1.1 What Is Oracle Data Redaction?

Oracle Data Redaction enables you to obscure data that is returned from queries without affecting the data directly. This is done by redacting (selectively removing or obscuring sensitive or confidential information) the results of database queries just before presenting the results.

You can apply a Data Redaction policy to a table, view, or materialized view. Then, you apply the policy on the table to specific columns in the table. You can redact column data by using one of the following methods:

• Full redaction. You redact all of the contents of the column data. The redacted value returned to the querying user depends on the data type of the column and what the full redaction value was set to. By default, columns of the NUMBER data type are redacted with a zero (0), and character data types are redacted with a single space. However, these values can be changed using UPDATE_FULL_REDACTION_VALUES.

• Partial redaction. You redact a portion of the column data. For example, you can redact a Social Security Number with asterisks (*), except for the last 4 digits.

• Regular expressions. You can use regular expressions to look for patterns of data to redact. For example, you can use regular expressions to redact email addresses, which can have varying character lengths. It is designed for use with character data only.

• Random redaction. The redacted data presented to the querying user appears as randomly generated values each time it is displayed, depending on the data type of the column.

• Nullify redation. The Nullify redaction type redacts all the data in a column and replaces it with null values.

• No redaction. The None redaction type option enables you to test the internal operation of your redaction policies, with no effect on the results of queries against tables with policies defined on them. You can use this option to test the redaction policy definitions before applying them to a production environment.

Data Redaction is transparent to end users because it preserves the original data type and (optionally) the formatting. It is transparent to the database because the data remains the same in buffers, caches, and storage—only being changed at the last minute just before SQL query results are returned to the caller. The redaction is enforced consistently across all of the queries that access the tables or views with redaction policies. You can specify which users should see only redacted data by checking user information that is passed into the database through the SYS_CONTEXT function; you can redact data based on attributes of the current database; and you can implement multiple logical conditions within a given redaction policy. In addition, Data Redaction is implemented in a way that minimizes performance overhead. These characteristics make Oracle Data Redaction particularly well suited for usage by a range of applications, analytics tools, reporting tools, and monitoring tools that share common production databases.

Oracle Database applies the redaction at runtime when users access the data (that is, at query-execution time). This solution works well in a production system. During the time that the data is being redacted, all of the data processing is performed normally, and the back-end referential integrity constraints are preserved.

Data redaction can help you comply with industry, government, and organization requirements by restricting access to cardholder data or personally identifiable information based on a need-to-know.