vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/dev/dws_04_0062.html
Lu, Huayi e6fa411af0 DWS DEV 830.201 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-16 07:24:04 +00:00

257 lines
67 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001233883259"></a><a name="EN-US_TOPIC_0000001233883259"></a>
<h1 class="topictitle1">Data Redaction</h1>
<div id="body1579504479778"><p id="EN-US_TOPIC_0000001233883259__p16430195117562"><span id="EN-US_TOPIC_0000001233883259__text104300518569">GaussDB(DWS)</span> provides the column-level dynamic data masking (DDM) function. For sensitive data (such as the ID card number, mobile number, and bank card number), the DDM function is used to redact the original data to protect data security and user privacy.</p>
<ul id="EN-US_TOPIC_0000001233883259__ul1527215710717"><li id="EN-US_TOPIC_0000001233883259__li44455321535">Creating a data masking policy for a table<p id="EN-US_TOPIC_0000001233883259__p19988134618314"><a name="EN-US_TOPIC_0000001233883259__li44455321535"></a><a name="li44455321535"></a><span id="EN-US_TOPIC_0000001233883259__text134501549132518">GaussDB(DWS)</span> uses the <strong id="EN-US_TOPIC_0000001233883259__b199891815144216">CREATE REDACTION POLICY</strong> syntax to create a data masking policy on a table. (<strong id="EN-US_TOPIC_0000001233883259__b1693821914310">MASK_NONE</strong>: Do not perform masking. <strong id="EN-US_TOPIC_0000001233883259__b184943429438">MASK_FULL</strong>: Mask data into a fixed value. <strong id="EN-US_TOPIC_0000001233883259__b284555815455">MASK_PARTIAL</strong>: Perform partial masking based on the character type, numeric type, or time type.) </p>
</li><li id="EN-US_TOPIC_0000001233883259__li158951510143">Modifying the data masking policy of a table<p id="EN-US_TOPIC_0000001233883259__p135441920241"><a name="EN-US_TOPIC_0000001233883259__li158951510143"></a><a name="li158951510143"></a>The <strong id="EN-US_TOPIC_0000001233883259__b157261226124912">ALTER REDACTION POLICY</strong> syntax is used to modify the expression for enabling a masking policy, rename a masking policy, and add, modify, or delete masked columns.</p>
</li><li id="EN-US_TOPIC_0000001233883259__li1734810452414">Deleting the masking policy of a table<p id="EN-US_TOPIC_0000001233883259__p146175551416"><a name="EN-US_TOPIC_0000001233883259__li1734810452414"></a><a name="li1734810452414"></a>The <strong id="EN-US_TOPIC_0000001233883259__b455834418521">DROP REDACTION POLICY</strong> syntax is used to delete the masking function information of a masking policy on all columns of a table.</p>
</li><li id="EN-US_TOPIC_0000001233883259__li772419591741">Viewing the masking policy and masked columns<p id="EN-US_TOPIC_0000001233883259__p3768913353"><a name="EN-US_TOPIC_0000001233883259__li772419591741"></a><a name="li772419591741"></a>Redaction policy information is stored in the system catalog <a href="dws_04_0611.html">PG_REDACTION_POLICY</a>, and redacted column information is stored in the system catalog <a href="dws_04_0610.html">PG_REDACTION_COLUMN</a>. You can view information about the redaction policy and redacted columns in the system views <a href="dws_04_0858.html">REDACTION_POLICIES</a> and <a href="dws_04_0857.html">REDACTION_COLUMNS</a>.</p>
</li></ul>
<div class="note" id="EN-US_TOPIC_0000001233883259__nf3dbb0444a8445728f3cc175b020f37a"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="EN-US_TOPIC_0000001233883259__u4c212b5c9b0649438fb48786a5a38e07"><li id="EN-US_TOPIC_0000001233883259__li631681924917">Generally, you can run the SELECT statement to view the data redaction result. If a statement has the following features, sensitive data may be deliberately obtained. In this case, an error will be reported during statement execution.<ul id="EN-US_TOPIC_0000001233883259__ul17277182464915"><li id="EN-US_TOPIC_0000001233883259__li9011395587">The GROUP BY clause references the Target Entry containing redaction columns as the target column.</li><li id="EN-US_TOPIC_0000001233883259__li1358741045920">DISTINCT works on the output redaction columns.</li><li id="EN-US_TOPIC_0000001233883259__li2992173495911">The statement contains CTE.</li><li id="EN-US_TOPIC_0000001233883259__li159401759175919">Operations on sets are involved.</li><li id="EN-US_TOPIC_0000001233883259__li2078104618019">The target columns of a subquery are not redaction columns of the base table, but the expressions or function calls for redaction columns of the base table.</li></ul>
</li><li id="EN-US_TOPIC_0000001233883259__li21764151492">You can use COPY TO or GDS to export the redacted data. Due to the irreversibility of the data redaction, secondary redaction of the data is meaningless.</li><li id="EN-US_TOPIC_0000001233883259__li1917621534918">Do not set target columns of UPDATE, MERGE INTO, and DELETE statements to redaction columns.</li><li id="EN-US_TOPIC_0000001233883259__li1196526615">The UPSERT statement allows you to insert update data through EXCLUDED. If data in the base table is updated by referencing redaction columns, the data may be modified by mistake. As a result, an error will be reported during the execution.</li></ul>
