即使在 oracle 12c 中使用 DBMS_REDACT 成功添加策略后也无法看到屏蔽数据
Not able to see the masked data even after adding policy successfully using DBMS_REDACT in oracle 12c
我能够将数据编辑策略添加到 table 的列而没有任何错误,但看不到任何屏蔽数据,一切都像以前一样,无法隐藏原始数据。我已经尝试从不同的用户访问 table 仍然没有隐藏原始数据。我也能够从 sql 开发人员添加策略,但仍然无法隐藏数据。
我已将所有这些权限授予系统中的 jag 用户。
grant select on Sys.redaction_policies to jag;
grant select on Sys.redaction_columns to jag;
grant execute on dbms_redact to jag;
CREATE TABLE payment_details (
id NUMBER NOT NULL,
customer_id NUMBER NOT NULL,
card_no NUMBER NOT NULL,
card_string VARCHAR2(19) NOT NULL,
expiry_date DATE NOT NULL,
sec_code NUMBER NOT NULL,
valid_date DATE,
CONSTRAINT payment_details_pk PRIMARY KEY (id)
);
INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;
SELECT *
FROM payment_details
ORDER BY id;
BEGIN
DBMS_REDACT.add_policy(
object_schema => 'jag',
object_name => 'payment_details',
column_name => 'card_no',
policy_name => 'redact_card_info',
function_type => DBMS_REDACT.partial,
function_parameters => '7,1,5',
expression => '1=1'
);
END;
/
--Revoke select privileges on redaction policies/columns and drop objects and rerun the script
revoke select on Sys.redaction_policies from jag;
revoke select on Sys.redaction_columns from jag;
或注释掉前两行并重新运行脚本
--grant select on Sys.redaction_policies to jag;
--grant select on Sys.redaction_columns to jag;
revoke select on Sys.redaction_policies from jag;
revoke select on Sys.redaction_columns from jag;
grant execute on dbms_redact to jag;
DROP TABLE payment_details purge;
BEGIN
DBMS_REDACT.drop_policy(
object_schema => 'jag',
object_name => 'payment_details',
column_name => 'card_no',
policy_name => 'redact_card_info')
END;
CREATE TABLE payment_details (
id NUMBER NOT NULL,
customer_id NUMBER NOT NULL,
card_no NUMBER NOT NULL,
card_string VARCHAR2(19) NOT NULL,
expiry_date DATE NOT NULL,
sec_code NUMBER NOT NULL,
valid_date DATE,
CONSTRAINT payment_details_pk PRIMARY KEY (id)
);
INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;
SELECT *
FROM payment_details
ORDER BY id;
BEGIN
DBMS_REDACT.add_policy(
object_schema => 'jag',
object_name => 'payment_details',
column_name => 'card_no',
policy_name => 'redact_card_info',
function_type => DBMS_REDACT.partial,
function_parameters => '7,1,5',
expression => '1=1'
);
END;
/
我能够将数据编辑策略添加到 table 的列而没有任何错误,但看不到任何屏蔽数据,一切都像以前一样,无法隐藏原始数据。我已经尝试从不同的用户访问 table 仍然没有隐藏原始数据。我也能够从 sql 开发人员添加策略,但仍然无法隐藏数据。
我已将所有这些权限授予系统中的 jag 用户。
grant select on Sys.redaction_policies to jag;
grant select on Sys.redaction_columns to jag;
grant execute on dbms_redact to jag;
CREATE TABLE payment_details (
id NUMBER NOT NULL,
customer_id NUMBER NOT NULL,
card_no NUMBER NOT NULL,
card_string VARCHAR2(19) NOT NULL,
expiry_date DATE NOT NULL,
sec_code NUMBER NOT NULL,
valid_date DATE,
CONSTRAINT payment_details_pk PRIMARY KEY (id)
);
INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;
SELECT *
FROM payment_details
ORDER BY id;
BEGIN
DBMS_REDACT.add_policy(
object_schema => 'jag',
object_name => 'payment_details',
column_name => 'card_no',
policy_name => 'redact_card_info',
function_type => DBMS_REDACT.partial,
function_parameters => '7,1,5',
expression => '1=1'
);
END;
/
--Revoke select privileges on redaction policies/columns and drop objects and rerun the script
revoke select on Sys.redaction_policies from jag;
revoke select on Sys.redaction_columns from jag;
或注释掉前两行并重新运行脚本
--grant select on Sys.redaction_policies to jag;
--grant select on Sys.redaction_columns to jag;
revoke select on Sys.redaction_policies from jag;
revoke select on Sys.redaction_columns from jag;
grant execute on dbms_redact to jag;
DROP TABLE payment_details purge;
BEGIN
DBMS_REDACT.drop_policy(
object_schema => 'jag',
object_name => 'payment_details',
column_name => 'card_no',
policy_name => 'redact_card_info')
END;
CREATE TABLE payment_details (
id NUMBER NOT NULL,
customer_id NUMBER NOT NULL,
card_no NUMBER NOT NULL,
card_string VARCHAR2(19) NOT NULL,
expiry_date DATE NOT NULL,
sec_code NUMBER NOT NULL,
valid_date DATE,
CONSTRAINT payment_details_pk PRIMARY KEY (id)
);
INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;
SELECT *
FROM payment_details
ORDER BY id;
BEGIN
DBMS_REDACT.add_policy(
object_schema => 'jag',
object_name => 'payment_details',
column_name => 'card_no',
policy_name => 'redact_card_info',
function_type => DBMS_REDACT.partial,
function_parameters => '7,1,5',
expression => '1=1'
);
END;
/