即使在 oracle 12c 中使用 DBMS_REDACT 成功添加策略后也无法看到屏蔽数据

Not able to see the masked data even after adding policy successfully using DBMS_REDACT in oracle 12c

我能够将数据编辑策略添加到 table 的列而没有任何错误,但看不到任何屏蔽数据,一切都像以前一样,无法隐藏原始数据。我已经尝试从不同的用户访问 table 仍然没有隐藏原始数据。我也能够从 sql 开发人员添加策略,但仍然无法隐藏数据。

我已将所有这些权限授予系统中的 jag 用户。

grant select on Sys.redaction_policies to jag;
grant select on Sys.redaction_columns to jag;
grant execute on dbms_redact to jag;


CREATE TABLE payment_details (
  id          NUMBER       NOT NULL,
  customer_id NUMBER       NOT NULL,
  card_no     NUMBER       NOT NULL,
  card_string VARCHAR2(19) NOT NULL,
  expiry_date DATE         NOT NULL,
  sec_code    NUMBER       NOT NULL,
  valid_date  DATE,
  CONSTRAINT payment_details_pk PRIMARY KEY (id)
);
INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;


SELECT *
FROM   payment_details
ORDER BY id;

BEGIN
  DBMS_REDACT.add_policy(
    object_schema => 'jag',
    object_name   => 'payment_details',
    column_name   => 'card_no',
    policy_name   => 'redact_card_info',
    function_type => DBMS_REDACT.partial,
 function_parameters  => '7,1,5',
    expression    => '1=1'
  );
END;
/
--Revoke select privileges on redaction policies/columns and drop objects and rerun the script

    revoke select on Sys.redaction_policies from jag;
    revoke select on Sys.redaction_columns from jag;

或注释掉前两行并重新运行脚本

--grant select on Sys.redaction_policies to jag;
--grant select on Sys.redaction_columns to jag;
revoke select on Sys.redaction_policies from jag;
revoke select on Sys.redaction_columns from jag;
grant execute on dbms_redact to jag;

DROP TABLE payment_details purge;


BEGIN
  DBMS_REDACT.drop_policy(
    object_schema => 'jag',
    object_name   => 'payment_details',
    column_name   => 'card_no',
    policy_name   => 'redact_card_info')
END;

CREATE TABLE payment_details (
  id          NUMBER       NOT NULL,
  customer_id NUMBER       NOT NULL,
  card_no     NUMBER       NOT NULL,
  card_string VARCHAR2(19) NOT NULL,
  expiry_date DATE         NOT NULL,
  sec_code    NUMBER       NOT NULL,
  valid_date  DATE,
  CONSTRAINT payment_details_pk PRIMARY KEY (id)
);

INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;


SELECT *
FROM   payment_details
ORDER BY id;

BEGIN
  DBMS_REDACT.add_policy(
    object_schema => 'jag',
    object_name   => 'payment_details',
    column_name   => 'card_no',
    policy_name   => 'redact_card_info',
    function_type => DBMS_REDACT.partial,
 function_parameters  => '7,1,5',
    expression    => '1=1'
  );
END;
/