Privileges for Managing Oracle Data Redaction Policies

3.2 Privileges for Managing Oracle Data Redaction Policies

Because data redaction involves the protection of highly sensitive data, only trusted users should create Oracle Data Redaction policies.

You must have the EXECUTE privilege on the DBMS_REDACT package in order to run its subprograms. Procedures in the interface are run with privileges of the current user.

In addition to the EXECUTE privilege on the DBMS_REDACT package to run its subprograms, you must have the ADMINISTER REDACTION POLICY privilege at the schema or system level:

Syntax of the ADMINISTER REDACTION POLICY privilege grant if the privilege is to apply to all non-SYS schemas across the database:
```
GRANT ADMINISTER REDACTION POLICY TO grantee;
```
Syntax of the ADMINISTER REDACTION POLICY privilege grant if the privilege is to be restricted to a specific schema:
```
GRANT ADMINISTER REDACTION POLICY ON SCHEMA schema TO grantee;
```

You do not need any Oracle Data Redaction-specific privileges to access the underlying tables or views that will be protected by the policy. See Exemption of Users from Oracle Data Redaction Policies for Oracle Data Redaction-specific privileges to access actual data.

To find the privileges that a user has been granted, you can query the DBA_SYS_PRIVS data dictionary view. To find schema-specific privileges that a user has been granted, you can query any of the *SCHEMA_PRIVS data dictionary views.