Table of Contents
- Title and Copyright Information
- Preface
-
Changes in This Release for Oracle Database Advanced Security Guide
-
Changes in Oracle Database Advanced Security 21c
- Sharing of TDE Master Encryption Key Across Oracle Processes
- Ability to Control Heartbeats in United Mode and Isolated Mode PDBs
- Ability to Set the Default Tablespace Encryption Algorithm
- Enhanced Database Availability with Zero Downtime Switch Over to an Updated PKCS#11 Library
- Improved Performance with Large Numbers of TDE Keys in Wallets or Oracle Key Vault
-
Changes in Oracle Database Advanced Security 21c
- 1 Introduction to Oracle Advanced Security
-
Part I Using Transparent Data Encryption
-
2
Introduction to Transparent Data Encryption
- 2.1 What Is Transparent Data Encryption?
- 2.2 How Configuring Transparent Data Encryption Works
- 2.3 Benefits of Using Transparent Data Encryption
- 2.4 Who Can Configure Transparent Data Encryption?
-
2.5
Types and Components of Transparent Data Encryption
- 2.5.1 About Transparent Data Encryption Types and Components
- 2.5.2 How Transparent Data Encryption Tablespace Encryption Works
- 2.5.3 How Transparent Data Encryption Column Encryption Works
- 2.5.4 How the Keystore for the Storage of TDE Master Encryption Keys Works
- 2.5.5 Supported Encryption and Integrity Algorithms
- 2.6 Transparent Data Encryption in a Multitenant Environment
- 2.7 Transparent Data Encryption Keystore Search Order
-
3
Configuring United Mode
- 3.1 About Configuring United Mode
- 3.2 Operations That Are Allowed in United Mode
- 3.3 Configuring the Keystore Location and Type for United Mode
- 3.4 Configuring a TDE Wallet and TDE Master Encryption Key for United Mode
- 3.5 Operations That Are Not Allowed in a United Mode PDB
-
3.6
Configuring a Container Database with United Mode PDBs for Oracle Key Vault
- 3.6.1 About Configuring a Container Database with United Mode PDBs for Oracle Key Vault
- 3.6.2 About Configuring a Container Database with United Mode PDBs for Oracle Key Vault
- 3.6.3 Step 1: Configure Oracle Key Vault for United Mode
- 3.6.4 Step 2: Open the Connection to Oracle Key Vault
-
3.6.5
Step 3: Set the TDE Master Encryption Key in Oracle Key Vault
- 3.6.5.1 About Setting the External Keystore TDE Master Encryption Key
- 3.6.5.2 Heartbeat Batch Size for External Keystores
- 3.6.5.3 Setting the TDE Master Encryption Key for United Mode PDBs in an External Keystore
- 3.6.5.4 Migration of an Encrypted Database from a TDE Wallet to Oracle Key Vault or OCI KMS
- 3.6.6 Step 4: Encrypt Your Data in United Mode
-
4
Configuring Isolated Mode
- 4.1 About Configuring Isolated Mode
- 4.2 Operations That Are Allowed in Isolated Mode
- 4.3 Operations That Are Not Allowed in an Isolated Mode PDB
-
4.4
Configuring the Keystore Location and Type for Isolated Mode
- 4.4.1 About Configuring the Keystore Location and Type for Isolated Mode
- 4.4.2 Configuring the Keystore Location and Keystore Type for an Isolated Mode CDB
- 4.4.3 Example: Restoring an Older Version of a Control File
- 4.4.4 Example: Addressing the Problem of a Lost Control File
- 4.4.5 Example: Configuring Isolated Mode in an Oracle Real Application Clusters Environment
-
4.5
Configuring a TDE Wallet and TDE Master Encryption Key in Isolated Mode
