We are discussing the management of Oracle Database 12c in Oracle Enterprise Manager 12c. In our previous blog post on this topic, we started to look at Data Redaction, and created a Policy on the HR user and Salary column. We specified Full Redaction as seen below, to hide all the Salary column figures (a zero will be displayed).
Click on “Show SQL”, this displays the PL/SQL code that is generated to create the Data Redaction policy. Even this simple example demonstrates how Enterprise Manager saves a lot of admin time, since it writes the PL/SQL code for the DBA. Fancy writing this manually?
The policy is created successfully. We can see that the policy is “enabled” and there is one redacted column.
So, the Data Redaction Policy has been created successfully and enabled. But how do we verify this?
From now on, any select statement issued by a non-SYSDBA should show the salary as zero (0) in each case. This can be seen below in SQL Plus, logging in as the HR database user:
[oracle@db12c admin]$ sqlplus hr/@pdb3
SQL> select * from employees;
NAME DEPARTMENT SALARY JOINDATE
John Smith Science 0 01-MAR-13
Simon Pereira Commerce 0 01-APR-13
Whereas, if you login as sysdba, you can see the salary values since no redaction is applied.
[oracle@db12c admin]$ sqlplus sys@pdb3 as sysdba
SQL> select * from hr.employees;
NAME DEPARTMENT SALARY JOINDATE
John Smith Science 200000 01-MAR-13
Simon Pereira Commerce 500000 01-APR-13
If the concept of Oracle Data Redaction interests you, then you can read further about it in the documentation here.
In the next blog post, we will look at how the Resource Manager can be set up for 12c Databases, via the powerful and time-saving interface of Enterprise Manager 12c.
This blog post was originally posted at this link.
No comments:
Post a Comment