vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/dev/dws_04_0062.html
Lu, Huayi ef0ada5a59 DWS DEV 20240716 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-11-02 09:07:47 +00:00

245 lines
68 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001460722644"></a><a name="EN-US_TOPIC_0000001460722644"></a>
<h1 class="topictitle1">GaussDB(DWS) Data Masking</h1>
<div id="body1579504479778"><p id="EN-US_TOPIC_0000001460722644__p16430195117562"><span id="EN-US_TOPIC_0000001460722644__text104300518569">GaussDB(DWS)</span> provides the column-level dynamic data masking (DDM) function. For sensitive data (such as the ID card number, mobile number, and bank card number), the DDM function is used to redact the original data to protect data security and user privacy.</p>
<ul id="EN-US_TOPIC_0000001460722644__ul4833513201519"><li id="EN-US_TOPIC_0000001460722644__li44455321535">Creating a data masking policy for a table<p id="EN-US_TOPIC_0000001460722644__p19988134618314"><a name="EN-US_TOPIC_0000001460722644__li44455321535"></a><a name="li44455321535"></a><span id="EN-US_TOPIC_0000001460722644__text86981438145518">GaussDB(DWS)</span> uses the <strong id="EN-US_TOPIC_0000001460722644__b11698238195517">CREATE REDACTION POLICY</strong> syntax to create a data masking policy on a table (Do not perform masking), <strong id="EN-US_TOPIC_0000001460722644__b1669812382557">MASK_FULL</strong> (Mask data into a fixed value), and <strong id="EN-US_TOPIC_0000001460722644__b46991338165515">MASK_PARTIAL</strong> (Perform partial masking based on the character type, numeric type, or time type.) to specify the application scope of the masking policy.</p>
</li><li id="EN-US_TOPIC_0000001460722644__li158951510143">Modifying the data masking policy of a table<p id="EN-US_TOPIC_0000001460722644__p135441920241"><a name="EN-US_TOPIC_0000001460722644__li158951510143"></a><a name="li158951510143"></a>The <strong id="EN-US_TOPIC_0000001460722644__b191789597253">ALTER REDACTION POLICY</strong> syntax is used to modify the expression for enabling a masking policy, rename a masking policy, and add, modify, or delete masked columns.</p>
</li><li id="EN-US_TOPIC_0000001460722644__li1734810452414">Deleting the masking policy of a table<p id="EN-US_TOPIC_0000001460722644__p146175551416"><a name="EN-US_TOPIC_0000001460722644__li1734810452414"></a><a name="li1734810452414"></a>The <strong id="EN-US_TOPIC_0000001460722644__b66291638145713">DROP REDACTION POLICY</strong> syntax is used to delete the masking function information of a masking policy on all columns of a table.</p>
</li><li id="EN-US_TOPIC_0000001460722644__li772419591741">Viewing the masking policy and masked columns<p id="EN-US_TOPIC_0000001460722644__p3768913353"><a name="EN-US_TOPIC_0000001460722644__li772419591741"></a><a name="li772419591741"></a>Masking policy information is stored in the system catalog <a href="dws_04_0611.html">PG_REDACTION_POLICY</a>, and masked column information is stored in the system catalog <a href="dws_04_0610.html">PG_REDACTION_COLUMN</a>. You can view information about the masking policy and masked columns in the system views <a href="dws_04_0858.html">REDACTION_POLICIES</a> and <a href="dws_04_0857.html">REDACTION_COLUMNS</a>.</p>
</li></ul>
<div class="note" id="EN-US_TOPIC_0000001460722644__nf3dbb0444a8445728f3cc175b020f37a"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="EN-US_TOPIC_0000001460722644__u4c212b5c9b0649438fb48786a5a38e07"><li id="EN-US_TOPIC_0000001460722644__li631681924917">Generally, you can run the SELECT statement to view the data masking result. If a statement has the following features, sensitive data may be deliberately obtained. In this case, an error will be reported during statement execution.<ul id="EN-US_TOPIC_0000001460722644__ul17277182464915"><li id="EN-US_TOPIC_0000001460722644__li9011395587">The GROUP BY clause references the Target Entry containing masked columns as the target column.</li><li id="EN-US_TOPIC_0000001460722644__li1358741045920">DISTINCT works on the output masked columns.</li><li id="EN-US_TOPIC_0000001460722644__li2992173495911">The statement contains CTE.</li><li id="EN-US_TOPIC_0000001460722644__li159401759175919">Operations on sets are involved.</li><li id="EN-US_TOPIC_0000001460722644__li2078104618019">The target columns of a subquery are not masked columns of the base table, but the expressions or function calls for masked columns of the base table.</li></ul>
</li><li id="EN-US_TOPIC_0000001460722644__li21764151492">You can use COPY TO or GDS to export the masked data. Due to the irreversibility of the data masking, secondary masking of the data is meaningless.</li><li id="EN-US_TOPIC_0000001460722644__li1917621534918">Do not set target columns of UPDATE, MERGE INTO, and DELETE statements to masked columns.</li><li id="EN-US_TOPIC_0000001460722644__li1196526615">The UPSERT statement allows you to insert update data through EXCLUDED. If data in the base table is updated by referencing masked columns, the data may be modified by mistake. As a result, an error will be reported during the execution.</li><li id="EN-US_TOPIC_0000001460722644__li155740337271">In the 8.2.1 cluster version, multiple masking policies can be created for the same table to implement diversified sensitive data classification. The principles for selecting and applying masking policies are as follows:<ul id="EN-US_TOPIC_0000001460722644__ul13350143462719"><li id="EN-US_TOPIC_0000001460722644__li72271149162416">Select the policy with the largest <strong id="EN-US_TOPIC_0000001460722644__b1469485118319">policy_order</strong> among multiple candidate policies that meet the requirements of the current session. A larger <strong id="EN-US_TOPIC_0000001460722644__b448411281145">policy_order</strong> indicates a later creation.</li><li id="EN-US_TOPIC_0000001460722644__li2571133162914">During data masking, the DML statement inherits only the policy with the largest <strong id="EN-US_TOPIC_0000001460722644__b1348219201970">policy_order</strong>.</li></ul>