- 4.5.1 About Configuring a TDE Wallet in Isolated Mode
- 4.5.2 Step 1: Create a TDE Wallet in a PDB Configured in Isolated Mode
- 4.5.3 Step 2: Open the TDE Wallet in an Isolated Mode PDB
- 4.5.4 Step 3: Set the TDE Master Encryption Key in the TDE Wallet of the Isolated Mode PDB
- 4.5.5 Step 4: Encrypt Your Data in Isolated Mode
-
4.6
Configuring a Container Database with Isolated Mode PDBs for Oracle Key Vault
- 4.6.1 About Configuring an External Keystore in Isolated Mode
- 4.6.2 Step 1: Configure Isolated PDBs for Oracle Key Vault
- 4.6.3 Step 2: Open the Isolated Mode PDB External Keystore
- 4.6.4 Step 3: Set the First TDE Master Encryption Key in the External Keystore
- 4.6.5 Step 4: Encrypt Your Data in Isolated Mode
-
5
Encrypting Columns in Tables
- 5.1 About Encrypting Columns in Tables
- 5.2 Data Types That Can Be Encrypted with TDE Column Encryption
- 5.3 Restrictions on Using TDE Column Encryption
-
5.4
Creating Tables with Encrypted Columns
- 5.4.1 About Creating Tables with Encrypted Columns
- 5.4.2 Creating a Table with an Encrypted Column Using the Default Algorithm
- 5.4.3 Creating a Table with an Encrypted Column Using No Algorithm or a Non-Default Algorithm
- 5.4.4 Using the NOMAC Parameter to Save Disk Space and Improve Performance
- 5.4.5 Example: Using the NOMAC Parameter in a CREATE TABLE Statement
- 5.4.6 Example: Changing the Integrity Algorithm for a Table
- 5.4.7 Creating an Encrypted Column in an External Table
- 5.5 Encrypting Columns in Existing Tables
- 5.6 Creating an Index on an Encrypted Column
- 5.7 Adding Salt to an Encrypted Column
- 5.8 Removing Salt from an Encrypted Column
- 5.9 Changing the Encryption Key or Algorithm for Tables with Encrypted Columns
-
6
Encryption Conversions for Tablespaces and Databases
- 6.1 About Encryption Conversion for Tablespaces and Databases
- 6.2 Impact of a Closed TDE Keystore on Encrypted Tablespaces
- 6.3 Restrictions on Using Transparent Data Encryption Tablespace Encryption
- 6.4 Creating an Encrypted New Tablespace
- 6.5 Setting the Tablespace Encryption Default Algorithm
- 6.6 Encrypting Future Tablespaces
- 6.7 Encrypted Sensitive Credential Data in the Data Dictionary
- 6.8 Encryption Conversions for Existing Offline Tablespaces
-
6.9
Encryption Conversions for Existing Online Tablespaces
- 6.9.1 About Encryption Conversions for Existing Online Tablespaces
- 6.9.2 Encrypting an Existing Tablespace with Online Conversion
- 6.9.3 Rekeying an Existing Tablespace with Online Conversion
- 6.9.4 Decrypting an Existing Tablespace with Online Conversion
- 6.9.5 Finishing an Interrupted Online Encryption Conversion
- 6.10 Creating an Encrypted Database Using DBCA
- 6.11 Encryption Conversions for Existing Databases
-
7
Managing the Keystore and the Master Encryption Key
-
7.1
Managing the Keystore
- 7.1.1 Performing Operations That Require a Keystore Password
- 7.1.2 Configuring Auto-Open Connections into External Key Managers
- 7.1.3 Changing the Oracle Key Vault Password
- 7.1.4 Configuring an External Store for a Keystore Password
- 7.1.5 Backing Up Password-Protected Software Keystores
- 7.1.6 How the V$ENCRYPTION_WALLET View Interprets Backup Operations
- 7.1.7 Backups of the External Keystore