</div></div>
<div class="section" id="EN-US_TOPIC_0000001233883259__section3980155135417"><h4 class="sectiontitle">Examples</h4><p id="EN-US_TOPIC_0000001233883259__p10632108121811">The following uses the employee table <strong id="EN-US_TOPIC_0000001233883259__b15684842165819">emp</strong>, table owner <strong id="EN-US_TOPIC_0000001233883259__b11779175135919">alice</strong>, and roles <strong id="EN-US_TOPIC_0000001233883259__b793268175910">matu</strong> and <strong id="EN-US_TOPIC_0000001233883259__b45541313135918">july</strong> as an example to illustrate the data masking process. The <strong id="EN-US_TOPIC_0000001233883259__b938534512271">emp</strong> table contains private data such as the employee name, mobile number, email address, bank card number, and salary.</p>
<ol id="EN-US_TOPIC_0000001233883259__ol16988111763613"><li id="EN-US_TOPIC_0000001233883259__li698901718366"><span>After connecting to the database as the administrator, create roles <strong id="EN-US_TOPIC_0000001233883259__b1863693613020">alice</strong>, <strong id="EN-US_TOPIC_0000001233883259__b1794220385014">matu</strong>, and <strong id="EN-US_TOPIC_0000001233883259__b732413418011">july</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen11620108193211"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">matu</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li91255419349"><span>Grant schema permissions on the current database to <strong id="EN-US_TOPIC_0000001233883259__b77711253602">alice</strong>, <strong id="EN-US_TOPIC_0000001233883259__b9436145517016">matu</strong>, and <strong id="EN-US_TOPIC_0000001233883259__b108408576014">july</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen3123114712347"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="k">schema</span><span class="w"> </span><span class="k">public</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">alice</span><span class="p">,</span><span class="n">matu</span><span class="p">,</span><span class="n">july</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li783160104018"><span>Switch to role <strong id="EN-US_TOPIC_0000001233883259__b776816416">alice</strong>, create the <strong id="EN-US_TOPIC_0000001233883259__b1178611211112">emp </strong>table, and insert three pieces of employee information.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen68312019401"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">emp</span><span class="p">(</span><span class="n">id</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">20</span><span class="p">),</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">11</span><span class="p">),</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="nb">number</span><span class="p">,</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">19</span><span class="p">),</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="nb">numeric</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="mi">4</span><span class="p">),</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span><span class="nb">date</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s1">'anny'</span><span class="p">,</span><span class="w"> </span><span class="s1">'13420002340'</span><span class="p">,</span><span class="w"> </span><span class="mi">1234123412341234</span><span class="p">,</span><span class="w"> </span><span class="s1">'1234-1234-1234-1234'</span><span class="p">,</span><span class="w"> </span><span class="s1">'smithWu@163.com'</span><span class="p">,</span><span class="w"> </span><span class="mi">10000</span><span class="p">.</span><span class="mi">00</span><span class="p">,</span><span class="w"> </span><span class="s1">'1999-10-02'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="s1">'bob'</span><span class="p">,</span><span class="w"> </span><span class="s1">'18299023211'</span><span class="p">,</span><span class="w"> </span><span class="mi">3456345634563456</span><span class="p">,</span><span class="w"> </span><span class="s1">'3456-3456-3456-3456'</span><span class="p">,</span><span class="w"> </span><span class="s1">'66allen_mm@qq.com'</span><span class="p">,</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">99</span><span class="p">,</span><span class="w"> </span><span class="s1">'1989-12-12'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="s1">'cici'</span><span class="p">,</span><span class="w"> </span><span class="s1">'15512231233'</span><span class="p">,</span><span class="w"> </span><span class="k">NULL</span><span class="p">,</span><span class="w"> </span><span class="k">NULL</span><span class="p">,</span><span class="w"> </span><span class="s1">'jonesishere@sina.com'</span><span class="p">,</span><span class="w"> </span><span class="k">NULL</span><span class="p">,</span><span class="w"> </span><span class="s1">'1992-11-06'</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li16616204625310"><span><strong