有的时候数据比较敏感,不想让数据的值显示出来,在12c中可以隐藏值
SQL> select * from emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- -------------------- -------------------- ---------- ------------------ ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 20
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30
7521 WARD SALESMAN 7698 22-FEB-81 1250 500 30
7566 JONES MANAGER 7839 02-APR-81 2975 20
7654 MARTIN SALESMAN 7698 28-SEP-81 1250 1400 30
7698 BLAKE MANAGER 7839 01-MAY-81 2850 30
7782 CLARK MANAGER 7839 09-JUN-81 2450 10
7788 SCOTT ANALYST 7566 19-APR-87 3000 20
7839 KING PRESIDENT 17-NOV-81 5000 10
7844 TURNER SALESMAN 7698 08-SEP-81 1500 0 30
7876 ADAMS CLERK 7788 23-MAY-87 1100 20
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- -------------------- -------------------- ---------- ------------------ ---------- ---------- ----------
7900 JAMES CLERK 7698 03-DEC-81 950 30
7902 FORD ANALYST 7566 03-DEC-81 3000 20
7934 MILLER CLERK 7782 23-JAN-82 1300 10
14 rows selected.
使用sys
SQL> BEGIN
2 dbms_redact.add_policy(
3 object_schema => 'scott',
4 object_name => 'emp',
5 column_name => 'empno',
6 policy_name => 'redact_emp',
7 function_type => DBMS_REDACT.FULL,
8 expression => '1=1'
9 );
10 END;
11 /
执行后,scott用户,及被授予读取权限的用户查询该列都是显示0,sys as sysdba是能看到真实的值的
这个是隐藏邮件的
SQL> BEGIN
2 dbms_redact.alter_policy(
3 object_schema => 'scott',
4 object_name => 'customers',
5 column_name => 'c_email',
6 policy_name => 'redact_Loyalty_card',
7 function_type => DBMS_REDACT.regexp,
8 regexp_pattern => dbms_redact.re_pattern_email_address,
9 regexp_replace_string => dbms_redact.re_redact_email_name,
10 regexp_position => dbms_redact.re_beginning,
11 regexp_occurrence => dbms_redact.re_all,
12 expression => '1=1'
13 );
14 END;
15 /
SQL> conn sys/ as sysdba
Enter password:
Connected.
SQL> alter session set container=orclpdb1;
Session altered.
SQL> begin dbms_redact.alter_policy(
2
3 object_schema=>'scott',
4
5 object_name=>'emp',
6
7 policy_name=>'redact_emp',
8
9 action=>dbms_redact.modify_expression,
10
11 expression=>'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''BAI''');
12
13 end;
14
15 /
这样bai这个用户就能看到真实数据了
C:\Users\bjbaixiaoyu.CN>sqlplus bai/test@orclpdb1
SQL*Plus: Release 12.2.0.1.0 Production on Fri Feb 23 22:18:21 2018
Copyright (c) 1982, 2016, Oracle. All rights reserved.
Last Successful login time: Fri Feb 23 2018 22:06:42 +08:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production
SQL> select empno from scott.emp;
EMPNO
----------
7369
7499
7521
7566
7654
7698
7782
7788
7839
7844
7876
EMPNO
----------
7900
7902
7934
14 rows selected.
参考:http://blog.csdn.net/lqx0405/article/details/52185852