- 7.1.8 Merging TDE Wallets
- 7.1.9 Moving a TDE Wallet to a New Location
- 7.1.10 Moving a TDE Wallet Out of Automatic Storage Management
- 7.1.11 Migrating from a TDE Wallet to Oracle Key Vault
- 7.1.12 Migration of Keystores to and from Oracle Key Vault
- 7.1.13 Configuring Keystores for Automatic Storage Management
- 7.1.14 Managing Updates to the PKCS#11 Library
- 7.1.15 Backup and Recovery of Encrypted Data
- 7.1.16 Dangers of Deleting TDE Wallets
- 7.1.17 Features That Are Affected by Deleted Keystores
-
7.2
Managing the TDE Master Encryption Key
- 7.2.1 TDE Master Encryption Key Attribute Management
- 7.2.2 Creating Custom TDE Master Encryption Key Attributes for Reports
-
7.2.3
Setting or Rekeying the TDE Master Encryption Key in the Keystore
- 7.2.3.1 About Setting or Rekeying the TDE Master Encryption Key in the Keystore
- 7.2.3.2 Creating, Tagging, and Backing Up a TDE Master Encryption Key
- 7.2.3.3 About Rekeying the TDE Master Encryption Key
- 7.2.3.4 Rekeying the TDE Master Encryption Key
- 7.2.3.5 Changing the TDE Master Encryption Key for a Tablespace
-
7.2.4
Exporting and Importing the TDE Master Encryption Key
- 7.2.4.1 About Exporting and Importing the TDE Master Encryption Key
- 7.2.4.2 About Exporting TDE Master Encryption Keys
- 7.2.4.3 Exporting a TDE Master Encryption Key
- 7.2.4.4 Example: Exporting a TDE Master Encryption Key by Using a Subquery
- 7.2.4.5 Example: Exporting a List of TDE Master Encryption Key Identifiers to a File
- 7.2.4.6 Example: Exporting All TDE Master Encryption Keys of the Database
- 7.2.4.7 About Importing TDE Master Encryption Keys
- 7.2.4.8 Importing a TDE Master Encryption Key
- 7.2.4.9 Example: Importing a TDE Master Encryption Key
- 7.2.4.10 How Keystore Merge Differs from TDE Master Encryption Key Export or Import
- 7.2.5 Converting from ENCRYPTION_WALLET_LOCATION to WALLET_ROOT and TDE_CONFIGURATION
- 7.2.6 Management of TDE Master Encryption Keys Using Oracle Key Vault
- 7.3 Transparent Data Encryption Data Dynamic and Data Dictionary Views
-
7.1
Managing the Keystore
-
8
Administering United Mode
-
8.1
Administering Keystores and Master Encryption Keys in United Mode
- 8.1.1 Changing the Keystore Password in United Mode
- 8.1.2 Backing Up a Password-Protected TDE Wallet in United Mode
- 8.1.3 Closing Keystores in United Mode
- 8.1.4 Creating TDE Master Encryption Keys for Later Use in United Mode
- 8.1.5 Example: Creating a Master Encryption Key in All PDBs
- 8.1.6 Activating TDE Master Encryption Keys in United Mode
- 8.1.7 Creating User-Defined TDE Master Encryption Keys
- 8.1.8 Rekeying the TDE Master Encryption Key in United Mode
- 8.1.9 Finding the TDE Master Encryption Key That Is in Use in United Mode
- 8.1.10 Creating a Custom Attribute Tag in United Mode
- 8.1.11 Moving TDE Master Encryption Keys into a New Keystore in United Mode
- 8.1.12 Automatically Removing Inactive TDE Master Encryption Keys in United Mode
- 8.1.13 Isolating a Pluggable Database Keystore
-
8.2
Administering Transparent Data Encryption in United Mode
- 8.2.1 Moving PDBs from One CDB to Another in United Mode
-
8.2.2
Unplugging and Plugging a PDB with Encrypted Data in a CDB in United Mode
- 8.2.2.1 Unplugging a PDB That Has Encrypted Data in United Mode
