1

我能够在没有任何错误的情况下将数据编辑策略添加到表的列中,但看不到任何被屏蔽的数据,这一切都和以前一样,无法隐藏原始数据。我尝试从其他用户访问表,但原始数据并未隐藏。我也能够从 sql developer 添加策略,但在隐藏数据方面仍然没有运气。

我已将所有这些权限授予 sys.jag 用户。

grant select on Sys.redaction_policies to jag;
grant select on Sys.redaction_columns to jag;
grant execute on dbms_redact to jag;


CREATE TABLE payment_details (
  id          NUMBER       NOT NULL,
  customer_id NUMBER       NOT NULL,
  card_no     NUMBER       NOT NULL,
  card_string VARCHAR2(19) NOT NULL,
  expiry_date DATE         NOT NULL,
  sec_code    NUMBER       NOT NULL,
  valid_date  DATE,
  CONSTRAINT payment_details_pk PRIMARY KEY (id)
);
INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;


SELECT *
FROM   payment_details
ORDER BY id;

BEGIN
  DBMS_REDACT.add_policy(
    object_schema => 'jag',
    object_name   => 'payment_details',
    column_name   => 'card_no',
    policy_name   => 'redact_card_info',
    function_type => DBMS_REDACT.partial,
 function_parameters  => '7,1,5',
    expression    => '1=1'
  );
END;
/
4

1 回答 1

2 
--Revoke select privileges on redaction policies/columns and drop objects and rerun the script

    revoke select on Sys.redaction_policies from jag;
    revoke select on Sys.redaction_columns from jag;

或注释掉前两行并重新运行脚本

--grant select on Sys.redaction_policies to jag;
--grant select on Sys.redaction_columns to jag;
revoke select on Sys.redaction_policies from jag;
revoke select on Sys.redaction_columns from jag;
grant execute on dbms_redact to jag;

DROP TABLE payment_details purge;


BEGIN
  DBMS_REDACT.drop_policy(
    object_schema => 'jag',
    object_name   => 'payment_details',
    column_name   => 'card_no',
    policy_name   => 'redact_card_info')
END;

CREATE TABLE payment_details (
  id          NUMBER       NOT NULL,
  customer_id NUMBER       NOT NULL,
  card_no     NUMBER       NOT NULL,
  card_string VARCHAR2(19) NOT NULL,
  expiry_date DATE         NOT NULL,
  sec_code    NUMBER       NOT NULL,
  valid_date  DATE,
  CONSTRAINT payment_details_pk PRIMARY KEY (id)
);

INSERT INTO payment_details VALUES (2, 4001, 2345234523452345, '2345-2345-2345-2345', TRUNC(ADD_MONTHS(SYSDATE,12)), 234, NULL);
INSERT INTO payment_details VALUES (3, 4002, 3456345634563456, '3456-3456-3456-3456', TRUNC(ADD_MONTHS(SYSDATE,12)), 345, NULL);
INSERT INTO payment_details VALUES (4, 4003, 4567456745674567, '4567-4567-4567-4567', TRUNC(ADD_MONTHS(SYSDATE,12)), 456, NULL);
INSERT INTO payment_details VALUES (5, 4004, 5678567856785678, '5678-5678-5678-5678', TRUNC(ADD_MONTHS(SYSDATE,12)), 567, NULL);
COMMIT;


SELECT *
FROM   payment_details
ORDER BY id;

BEGIN
  DBMS_REDACT.add_policy(
    object_schema => 'jag',
    object_name   => 'payment_details',
    column_name   => 'card_no',
    policy_name   => 'redact_card_info',
    function_type => DBMS_REDACT.partial,
 function_parameters  => '7,1,5',
    expression    => '1=1'
  );
END;
/
于 2021-04-10T08:11:50.720 回答