Data Redaction A Powerful Tool for Oracle Advanced Security Oracle Database 12c Part 2

YouTube video

In this article, we will delve into the world of Oracle Advanced Security in Oracle Database 12c and explore the features and functions of data redaction. As a product manager for Oracle Advanced Security, I will guide you through a comprehensive demo that showcases the capabilities of data redaction and how it can be implemented in a real-world application.

Introduction to Oracle Advanced Security

Oracle Advanced Security is a powerful tool that helps organizations protect their sensitive data by providing various security features and functionalities. One of these features is data redaction, which enables users to hide sensitive information from being displayed in applications. By leveraging data redaction, organizations can ensure that sensitive data remains confidential and secure, even when accessed by authorized users.

The Call Center Application

To demonstrate the power of data redaction, we will be using a simple call center application built using Oracle Application Express (APEX) and running on an Oracle Database 12c pluggable database. This application allows call center operators to access customer information and handle customer inquiries.

Sensitive Data Redaction

In our demo, we will focus on redacting two specific types of sensitive data: the customer’s date of birth and their US social security number (SSN). Both of these data elements are subject to regulatory requirements and need to be displayed in a redacted form.

Creating a Data Redaction Policy

To implement data redaction in our call center application, we will use Oracle Enterprise Manager, a comprehensive management tool for Oracle databases. In Oracle Enterprise Manager, we can create and manage data redaction policies effortlessly.

  1. Identifying the Relevant Schema and Table: In our case, we need to identify the relevant schema, which is titled CRM, and the table we want to redact, called cust accounts.

  2. Setting Up the Redaction Policy: We will create a new redaction policy named “redact customer PII” for the PII (Personally Identifiable Information) data. This policy will include the date of birth and the US social security number columns.

  3. For the date of birth column (DOB), we will use the standard full redaction method, which replaces the actual value with a constant value in the query results.

  4. For the US social security number column (SSN), we can leverage the pre-configured templates provided by data redaction. In this case, we will use partial redaction, replacing the first five digits with an “X”.

  5. Adding an Enforcement Condition: To accommodate specific business needs, we will set an enforcement condition for the redaction policy. In our call center, the supervisor user needs to have access to the unredacted data. Using the policy expression builder, we can define a condition that exempts the call center supervisor from redaction.

  6. We will leverage the client identifier to identify the current application user and set a condition that exempts the supervisor’s account. This allows the supervisor to view the unredacted data while still enforcing redaction for other application users.

  7. Committing the Changes: Once the redaction policy is complete, we can commit the changes, and the policy will be immediately enforced on active database sessions. No server restarts or logging in/out is required.

Testing the Redaction Policy

Now that the redaction policy is in place, we can test its effectiveness by refreshing the call center application. When we reload the customer detail page, we can observe that the sensitive data, such as the date of birth and the social security number, has been dynamically changed to its redacted form. This ensures that only authorized users can view the sensitive information.

The Power of Data Redaction

Data redaction is a powerful feature that can significantly enhance data security and compliance. By implementing data redaction directly in the database, organizations can ensure consistent redaction across all applications without the need for extensive code or configuration changes.

Additionally, as demonstrated in the demo, data redaction enables intelligent redaction decisions based on different runtime conditions. In our case, the call center supervisor account was exempted from redaction, allowing them to view the unredacted data when necessary.


In conclusion, data redaction is a valuable tool offered by Oracle Advanced Security, providing organizations with the ability to protect sensitive data and comply with regulatory requirements. By leveraging data redaction, organizations can ensure the confidentiality and security of sensitive information while still allowing authorized users to access the data they need.

This article has provided an in-depth look at data redaction and its implementation in a real-world application. By following the step-by-step process outlined in this article, organizations can effectively implement data redaction policies and enhance their data security and compliance efforts. Join us for the next recording, where we will explore further advancements in Oracle Advanced Security. Thank you for reading!

Word Count: 757