- 8.2.2.2 Plugging a PDB That Has Encrypted Data into a CDB in United Mode
- 8.2.2.3 Unplugging a PDB That Has Master Encryption Keys Stored in an External Keystore in United Mode
- 8.2.2.4 Plugging a PDB That Has Master Encryption Keys Stored in an External Keystore in United Mode
- 8.2.3 Managing Cloned PDBs with Encrypted Data in United Mode
- 8.2.4 How Keystore Open and Close Operations Work in United Mode
- 8.2.5 Finding the Keystore Status for All of the PDBs in United Mode
-
8.1
Administering Keystores and Master Encryption Keys in United Mode
-
9
Administering Isolated Mode
-
9.1
Administering Keystores and TDE Master Encryption Keys in Isolated Mode
- 9.1.1 Changing the Keystore Password in Isolated Mode
- 9.1.2 Backing Up a Password-Protected TDE Wallet in Isolated Mode
- 9.1.3 Merging TDE Wallets in Isolated Mode
- 9.1.4 Closing Keystores in Isolated Mode
- 9.1.5 Creating a User-Defined TDE Master Encryption Key in Isolated Mode
- 9.1.6 Creating a TDE Master Encryption Key for Later Use in Isolated Mode
- 9.1.7 Activating a TDE Master Encryption Key in Isolated Mode
- 9.1.8 Rekeying the TDE Master Encryption Key in Isolated Mode
- 9.1.9 Moving a TDE Master Encryption Key into a New Keystore in Isolated Mode
- 9.1.10 Creating a Custom Attribute Tag in Isolated Mode
- 9.1.11 Exporting and Importing the TDE Master Encryption Key in Isolated Mode
-
9.1.12
Storing Oracle Database Secrets in Isolated Mode
- 9.1.12.1 About Storing Oracle Database Secrets in a Keystore in Isolated Mode
- 9.1.12.2 Storing Oracle Database Secrets in a TDE Wallet in Isolated Mode
- 9.1.12.3 Example: Adding an Oracle Key Vault Password to a TDE Wallet
- 9.1.12.4 Example: Changing an Oracle Key Vault Password Stored as a Secret in a TDE Wallet
- 9.1.12.5 Example: Deleting an Oracle Key Vault Password Stored as a Secret in a TDE Wallet
- 9.1.12.6 Storing Oracle Database Secrets in an External Keystore in Isolated Mode
- 9.1.12.7 Example: Adding an Oracle Database Secret to an External Keystore
- 9.1.12.8 Example: Changing an Oracle Database Secret in an External Keystore
- 9.1.12.9 Example: Deleting an Oracle Database Secret in an External Keystore
-
9.1.13
Storing Oracle GoldenGate Secrets in a Keystore in Isolated Mode
- 9.1.13.1 About Storing Oracle GoldenGate Secrets in Keystores in Isolated Mode
- 9.1.13.2 Oracle GoldenGate Extract Classic Capture Mode TDE Requirements
-
9.1.13.3
Configuring Keystore Support for Oracle GoldenGate
- 9.1.13.3.1 Step 1: Decide on a Shared Secret for the Keystore
- 9.1.13.3.2 Step 2: Configure Oracle Database for TDE Support for Oracle GoldenGate
- 9.1.13.3.3 Step 3: Store the TDE GoldenGate Shared Secret in the Keystore
- 9.1.13.3.4 Step 4: Set the TDE Oracle GoldenGate Shared Secret in the Extract Process
- 9.1.14 Migrating Keystores in Isolated Mode
- 9.1.15 Uniting a Pluggable Database Keystore
- 9.1.16 Creating a Keystore When the PDB Is Closed
-
9.2
Administering Transparent Data Encryption in Isolated Mode
- 9.2.1 Cloning or Relocating Encrypted PDBs in Isolated Mode
-
9.2.2
Unplugging and Plugging a PDB with Encrypted Data in a CDB in Isolated Mode
- 9.2.2.1 Unplugging a PDB That Has Encrypted Data in Isolated Mode
- 9.2.2.2 Plugging a PDB That Has Encrypted Data into a CDB in Isolated Mode
