cancel
Showing results for 
Search instead for 
Did you mean: 

Adding a policy for Data Redaction

Data redaction is a technique that limits sensitive data exposure by dynamically changing data as it is displayed for certain users.  EnterpriseDB Postgres Advanced Server (EPAS) provides data redaction as a feature of the v. 11 release.

 

Data redaction is implemented by defining a function for each field to which redaction is to be applied. The function returns the value that should be displayed to the users subject to the data redaction.

 

The edb_data_redaction parameter in the postgresql.conf file then determines whether or not data redaction is to be applied. By default, the parameter is enabled so the redaction policy is in effect and the following occurs:

  • Superusers and the table owner bypass data redaction and see the original data.
  • All other users get the redaction policy applied and see the reformatted data.

If the parameter is disabled by having it set to FALSE during the session, then the following occurs :

 

  • Superusers and the table owner bypass data redaction and see the original data.
  • All other users get will get an error.

 

A redaction policy can be added, altered, disabled, enabled or dropped any time. For details on this, you can refer to the EPAS Database Compatibility for Oracle Developers Guide.

 

Below is a simple test case to demonstrat how to create a data redaction policy for a credit card number column in a payments table.

 

Test Case:

  1. Log in using the superuser or table owner and check the table where you need to apply the data redaction policy.

 

postgres=# \c postgres postgres
You are now connected to database "postgres" as user "postgres".

postgres=# select * from payment_details_tab;
customer_id | card_string 
-------------+---------------------
4000 | 1234-1234-1234-1234
4001 | 2345-2345-2345-2345
(2 rows)

 

  2.  Add new policy to partially hide the card details.

 

postgres=# BEGIN
postgres=# DBMS_REDACT.add_policy(
postgres=# object_schema=> 'public',
postgres=# object_name=> 'payment_details_tab',
postgres=# policy_name=> 'redactPolicy_001',
postgres=# policy_description=> 'redactPolicy_001 for payment_details_tab table',
postgres=# column_name=> 'card_string',
postgres=# function_type=> DBMS_REDACT.partial,
postgres=# function_parameters=> DBMS_REDACT.REDACT_CCN16_F12,
postgres=# expression=> '1=1',
postgres=# enable=> TRUE
postgres=# );
postgres=# END;

EDB-SPL Procedure successfully completed

 

  3. Check the table data again to see if the superuser is able to see the data.

 

postgres=# select * from payment_details_tab;
customer_id | card_string 
-------------+---------------------
4000 | 1234-1234-1234-1234
4001 | 2345-2345-2345-2345
(2 rows)

 

  4. Connect to a different user who is neither a superuser nor table owner and check the table data.

 

postgres=# \c postgres vipul 
You are now connected to database "postgres" as user "vipul".

postgres=> select * from payment_details_tab;
customer_id | card_string 
-------------+---------------------
4000 | ****-****-****-1234
4001 | ****-****-****-2345
(2 rows)

 

Version history
Revision #:
4 of 4
Last update:
4 weeks ago
Updated by: