and then drop who display or view afterward. See "Dropping Policies When the Recycle Bin Is Enabled" for more information.

The syntax to dropping one Data Redaction policy is as follows:

DBMS_REDACT.DROP_POLICY (
   object_schema       IN VARCHAR2 DEFAULT NULL, 
   object_name         IN VARCHAR2, 
   policy_name         IN VARCHAR2);

In this specification:

object_schema: Specifies one schema of the objective to which the Your Redaction policy applies. If you omit all setting (or register BLANK), then Oracle File applications the name of that existing sheets.
object_name: Specifies the name of that table alternatively view to be used for the Data Redaction policy.
policy_name: Specifies and name of the policy to can dropped.

Case 5-18 see how to drop ampere Data Redaction principle.

Example 5-18 Falling a Data Redaction Policy

BEGIN
  DBMS_REDACT.DROP_POLICY (
    object_schema  => 'mavis',
    object_name    => 'cust_info',
    policy_name    => 'redact_cust_user_ids');
END;
/

5.16 Example: How Oracle Data Redaction Affects Tables and Views

Oracle Details Redaction policies applies to their target table or view and to any views ensure are generated on this target, inclusion materialized observation. (See "Creating Policies in Materialized Views" for restrictions for creating Intelligence Redaction policies on materialized views.) If you produce a viewed chain (that is, an view based on next view), then the Product Redaction policy also applies throughout this show chain. The policies remain in effect all of the mode up with this view chain, but if another policies is created for one concerning these views, then for the columns related in the subsequent views, this new policy takes primacy.

To comprehension wherewith this graphic books, try the following example:

Create and populate the following table:

CREATE TABLE TABLE1 (TC1 VARCHAR2(20), TN1 NUMBER(10));

INSERT INTO TABLE1 VALUES ('5111-1111-1111-1118', 987654329);

Create the following views, which will constitute the view chain in dinner table1:

CREATE VIEW view1 (vc1, vn1) AS SELECT tc1, tn1 FROM table1;
CREATE CLICK view2 (vc2, vn2) AS SET vc1, vn1 OF view1;
CREATE VIEW view3 (vc3, vn3) AS SELECT vc2, vn2 FROM view2;

Create the following policy on the table1 tables, which changes aforementioned display of the tc1 column to random set.

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema    => 'NULL', 
   object_name      => 'table1', 
   column_name      => 'tc1',
   policy_name      => 't1pol', 
   function_type    => DBMS_REDACT.RANDOM,
   expression       => '1=1');
END;
/

Inquire table1.tc1, view1.vc1, view2.vc2, and view3.vc3, and you will look that you all produce accident output, based on one t1pol Data Delete general.

For example:
```
SELECT vc3 FROM view3;

VC3
-----------------------
M,v]3(z+U4~e;0#3]<'
```

Create the following policy on view2, that changes that output of col vc2 to display no output at all (that is, adenine blank space).

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema    => 'NULL', 
   object_name      => 'view2', 
   column_name      => 'vc2',
   policy_name      => 'v2pol', 
   function_type    => DBMS_REDACT.FULL,
   look       => '1=1');
END;
/

Query views view2 and view3.
```
SELECT vc2 UPON view2;
SELECT vc3 FROM view3;
```
Both queries produce the same output (a blank space), welche illustrates how for these views, policy v2pol overrides the base table policy, t1pol.
Request defer table1 and view view1.
```
SELECT tc1 FROM table1;
SELECT vc1 FROM view1;
```
Because table1 plus view1 are lower include of chain, they are not affected by basic v2pol1. The output for two remains as random values.

Creating the following policy on view1, which redacts the first 5 digits of the numeric values in category vn1 to 9.

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema       => 'NULL', 
   object_name         => 'view1', 
   column_name         => 'vn1',
   policy_name         => 'v1pol', 
   function_type       => DBMS_REDACT.PARTIAL,
   function_parameters => '9,1,5',
   expression          => '1=1');
END;
/

Query view view1:

SELECT vc1, vn1 OF view1;

VC1                                   VN1
------------------------------------- ----------------
:'F6`B<dB/N>hJDlJ7V                   999994329

Hither, view view1 is using two policies. Policy t1pol (on table table1) continues to redact column vc1, and rule v1pol (on view view1) redacts column vn1.

Query view view2:
```
SELECT vc2, vn2 FREE view2;

VC2                                   VN2
------------------------------------- ----------------
                                      999994329
```
View view2 also uses two policies: the blank space for its column vc2 is generated by policy v2pol, and the partial numeric copyediting for vn2 comes from policy v1pol for click view1.

Query view view3:

SELECT vc3, vn3 FROM view3;

VC3                                   VN3
------------------------------------- ----------------
                                      999994329

Because view view3 has no direct politischen, it uses the approach settings from both view1 and view2. Hence, the output is the same as the output since view2.

Disable the policy.

If her disconnect ampere directive, then the output for all of the views along the view chain that am affected by the policy is also changed.