- 9.2.2.3 Unplugging a PDB That Has Master Encryption Keys Stored in an External Keystore in Isolated Mode
- 9.2.2.4 Plugging a PDB That Has Master Keys Stored in an External Keystore in Isolated Mode
- 9.2.3 Cloning a PDB with Encrypted Data in a CDB in Isolated Mode
- 9.2.4 Remotely Cloning an Encrypted PDB in Isolated Mode
- 9.2.5 Relocating an Encrypted PDB in Isolated Mode
- 9.2.6 How Keystore Open and Close Operations Work in Isolated Mode
-
9.2.7
Exporting and Importing Master Encryption Keys for a PDB in Isolated Mode
- 9.2.7.1 About Exporting and Importing Master Encryption Keys for a PDB in Isolated Mode
- 9.2.7.2 Exporting or Importing a Master Encryption Key for a PDB in Isolated Mode
- 9.2.7.3 Example: Exporting a Master Encryption Key from a PDB in Isolated Mode
- 9.2.7.4 Example: Importing a Master Encryption Key into a PDB in Isolated Mode
-
9.1
Administering Keystores and TDE Master Encryption Keys in Isolated Mode
-
10
Using Transparent Data Encryption with Other Oracle Features
- 10.1 How Transparent Data Encryption Works with Export and Import Operations
-
10.2
How Transparent Data Encryption Works with Oracle Data Guard
- 10.2.1 About Using Transparent Data Encryption with Oracle Data Guard
- 10.2.2 Configuring TDE and Oracle Key Vault in an Oracle Data Guard Environment
- 10.2.3 Configuring Wallet-Based Transparent Data Encryption in Oracle Data Guard
- 10.2.4 Migrating a TDE Wallet in an Oracle Data Guard Environment to Oracle Key Vault
- 10.2.5 Enabling a PDB to Have an Isolated Keystore in an Oracle Data Guard Environment
- 10.3 How Transparent Data Encryption Works with Oracle Real Application Clusters
- 10.4 How Transparent Data Encryption Works with SecureFiles
- 10.5 How Transparent Data Encryption Works with Oracle Call Interface
- 10.6 How Transparent Data Encryption Works with Editions
- 10.7 Configuring Transparent Data Encryption to Work in a Multidatabase Environment
-
11
General Considerations of Using Transparent Data Encryption
- 11.1 Migrating Encrypted TDE Columns or Tablespaces after a Database Upgrade from Release 11g
- 11.2 Compression and Data Deduplication of Encrypted Data
- 11.3 Security Considerations for Transparent Data Encryption
- 11.4 Performance and Storage Overhead of Transparent Data Encryption
- 11.5 Modifying Your Applications for Use with Transparent Data Encryption
- 11.6 How ALTER SYSTEM and orapki Map to ADMINISTER KEY MANAGEMENT
- 11.7 Data Loads from External Files to Tables with Encrypted Columns
- 11.8 Transparent Data Encryption and Database Close Operations
- 12 Frequently Asked Questions About Transparent Data Encryption
-
13
Using sqlnet.ora to Configure Transparent Data Encryption Keystores
- 13.1 About the Keystore Location in the sqlnet.ora File
- 13.2 Configuring the sqlnet.ora File for a Software Keystore Location
- 13.3 Example: Configuring a Software Keystore for a Regular File System
- 13.4 Example: Configuring a TDE Wallet When Multiple Databases Share the Same Host
- 13.5 Example: Configuring a Software Keystore for an Oracle Automatic Storage Management Disk Group
-
2
Introduction to Transparent Data Encryption
-
Part II Using Oracle Data Redaction
-
14
Introduction to Oracle Data Redaction
- 14.1 What Is Oracle Data Redaction?
