Sample Header Ad - 728x90

Data redaction with regex in Oracle

2 votes
1 answer
1114 views
oracle oracle-12c data-masking
I would like to redact data with regex in oracle database. I know the procedure but I get unpredictable results. I use the following script to apply redaction to a certain column with card numbers. 
`
BEGIN
DBMS_REDACT.ADD_POLICY ( 
   object_schema          => 'my_schema',
   object_name            => 'my_table',
   column_name            => 'card_number',
   policy_name            => 'redact_my_table', 
   function_type          => DBMS_REDACT.REGEXP,
   function_parameters    => null,
   regexp_pattern         => '(............)(.+)(........)',--DBMS_REDACT.RE_PATTERN_CC_L6_T4,
   regexp_replace_string  => '\1****\3', --dbms_redact.re_redact_ccn, --DBMS_REDACT.RE_REDACT_CC_MIDDLE_DIGITS,
   regexp_position        => DBMS_REDACT.RE_BEGINNING,
   regexp_occurrence      => DBMS_REDACT.RE_FIRST,
   regexp_match_parameter => 'i',
   policy_description     => 'Regular expressions to redact credit card numbers',
   expression             => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''my_schema'''
   );
END;
/
` Expected result would be first 6 and last 4 unmasked like 123456****1234, but I get this instead: enter image description here From the documentation I would suppose the below script would work by default, but it performs a full redaction instead of just masking some chars. I get a whitespace per row. 
`
BEGIN
DBMS_REDACT.ADD_POLICY ( 
   object_schema          => 'my_schema',
   object_name            => 'my_table',
   column_name            => 'card_number',
   policy_name            => 'redact_my_table', 
   function_type          => DBMS_REDACT.REGEXP,
   function_parameters    => null,
   regexp_pattern         => DBMS_REDACT.RE_PATTERN_CC_L6_T4,
   regexp_replace_string  => DBMS_REDACT.RE_REDACT_CC_MIDDLE_DIGITS,
   regexp_position        => DBMS_REDACT.RE_BEGINNING,
   regexp_occurrence      => DBMS_REDACT.RE_FIRST,
   regexp_match_parameter => 'i',
   policy_description     => 'Regular expressions to redact credit card numbers',
   expression             => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''my_schema'''
   );
END;
/
` Database used is Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 This are the constants in DBMS_REDACT package: 
`
RE_PATTERN_CC_L6_T4        CONSTANT   VARCHAR2(33) := '(\d\d\d\d\d\d)(\d\d\d*)(\d\d\d\d)';
RE_REDACT_CC_MIDDLE_DIGITS CONSTANT   VARCHAR2(10) := '\1XXXXXX\3';
` If i put the \d in regex patter i always get full redaction. Using dot i managed to get the scrambled data from the image. If anyone could try here is also the drop statement: 
` 
exec dbms_redact.drop_policy('my_schema','my_table','redact_my_table');
` Any ideas what am I doing wrong?
Asked by RokX (163 rep)
Jun 10, 2019, 09:45 AM
Last activity: Jun 10, 2019, 01:11 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Database Administrators

More questions tagged "oracle"
More questions tagged "oracle-12c"
More questions tagged "data-masking"
Footer Ad - 728x90