</li></ul>
</div></div>
<div class="section" id="EN-US_TOPIC_0000001460722644__section3980155135417"><h4 class="sectiontitle">Examples</h4><p id="EN-US_TOPIC_0000001460722644__p10632108121811">The following uses the employee table <strong id="EN-US_TOPIC_0000001460722644__b1201823142612">emp</strong>, table owner <strong id="EN-US_TOPIC_0000001460722644__b52018233266">alice</strong>, and roles <strong id="EN-US_TOPIC_0000001460722644__b1920172316266">matu</strong> and <strong id="EN-US_TOPIC_0000001460722644__b1720112235263">july</strong> as an example to illustrate the data masking process. The <strong id="EN-US_TOPIC_0000001460722644__b1859391115368">emp</strong> table contains private data such as the employee name, mobile number, email address, bank card number, and salary.</p>
<ol id="EN-US_TOPIC_0000001460722644__ol16988111763613"><li id="EN-US_TOPIC_0000001460722644__li698901718366"><span>After connecting to the database as the administrator, create roles <strong id="EN-US_TOPIC_0000001460722644__b6751216153614">alice</strong>, <strong id="EN-US_TOPIC_0000001460722644__b17751616113619">matu</strong>, and <strong id="EN-US_TOPIC_0000001460722644__b1752161614367">july</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen11620108193211"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">matu</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li91255419349"><span>Grant schema permissions on the current database to <strong id="EN-US_TOPIC_0000001460722644__b1151042416364">alice</strong>, <strong id="EN-US_TOPIC_0000001460722644__b1551152463620">matu</strong>, and <strong id="EN-US_TOPIC_0000001460722644__b2511224143612">july</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen3123114712347"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="k">schema</span><span class="w"> </span><span class="k">public</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">alice</span><span class="p">,</span><span class="n">matu</span><span class="p">,</span><span class="n">july</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li783160104018"><span>Switch to role <strong id="EN-US_TOPIC_0000001460722644__b1784332663612">alice</strong>, create the <strong id="EN-US_TOPIC_0000001460722644__b084432643618">emp </strong>table, and insert three pieces of employee information.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen68312019401"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">emp</span><span class="p">(</span><span class="n">id</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">20</span><span class="p">),</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">11</span><span class="p">),</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="nb">number</span><span class="p">,</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">19</span><span class="p">),</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="nb">numeric</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="mi">4</span><span class="p">),</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span><span class="nb">date</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s1">'anny'</span><span class="p">,</span><span class="w"> </span><span class="s1">'13420002340'</span><span class="p">,</span><span class="w"> </span><span class="mi">1234123412341234</span><span class="p">,</span><span class="w"> </span><span class="s1">'1234-1234-1234-1234'</span><span class="p">,</span><span class="w"> </span><span class="s1">'smithWu@163.com'</span><span class="p">,</span><span class="w"> </span><span class="mi">10000</span><span class="p">.</span><span class="mi">00</span><span class="p">,</span><span class="w"> </span><span class="s1">'1999-10-02'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="s1">'bob'</span><span class="p">,</span><span class="w"> </span><span class="s1">'18299023211'</span><span class="p">,</span><span class="w"> </span><span class="mi">3456345634563456</span><span class="p">,</span><span class="w"> </span><span class="s1">'3456-3456-3456-3456'</span><span class="p">,</span><span class="w"> </span><span class="s1">'66allen_mm@qq.com'</span><span class="p">,</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">99</span><span class="p">,</span><span class="w"> </span><span class="s1">'1989-12-12'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="s1">'cici'</span><span class="p">,</span><span class="w"> </span><span class="s1">'15512231233'</span><span class="p">,</span><span class="w"> </span><span class="k">NULL</span><span class="p">,</span><span class="w"> </span><span class="k">NULL</span><span class="p">,</span><span class="w"> </span><span class="s1">'jonesishere@sina.com'</span><span class="p">,</span><span class="w"> </span><span class="k">NULL</span><span class="p">,</span><span class="w"> </span><span class="s1">'1992-11-06'</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li16616204625310"><span><strong id="EN-US_TOPIC_0000001460722644__b18905182910366">alice</strong> grants the read permission on the <strong id="EN-US_TOPIC_0000001460722644__b79063298367">emp</strong> table to <strong id="EN-US_TOPIC_0000001460722644__b1390612296365">matu</strong> and <strong id="EN-US_TOPIC_0000001460722644__b690719294362">july</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen1369242365419"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">matu</span><span class="p">,</span><span class="w"> </span><span