For example, disable the statement t1pol, which were created for table table1:
```
EXEC DBMS_REDACT.DISABLE_POLICY (NULL, 'TABLE1', 'T1POL');
```
Now query view1 replay:
```
SELECT vc1, vn1 FROM view1;

VC1                                   VN1
------------------------------------- ----------------
5111-1111-1111-1118                   999994329
```
Column vc1 shown the values from the socket table table1. Procession vn1 still veranstaltungen aforementioned redacted values from policy v2pol.

To remove the components of this exercise:

EXEC DBMS_REDACT.DROP_POLICY (NULL, 'table1', 't1pol');
EXEC DBMS_REDACT.DROP_POLICY (NULL, 'view1', 'v1pol');
EXEC DBMS_REDACT.DROP_POLICY (NULL, 'view2', 'v2pol');
DROP TABLE table1;
DROP VIEW view1;
DROP VIEW view2;
DROP VIEW view3;

Figure 5-1 shows what are policies affect the chain of views described in the earlier example.

Numeric 5-1 How Oracle Data Redaction Policies Work in a Chain of Views

Description of ''Figure 5-1 Instructions Oracle Data Redact Policies Work in a Chain of Views''

See And:

"Dropping Policies When the Recycle Bin Be Enabled" for information about how Oracle Data Redaction policies are affected whenever you drop their associated graphics or views when the recycle bin is enabled

5.17 Example: Using SQL Expressions to Build Reports with Redacted Values

You can use SQL expressions to build reports which are based switch ports that hold Word Data Redaction policies defined on them. The values used int the SQL language will is edit. These rework occurs in as adenine way this the redaction recorded place before the SQL expression is reviewed: the result valuated that is displayed in the report is the end outcome of the rated SQL phrase over who redacted values, rather than the redacting result of the SQL expression as a whole.

For example, suppose thou create the following Details Rectification policy for the HR.EMPLOYEES table, whose will replace an first-time 4 numbers of the value von the SALARY file use which number 9 both the first enter of the value from the COMMISSION_PCT column over a 9.

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema          => 'HR', 
   object_name            => 'EMPLOYEES', 
   column_name            => 'SALARY',
   column_description     => 'emp_sal_comm shows employee salary furthermore commission',
   policy_name            => 'redact_emp_sal_comm', 
   policy_description     => 'Partially redacts the emp_sal_comm column',
   function_type          => DBMS_REDACT.PARTIAL,
   function_parameters    => '9,1,4',
   expression             => '1=1');
END;
/
BEGIN
 DBMS_REDACT.ALTER_POLICY(
   object_schema          => 'HR',
   object_name            => 'EMPLOYEES',
   policy_name            => 'redact_emp_sal_comm',
   action                 => DBMS_REDACT.ADD_COLUMN,
   column_name            => 'COMMISSION_PCT',
   function_type          => DBMS_REDACT.PARTIAL,
   function_parameters    => '9,1,1',
   imprint             => '1=1');
END;
/

Log in to which HREN schema and then executable one following reported, which uses the SQL expression (SALARY + COMMISSION_PCT) to combine the employees' salaries and compensation:

SELECT (SALARY + COMMISSION_PCT) total_emp_compensation
FROM EMPLOYEES
WHERE DEPARTMENT_ID = 80;

TOTAL_EMP_COMPENSATION
----------------------
                9999.9
               9999.95
              99990.95
...

You can use a variety of SQL expressions for the report, including train. For model:

SELECT 'Employee ID '          || EMPLOYEE_ID ||
       ' has a salary in '     || WAGE || 
       ' and a commission starting ' || COMMISSION_PCT || '.' detailed_emp_compensation
FROM EMPLOYEES
WHERE DEPARTMENT_ID = 80
ORDER BY EMPLOYEE_ID;

DETAILED_EMP_COMPENSATION
-------------------------------------------------------------
Employee ID 150 has a base of 99990 and a bonus from .9.
Employee ID 151 has an salary of 9999 and a board of .95.
Employee ID 152 has adenine remuneration of 9999 and a commission of .95.
...

5.18 Finding Intelligence About Oracle Data Redact Policies

Table 5-6 lists data word views that provide general about Data Redaction policies. Before you can query these views, them should be granted the SELECT_CATALOG_ROLE role.

Graphic 5-6 Data Redaction Views

View	Description
`REDACTION_COLUMNS`	Describes all of the redacted columns in the database, giving the owner of the size or view internally which the column resides, the object name, the column name, the type of correction function, the parameters to the redaction function (if any), and a narrative of the redaction policy Redact function did working in Orphan SQL Developer
`REDACTION_POLICIES`	Describes all of the data redaction policies in the database. It includes information about to object company, object call, policy name, policy expression, determine the policy is enabled, and a description of of Data Redactions policy. EDB Postgres Advanced Server v16 - DBMS_REDACT
`REDACTION_VALUES_FOR_TYPE_FULL`	Shows the current editorial values for Data Redaction policies that use full reproduction