id="EN-US_TOPIC_0000001233883259__b23323361115">alice</strong> grants the read permission on the <strong id="EN-US_TOPIC_0000001233883259__b1910015448117">emp</strong> table to <strong id="EN-US_TOPIC_0000001233883259__b14772174612114">matu</strong> and <strong id="EN-US_TOPIC_0000001233883259__b2205154911115">july</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen1369242365419"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">matu</span><span class="p">,</span><span class="w"> </span><span class="n">july</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li16391650195314"><span>Create the masking policy <strong id="EN-US_TOPIC_0000001233883259__b193471319324">mask_emp</strong>: Only user <strong id="EN-US_TOPIC_0000001233883259__b53805371126">alice</strong> can view all employee information. User <strong id="EN-US_TOPIC_0000001233883259__b1620517421925">matu</strong> and <strong id="EN-US_TOPIC_0000001233883259__b1166717462211">july</strong> cannot view employee bank card numbers and salary data. The <strong id="EN-US_TOPIC_0000001233883259__b1037819398413">card_no</strong> column is of the numeric type and all of its data is masked into 0 by the <strong id="EN-US_TOPIC_0000001233883259__b156616500519">MASK_FULL</strong> function. The <strong id="EN-US_TOPIC_0000001233883259__b198176574515">card_string</strong> column is of the character type and part of its data is masked by the <strong id="EN-US_TOPIC_0000001233883259__b14741046667">MASK_PARTIAL</strong> function based on the specified input and output formats. The <strong id="EN-US_TOPIC_0000001233883259__b1068719487129">salary</strong> column is of the numeric type and the <strong id="EN-US_TOPIC_0000001233883259__b214531262018">MASK_PARTIAL</strong> function is used to mask all digits before the penultimate digit using the number 9.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen13306926155420"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">WHEN</span><span class="w"> </span><span class="p">(</span><span class="k">current_user</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="p">(</span><span class="s1">'matu'</span><span class="p">,</span><span class="w"> </span><span class="s1">'july'</span><span class="p">))</span>
<span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">card_no</span><span class="p">),</span>
<span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">card_string</span><span class="p">,</span><span class="w"> </span><span class="s1">'VVVVFVVVVFVVVVFVVVV'</span><span class="p">,</span><span class="s1">'VVVV-VVVV-VVVV-VVVV'</span><span class="p">,</span><span class="s1">'#'</span><span class="p">,</span><span class="mi">1</span><span class="p">,</span><span class="mi">12</span><span class="p">),</span>
<span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">salary</span><span class="p">,</span><span class="w"> </span><span class="s1">'9'</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="k">length</span><span class="p">(</span><span class="n">salary</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">2</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li1803523539"><span>Switch to <strong id="EN-US_TOPIC_0000001233883259__b1867118316134">matu</strong> and <strong id="EN-US_TOPIC_0000001233883259__b93621342130">july</strong> and view the employee table <strong id="EN-US_TOPIC_0000001233883259__b38095367139">emp</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen14681113715216"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">matu</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
<span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li5923125345314"><span>If you want <strong id="EN-US_TOPIC_0000001233883259__b173481545191320">matu</strong> to have the permission to view all employee information, but do not want <strong id="EN-US_TOPIC_0000001233883259__b14593954141417">july</strong> to have. In this case, you only need to modify the effective scope of the policy.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen18588143213155"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">WHEN</span><span class="p">(</span><span class="k">current_user</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'july'</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li199211269151"><span>Switch to users <strong id="EN-US_TOPIC_0000001233883259__b657317100813">matu</strong> and <strong id="EN-US_TOPIC_0000001233883259__b45742109818">july</strong> and view the <strong id="EN-US_TOPIC_0000001233883259__b1857520104820">emp</strong> table again, respectively.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen1198815014174"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">matu</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+------------------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1234123412341234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1234</span><span class="o">-</span><span class="mi">1234</span><span class="o">-</span><span class="mi">1234</span><span class="o">-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">10000</span><span class="p">.</span><span class="mi">0000</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3456345634563456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3456</span><span class="o">-</span><span class="mi">3456</span><span class="o">-</span><span class="mi">3456</span><span class="o">-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9900</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