class="n">july</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li16391650195314"><span>Create the masking policy <strong id="EN-US_TOPIC_0000001460722644__b1646518353366">mask_emp</strong>: Only user <strong id="EN-US_TOPIC_0000001460722644__b94651135103612">alice</strong> can view all employee information. User <strong id="EN-US_TOPIC_0000001460722644__b04661235123616">matu</strong> and <strong id="EN-US_TOPIC_0000001460722644__b2466133533610">july</strong> cannot view employee bank card numbers and salary data. The <strong id="EN-US_TOPIC_0000001460722644__b10864103817369">card_no</strong> column is of the numeric type and all of its data is masked into 0 by the <strong id="EN-US_TOPIC_0000001460722644__b128651538193614">MASK_FULL</strong> function. The <strong id="EN-US_TOPIC_0000001460722644__b19865838193619">card_string</strong> column is of the character type and part of its data is masked by the <strong id="EN-US_TOPIC_0000001460722644__b10866163823619">MASK_PARTIAL</strong> function based on the specified input and output formats. The <strong id="EN-US_TOPIC_0000001460722644__b6866173893612">salary</strong> column is of the numeric type and the <strong id="EN-US_TOPIC_0000001460722644__b586719387367">MASK_PARTIAL</strong> function is used to mask all digits before the penultimate digit using the number 9.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen13306926155420"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">WHEN</span><span class="w"> </span><span class="p">(</span><span class="k">current_user</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="p">(</span><span class="s1">'matu'</span><span class="p">,</span><span class="w"> </span><span class="s1">'july'</span><span class="p">))</span>
<span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">card_no</span><span class="p">),</span>
<span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">card_string</span><span class="p">,</span><span class="w"> </span><span class="s1">'VVVVFVVVVFVVVVFVVVV'</span><span class="p">,</span><span class="s1">'VVVV-VVVV-VVVV-VVVV'</span><span class="p">,</span><span class="s1">'#'</span><span class="p">,</span><span class="mi">1</span><span class="p">,</span><span class="mi">12</span><span class="p">),</span>
<span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">salary</span><span class="p">,</span><span class="w"> </span><span class="s1">'9'</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="k">length</span><span class="p">(</span><span class="n">salary</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">2</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li1803523539"><span>Switch to <strong id="EN-US_TOPIC_0000001460722644__b31091942163616">matu</strong> and <strong id="EN-US_TOPIC_0000001460722644__b171101242133610">july</strong> and view the employee table <strong id="EN-US_TOPIC_0000001460722644__b12110104283620">emp</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen14681113715216"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">matu</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
<span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li5923125345314"><span>If you want <strong id="EN-US_TOPIC_0000001460722644__b25941044153613">matu</strong> to have the permission to view all employee information, but do not want <strong id="EN-US_TOPIC_0000001460722644__b759484415362">july</strong> to have. In this case, you only need to modify the effective scope of the policy.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen18588143213155"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">WHEN</span><span class="p">(</span><span class="k">current_user</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'july'</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li199211269151"><span>Switch to users <strong id="EN-US_TOPIC_0000001460722644__b164116496364">matu</strong> and <strong id="EN-US_TOPIC_0000001460722644__b164113498361">july</strong> and view the <strong id="EN-US_TOPIC_0000001460722644__b742649113612">emp</strong> table again, respectively.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen1198815014174"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">matu</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+------------------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1234123412341234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1234</span><span class="o">-</span><span class="mi">1234</span><span class="o">-</span><span class="mi">1234</span><span class="o">-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">10000</span><span class="p">.</span><span class="mi">0000</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3456345634563456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3456</span><span class="o">-</span><span class="mi">3456</span><span class="o">-</span><span class="mi">3456</span><span class="o">-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9900</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
