Oracle Enterprise Manager Cloud Control (Cloud Control) enables you to manage Oracle Data Redaction policies and formats.
Topics:
Oracle Enterprise Manager Cloud Control provides an unified user interface for creating and managing Oracle Data Redaction policies.
Starting with the Oracle Enterprise Manager 12c Database plug-in 12.1.0.7, you can do the following:
Create and manage custom Oracle Data Redaction formats, which were previously known as Data Redaction shortcuts. (This functionality is not available from the command line.)
Create and manage sensitive column types directly from the Oracle Data Redaction pages. While you create a Data Redaction policy, Cloud Control uses sensitive column types to obtain the Oracle Data Redaction formats that are relevant to the column that you are redacting.
Note:
You can redact data in Oracle Database Enterprise Edition 11.2.0.4 or later by using Oracle Enterprise Manager, starting with Oracle Enterprise Manager 12c. However, before you can create custom redaction formats and sensitive column types, you must deploy the Enterprise Manager for Oracle Database plug-in 12.1.0.7 or higher.
For information about how to deploy a plug-in, see Enterprise Manager Cloud Control Administrator's Guide.
First, you should create sensitive column types and formats if necessary, and then create the Oracle Data Redaction policy afterward.
The following figure illustrates this process:
(Optional) If you want to map the database columns (that contain the data that you want to redact) to new sensitive column types, then create the required sensitive column types as described in Management of Sensitive Column Types in Enterprise Manager.
(Optional) If you want to redact the data (present in a particular database column) using a custom redaction format, then create the required redaction format as described in Creating a Custom Oracle Data Redaction Format.
Create an Oracle Data Redaction policy for the required database, as described in Creating an Oracle Data Redaction Policy Using Enterprise Manager.
Note:
When you create an Oracle Data Redaction policy, it is enabled by default. For information on how to disable an enabled redaction policy, see Enabling or Disabling an Oracle Data Redaction Policy in Enterprise Manager.
A sensitive column type categorizes table column sensitive information into a sensitive information type, such as credit card numbers.
Sensitive column types use a combination of the column name, column comments, and the data pattern defined using a regular expression to tag a column to a particular sensitive information type.
While you create Oracle Data Redaction policies, redaction formats are filtered on the basis of the chosen sensitive column type, thus saving time and effort. For example, if the database table column that you want to redact contains U.S. Social Security numbers, and you select the SOCIAL_SECURITY_NUMBER
sensitive column type for the column while adding it to the Oracle Data Redaction policy, the default redaction formats that you can use to redact the column data are filtered, and only the relevant redaction formats are displayed.
Figure 11-1 illustrates the filtering of Oracle Data Redaction formats based on sensitive column types.
Figure 11-1 Oracle Data Redaction Formats Filtered on the Basis of Sensitive Column Types
Note:
This functionality is available only if you have the Enterprise Manager for Oracle Database plug-in 12.1.0.7 or later deployed in your system.
For information on how to verify the plug-ins deployed in your environment, see Enterprise Manager Cloud Control Administrator's Guide..
As part of the Application Data Modelling feature, Oracle provides a number of default sensitive column types that a database column can be mapped to.
Figure 11-2 displays some of the default sensitive column types.
Figure 11-2 Default Sensitive Column Types
If none of the default sensitive column types are suitable for the database column that contains the data that you want to redact, you can create a new sensitive column type, or create a sensitive column type that is based on an existing sensitive column type, as described in Oracle Database Testing Guide..
Oracle Data Redaction provides redaction formats that can be used directly within a redaction policy to redact data.
Topics:
The Oracle Data Redaction formats are used for commonly redacted data, such as ID numbers, credit cards, or phone numbers.
Oracle Database provides several default Oracle Data Redaction formats.
Figure 11-3 displays the default Oracle Data Redaction formats.
Figure 11-3 Default Oracle Data Redaction Formats
Each default Oracle Data Redaction format consists of a specific redaction function that determines the redacted output when the redaction format is used in an Oracle Data Redaction policy. For example, the Credit Card Numbers - NUMBER
default redaction format replaces the first twelve digits of the column data with the digit 0, when it is used in an Oracle Data Redaction policy. That is, if the column data is 5555555555554444
, the redacted output will be 0000000000004444
.
If you have deployed the Enterprise Manager for Oracle Database plug-in 12.1.0.7 or higher on your system, then you can also create and save custom redaction formats, which you can then use in your redaction policies.
You can create and save custom Oracle Data Redaction formats using Enterprise Manager Cloud Control.
You can edit custom Oracle Data Redaction formats using Enterprise Manager Cloud Control, but not in SQL*Plus.
You can create, edit, view, and delete Oracle Data Redaction policies in Enterprise Manager Cloud Control (Cloud Control).
Topics:
Creating an Oracle Data Redaction Policy Using Enterprise Manager
Editing an Oracle Data Redaction Policy Using Enterprise Manager
Viewing Oracle Data Redaction Policy Details Using Enterprise Manager
Enabling or Disabling an Oracle Data Redaction Policy in Enterprise Manager
Deleting an Oracle Data Redaction Policy Using Enterprise Manager
Use the Data Redaction page in Cloud Control to manage Oracle Data Redaction policies.
To redact the data present in a particular database table or view column, you must create an Oracle Data Redaction policy. Data is redacted using a redaction format that is specified by the Oracle Data Redaction policy. To redact data, you can use any of the Oracle-supplied redaction formats, or create and use a custom redaction format. If the table or view column that contains the data that you want to redact is mapped to a sensitive column type, Oracle uses the mapping to recommend suitable redaction formats for the data. Thus, Oracle Data Redaction policies encapsulate database schemas, database table and view columns, sensitive column types, and Oracle Data Redaction formats.
Figure 11-4 shows the Data Redaction page, which enables you to create and manage Oracle Data Redaction policies in Cloud Control.
Figure 11-4 Oracle Data Redaction Policies Page
You can create an Oracle Data Redaction policy using Enterprise Manager Cloud Control.
You can edit an Oracle Data Redaction policy using Enterprise Manager Cloud Control.
You can find Oracle Data Redaction policy details such as whether the policy is enabled by using Enterprise Manager Cloud Control.
An Oracle Data Redaction policy is executed at run time only if it is enabled. When you create an Oracle Data Redaction policy, it is enabled by default.