<span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li19320174871611"><span>The information in the <strong id="EN-US_TOPIC_0000001233883259__b19502146103214">phone_no</strong>, <strong id="EN-US_TOPIC_0000001233883259__b1367944816327">email</strong>, and <strong id="EN-US_TOPIC_0000001233883259__b1572813505324">birthday</strong> columns is private data. Update redaction policy <strong id="EN-US_TOPIC_0000001233883259__b15134288113">mask_emp</strong> and add three redaction columns.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen159991742131918"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">phone_no</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">,</span><span class="w"> </span><span class="mi">4</span><span class="p">);</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">email</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="k">position</span><span class="p">(</span><span class="s1">'@'</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">email</span><span class="p">));</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">birthday</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li16719154165411"><span>Switch to <strong id="EN-US_TOPIC_0000001233883259__b1605163220191">july</strong> and view data in the <strong id="EN-US_TOPIC_0000001233883259__b173516353194">emp</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen11486103252310"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span>
<span class="normal">8</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">134</span><span class="o">********</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">********</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1970</span><span class="o">-</span><span class="mi">01</span><span class="o">-</span><span class="mi">01</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">182</span><span class="o">********</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">***********</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1970</span><span class="o">-</span><span class="mi">01</span><span class="o">-</span><span class="mi">01</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">155</span><span class="o">********</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">************</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1970</span><span class="o">-</span><span class="mi">01</span><span class="o">-</span><span class="mi">01</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li1248562232318"><span>Query <strong id="EN-US_TOPIC_0000001233883259__b12101759131218">redaction_policies</strong> and <strong id="EN-US_TOPIC_0000001233883259__b8697141171316">redaction_columns</strong> to view details about the current redaction policy <strong id="EN-US_TOPIC_0000001233883259__b668113203137">mask_emp</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen2792112611256"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">redaction_policies</span><span class="p">;</span>
<span class="w"> </span><span class="n">object_schema</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">object_owner</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">object_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">policy_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">expression</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">enable</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">policy_description</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">inherited</span><span class="w"> </span>
<span class="c1">---------------+--------------+-------------+-------------+-----------------------------------+--------+--------------------+-----------</span>
<span class="w"> </span><span class="k">public</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">(</span><span class="ss">&quot;current_user&quot;</span><span class="p">()</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'july'</span><span class="p">::</span><span class="n">name</span><span class="p">)</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span>
<span class="p">(</span><span class="mi">1</span><span class="w"> </span><span class="k">row</span><span class="p">)</span>
<span class="k">SELECT</span><span class="w"> </span><span class="n">object_name</span><span class="p">,</span><span class="w"> </span><span class="k">column_name</span><span class="p">,</span><span class="w"> </span><span class="n">function_info</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">redaction_columns</span><span class="p">;</span>