- 14.2 When to Use Oracle Data Redaction
- 14.3 Benefits of Using Oracle Data Redaction
-
14.4
Target Use Cases for Oracle Data Redaction
- 14.4.1 Oracle Data Redaction for Sensitive Data in Read-Only Static Pages
- 14.4.2 Oracle Data Redaction for Preventing Data Exposure by Management Tools
- 14.4.3 Oracle Data Redaction to Prevent Disclosure of Data from Offline Analytics
- 14.4.4 Oracle Data Redaction Use with Database Applications
- 14.4.5 Oracle Data Redaction with Ad Hoc Database Queries Considerations
- 14.5 Oracle Data Redaction in a Multitenant Environment
-
15
Oracle Data Redaction Features and Capabilities
- 15.1 Full Data Redaction to Redact All Data
- 15.2 Partial Data Redaction to Redact Sections of Data
- 15.3 Regular Expressions to Redact Patterns of Data
- 15.4 Redaction Using Null Values
- 15.5 Random Data Redaction to Generate Random Values
- 15.6 Comparison of Full, Partial, and Random Redaction Based on Data Types
- 15.7 No Redaction for Testing Purposes
- 15.8 Central Management of Named Data Redaction Policy Expressions
-
16
Configuring Oracle Data Redaction Policies
- 16.1 About Oracle Data Redaction Policies
- 16.2 Who Can Create Oracle Data Redaction Policies?
- 16.3 Planning an Oracle Data Redaction Policy
- 16.4 General Syntax of the DBMS_REDACT.ADD_POLICY Procedure
-
16.5
Using Expressions to Define Conditions for Data Redaction Policies
- 16.5.1 About Using Expressions in Data Redaction Policies
- 16.5.2 Supported Functions for Data Redaction Expressions
- 16.5.3 Applying the Redaction Policy Based on User Environment
- 16.5.4 Applying the Redaction Policy Based on Database Roles
- 16.5.5 Applying the Redaction Policy Based on Oracle Label Security Label Dominance
- 16.5.6 Applying the Redaction Policy Based on Application Express Session States
- 16.5.7 Applying the Redaction Policy to All Users
-
16.6
Creating and Managing Multiple Named Policy Expressions
- 16.6.1 About Data Redaction Policy Expressions to Define Conditions
- 16.6.2 Creating and Applying a Named Data Redaction Policy Expression
- 16.6.3 Updating a Named Data Redaction Policy Expression
- 16.6.4 Dropping a Named Data Redaction Expression Policy
-
16.6.5
Tutorial: Creating and Sharing a Named Data Redaction Policy Expression
- 16.6.5.1 Step 1: Create Users for This Tutorial
- 16.6.5.2 Step 2: Create an Oracle Data Redaction Policy
- 16.6.5.3 Step 3: Test the Oracle Data Redaction Policy
- 16.6.5.4 Step 4: Create and Apply a Policy Expression to the Redacted Table Columns
- 16.6.5.5 Step 5: Test the Data Redaction Policy Expression
- 16.6.5.6 Step 6: Modify the Data Redaction Policy Expression
- 16.6.5.7 Step 7: Test the Modified Policy Expression
- 16.6.5.8 Step 8: Remove the Components of This Tutorial
- 16.7 Creating a Full Redaction Policy and Altering the Full Redaction Value
- 16.8 Creating a DBMS_REDACT.NULLIFY Redaction Policy
-
16.9
Creating a Partial Redaction Policy
- 16.9.1 About Creating Partial Redaction Policies
- 16.9.2 Syntax for Creating a Partial Redaction Policy
- 16.9.3 Creating Partial Redaction Policies Using Fixed Character Formats
- 16.9.4 Creating Partial Redaction Policies Using Character Data Types
- 16.9.5 Creating Partial Redaction Policies Using Number Data Types
- 16.9.6 Creating Partial Redaction Policies Using Date-Time Data Types
- 16.10 Creating a Regular Expression-Based Redaction Policy
- 16.11 Creating a Random Redaction Policy
- 16.12 Creating a Policy That Uses No Redaction
- 16.13 Exemption of Users from Oracle Data Redaction Policies
- 16.14 Altering an Oracle Data Redaction Policy
- 16.15 Redacting Multiple Columns