<span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">13420002340</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">smithWu</span><span class="o">@</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1999</span><span class="o">-</span><span class="mi">10</span><span class="o">-</span><span class="mi">02</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">18299023211</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">66</span><span class="n">allen_mm</span><span class="o">@</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1989</span><span class="o">-</span><span class="mi">12</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">15512231233</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">jonesishere</span><span class="o">@</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1992</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">06</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li19320174871611"><span>The information in the <strong id="EN-US_TOPIC_0000001460722644__b19502146103214">phone_no</strong>, <strong id="EN-US_TOPIC_0000001460722644__b1367944816327">email</strong>, and <strong id="EN-US_TOPIC_0000001460722644__b1572813505324">birthday</strong> columns is private data. Update masking policy <strong id="EN-US_TOPIC_0000001460722644__b15134288113">mask_emp</strong> and add three masked columns.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen159991742131918"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">phone_no</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">,</span><span class="w"> </span><span class="mi">4</span><span class="p">);</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">email</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="k">position</span><span class="p">(</span><span class="s1">'@'</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">email</span><span class="p">));</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">birthday</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li16719154165411"><span>Switch to <strong id="EN-US_TOPIC_0000001460722644__b5711753183612">july</strong> and view data in the <strong id="EN-US_TOPIC_0000001460722644__b15723535364">emp</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen11486103252310"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span>
<span class="normal">8</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span>
<span class="c1">----+------+-------------+---------+---------------------+----------------------+------------+---------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">134</span><span class="o">********</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">1234</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">********</span><span class="mi">163</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">99999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1970</span><span class="o">-</span><span class="mi">01</span><span class="o">-</span><span class="mi">01</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">182</span><span class="o">********</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">####-####-####-</span><span class="mi">3456</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">***********</span><span class="n">qq</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">9999</span><span class="p">.</span><span class="mi">9990</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1970</span><span class="o">-</span><span class="mi">01</span><span class="o">-</span><span class="mi">01</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">155</span><span class="o">********</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">************</span><span class="n">sina</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1970</span><span class="o">-</span><span class="mi">01</span><span class="o">-</span><span class="mi">01</span><span class="w"> </span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span><span class="p">:</span><span class="mi">00</span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li1248562232318"><span>Query <strong id="EN-US_TOPIC_0000001460722644__b71121456183612">redaction_policies</strong> and <strong id="EN-US_TOPIC_0000001460722644__b81131756193614">redaction_columns</strong> to view details about the current redaction policy <strong id="EN-US_TOPIC_0000001460722644__b151131756163610">mask_emp</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen2792112611256"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">redaction_policies</span><span class="p">;</span>
<span class="w"> </span><span class="n">object_schema</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">object_owner</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">object_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">policy_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">expression</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">enable</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">policy_description</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">inherited</span><span class="w"> </span>
<span class="c1">---------------+--------------+-------------+-------------+-----------------------------------+--------+--------------------+-----------</span>
<span class="w"> </span><span class="k">public</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">(</span><span class="ss">&quot;current_user&quot;</span><span class="p">()</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'july'</span><span class="p">::</span><span class="n">name</span><span class="p">)</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span>
<span class="p">(</span><span class="mi">1</span><span class="w"> </span><span class="k">row</span><span class="p">)</span>
<span class="k">SELECT</span><span class="w"> </span><span class="n">object_name</span><span class="p">,</span><span class="w"> </span><span class="k">column_name</span><span class="p">,</span><span class="w"> </span><span class="n">function_info</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">redaction_columns</span><span class="p">;</span>
<span class="w"> </span><span class="n">object_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">column_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">function_info</span><span class="w"> </span>