<span class="w"> </span><span class="n">object_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">column_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">function_info</span><span class="w"> </span>
<span class="c1">-------------+-------------+-------------------------------------------------------------------------------------------------------</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">card_no</span><span class="p">)</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">card_string</span><span class="p">,</span><span class="w"> </span><span class="s1">'VVVVFVVVVFVVVVFVVVV'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="s1">'VVVV-VVVV-VVVV-VVVV'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="s1">'#'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">12</span><span class="p">)</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">email</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="ss">&quot;position&quot;</span><span class="p">(</span><span class="n">email</span><span class="p">,</span><span class="w"> </span><span class="s1">'@'</span><span class="p">::</span><span class="nb">text</span><span class="p">))</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">salary</span><span class="p">,</span><span class="w"> </span><span class="s1">'9'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="k">length</span><span class="p">((</span><span class="n">salary</span><span class="p">)::</span><span class="nb">text</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">2</span><span class="p">))</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">birthday</span><span class="p">)</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">phone_no</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">4</span><span class="p">)</span>
<span class="p">(</span><span class="mi">6</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li160143114418"><span>Add the <strong id="EN-US_TOPIC_0000001233883259__b209422062337">salary_info</strong> column. To replace the salary information in text format with *.*, you can create a user-defined redaction function. In this step, you can use the PL/pgSQL to define the redaction function <strong id="EN-US_TOPIC_0000001233883259__b552912213349">mask_regexp_salary</strong>. To create a redaction column, you simply need to customize the function name and parameter list. For details, see <a href="dws_04_0507.html">User-Defined Functions</a>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen10991143155318"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="nb">TEXT</span><span class="p">;</span>
<span class="k">UPDATE</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">salary</span><span class="p">::</span><span class="nb">text</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">FUNCTION</span><span class="w"> </span><span class="n">mask_regexp_salary</span><span class="p">(</span><span class="n">salary_info</span><span class="w"> </span><span class="nb">text</span><span class="p">)</span><span class="w"> </span><span class="k">RETURNS</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">AS</span>
<span class="err">$$</span>
<span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">regexp_replace</span><span class="p">(</span><span class="err">$</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s1">'[0-9]+'</span><span class="p">,</span><span class="s1">'*'</span><span class="p">,</span><span class="s1">'g'</span><span class="p">);</span>
<span class="err">$$</span>
<span class="w"> </span><span class="k">LANGUAGE</span><span class="w"> </span><span class="k">SQL</span><span class="w"> </span>
<span class="k">STRICT</span><span class="w"> </span><span class="n">SHIPPABLE</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_regexp_salary</span><span class="p">(</span><span class="n">salary_info</span><span class="p">);</span>
<span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="n">id</span><span class="p">,</span><span class="w"> </span><span class="n">name</span><span class="p">,</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span>
<span class="c1">----+------+-------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">*</span><span class="p">.</span><span class="o">*</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">*</span><span class="p">.</span><span class="o">*</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233883259__li167771414112519"><span>If there is no need to set a redaction policy for the <strong id="EN-US_TOPIC_0000001233883259__b678491013155">emp</strong> table, delete redaction policy <strong id="EN-US_TOPIC_0000001233883259__b1923918242150">mask_emp</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233883259__screen13384194062820"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">DROP</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0994.html">Sensitive Data Management</a></div>
</div>
</div>
View Git Blame Copy Permalink