- 16.16 Disabling and Enabling an Oracle Data Redaction Policy
- 16.17 Dropping an Oracle Data Redaction Policy
- 16.18 Tutorial: SQL Expressions to Build Reports with Redacted Values
- 16.19 Using Trace Files to Troubleshoot Oracle Data Redaction Policies
- 16.20 Oracle Data Redaction Policy Data Dictionary Views
-
17
Managing Oracle Data Redaction Policies in Oracle Enterprise Manager
- 17.1 About Using Oracle Data Redaction in Oracle Enterprise Manager
- 17.2 Oracle Data Redaction Workflow
- 17.3 Management of Sensitive Column Types in Enterprise Manager
-
17.4
Managing Oracle Data Redaction Formats Using Enterprise Manager
- 17.4.1 About Managing Oracle Data Redaction Formats Using Enterprise Manager
- 17.4.2 Creating a Custom Oracle Data Redaction Format Using Enterprise Manager
- 17.4.3 Editing a Custom Oracle Data Redaction Format Using Enterprise Manager
- 17.4.4 Viewing Oracle Data Redaction Formats Using Enterprise Manager
- 17.4.5 Deleting a Custom Oracle Data Redaction Format Using Enterprise Manager
-
17.5
Managing Oracle Data Redaction Policies Using Enterprise Manager
- 17.5.1 About Managing Oracle Data Redaction Policies Using Enterprise Manager
- 17.5.2 Creating an Oracle Data Redaction Policy Using Enterprise Manager
- 17.5.3 Editing an Oracle Data Redaction Policy Using Enterprise Manager
- 17.5.4 Viewing Oracle Data Redaction Policy Details Using Enterprise Manager
- 17.5.5 Enabling or Disabling an Oracle Data Redaction Policy in Enterprise Manager
- 17.5.6 Deleting an Oracle Data Redaction Policy Using Enterprise Manager
-
17.6
Managing Named Data Redaction Policy Expressions Using Enterprise Manager
- 17.6.1 About Named Data Redaction Policy Expressions in Enterprise Manager
- 17.6.2 Creating a Named Data Redaction Policy Expression in Enterprise Manager
- 17.6.3 Editing a Named Data Redaction Policy Expression in Enterprise Manager
- 17.6.4 Viewing Named Data Redaction Policy Expressions in Enterprise Manager
- 17.6.5 Deleting a Named Data Redaction Policy Expression in Enterprise Manager
-
18
Using Oracle Data Redaction with Oracle Database Features
- 18.1 Oracle Data Redaction General Usage Guidelines
- 18.2 Oracle Data Redaction and DML and DDL Operations
- 18.3 Oracle Data Redaction and Nested Functions, Inline Views, and the WHERE Clause
- 18.4 Oracle Data Redaction and Queries on Columns Protected by Data Redaction Policies
- 18.5 Oracle Data Redaction and Database Links
- 18.6 Oracle Data Redaction and Aggregate Functions
- 18.7 Oracle Data Redaction and Object Types
- 18.8 Oracle Data Redaction and XML Generation
- 18.9 Oracle Data Redaction and Editions
- 18.10 Oracle Data Redaction and Oracle Virtual Private Database
- 18.11 Oracle Data Redaction and Oracle Database Real Application Security
- 18.12 Oracle Data Redaction and Oracle Database Vault
- 18.13 Oracle Data Redaction and Oracle Data Pump
- 18.14 Oracle Data Redaction and Data Masking and Subsetting Pack
- 18.15 Oracle Data Redaction and JSON
-
19
Security Considerations for Oracle Data Redaction
- 19.1 Oracle Data Redaction General Security Guidelines
- 19.2 Restriction of Administrative Access to Oracle Data Redaction Policies
- 19.3 How Oracle Data Redaction Affects the SYS, SYSTEM, and Default Schemas
- 19.4 Policy Expressions That Use SYS_CONTEXT Attributes
- 19.5 Oracle Data Redaction Policies on Materialized Views
- 19.6 REDACTION_COLUMNS Data Dictionary View Behavior When a View Is Invalid
- 19.7 Dropped Oracle Data Redaction Policies When the Recycle Bin Is Enabled
-
14
Introduction to Oracle Data Redaction
- Glossary
- Index