Restriction of Administrative Access to Oracle Data Redaction Policies

5.2 Restriction of Administrative Access to Oracle Data Redaction Policies

You can restrict the list of users who can create, view, and edit Data Redaction policies.

To accomplish this, you can limit who has:

EXECUTE privilege on the DBMS_REDACT package
ADMINISTER REDACTION POLICY privilege
SELECT privilege on the REDACTION_POLICIES and REDACTION_COLUMNS views

You can also restrict who is exempted from redaction by limiting the EXEMPT REDACTION POLICY privilege. If you use Oracle Database Vault to restrict privileged user access, you can restrict access to objects with redaction policies. Realms protect the object from being accessed even though the user may have SELECT ANY TABLE privilege.

Related Topics

Oracle Data Redaction and Oracle Database Vault
Exemption of Users from Oracle Data Redaction Policies
Introduction to Oracle Database Vault