<span class="c1">-------------+-------------+-------------------------------------------------------------------------------------------------------</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">card_no</span><span class="p">)</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">card_string</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">card_string</span><span class="p">,</span><span class="w"> </span><span class="s1">'VVVVFVVVVFVVVVFVVVV'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="s1">'VVVV-VVVV-VVVV-VVVV'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="s1">'#'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">12</span><span class="p">)</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">email</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="ss">&quot;position&quot;</span><span class="p">(</span><span class="n">email</span><span class="p">,</span><span class="w"> </span><span class="s1">'@'</span><span class="p">::</span><span class="nb">text</span><span class="p">))</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">salary</span><span class="p">,</span><span class="w"> </span><span class="s1">'9'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="k">length</span><span class="p">((</span><span class="n">salary</span><span class="p">)::</span><span class="nb">text</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">2</span><span class="p">))</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">birthday</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_full</span><span class="p">(</span><span class="n">birthday</span><span class="p">)</span>
<span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">phone_no</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">mask_partial</span><span class="p">(</span><span class="n">phone_no</span><span class="p">,</span><span class="w"> </span><span class="s1">'*'</span><span class="p">::</span><span class="nb">text</span><span class="p">,</span><span class="w"> </span><span class="mi">4</span><span class="p">)</span>
<span class="p">(</span><span class="mi">6</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li160143114418"><span>Add the <strong id="EN-US_TOPIC_0000001460722644__b209422062337">salary_info</strong> column. To replace the salary information in text format with *.*, you can create a user-defined masking function. In this step, you can use the PL/pgSQL to define the masking function <strong id="EN-US_TOPIC_0000001460722644__b552912213349">mask_regexp_salary</strong>. To create a masking column, you simply need to customize the function name and parameter list. For details, see <a href="dws_04_0507.html">GaussDB(DWS) User-Defined Functions</a>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen10991143155318"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="nb">TEXT</span><span class="p">;</span>
<span class="k">UPDATE</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">salary</span><span class="p">::</span><span class="nb">text</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">FUNCTION</span><span class="w"> </span><span class="n">mask_regexp_salary</span><span class="p">(</span><span class="n">salary_info</span><span class="w"> </span><span class="nb">text</span><span class="p">)</span><span class="w"> </span><span class="k">RETURNS</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">AS</span>
<span class="err">$$</span>
<span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">regexp_replace</span><span class="p">(</span><span class="err">$</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s1">'[0-9]+'</span><span class="p">,</span><span class="s1">'*'</span><span class="p">,</span><span class="s1">'g'</span><span class="p">);</span>
<span class="err">$$</span>
<span class="w"> </span><span class="k">LANGUAGE</span><span class="w"> </span><span class="k">SQL</span><span class="w"> </span>
<span class="k">STRICT</span><span class="w"> </span><span class="n">SHIPPABLE</span><span class="p">;</span>
<span class="k">ALTER</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="w"> </span><span class="k">ADD</span><span class="w"> </span><span class="k">COLUMN</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="n">mask_regexp_salary</span><span class="p">(</span><span class="n">salary_info</span><span class="p">);</span>
<span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">july</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="n">id</span><span class="p">,</span><span class="w"> </span><span class="n">name</span><span class="p">,</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">salary_info</span><span class="w"> </span>
<span class="c1">----+------+-------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">anny</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">*</span><span class="p">.</span><span class="o">*</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">*</span><span class="p">.</span><span class="o">*</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">cici</span><span class="w"> </span><span class="o">|</span><span class="w"> </span>
<span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001460722644__li6767193613139"><span>If there is no need to set a redaction policy for the <strong id="EN-US_TOPIC_0000001460722644__b8849042372">emp</strong> table, delete redaction policy <strong id="EN-US_TOPIC_0000001460722644__b1850642376">mask_emp</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001460722644__screen167671364138"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span>
<span class="k">DROP</span><span class="w"> </span><span class="n">REDACTION</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">mask_emp</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">emp</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0994.html">GaussDB(DWS) Sensitive Data Management</a></div>
</div>
</div>
View Git Blame Copy Permalink