Hi All,
Can someone guide me to modify data redaction script written below to exempt Oracle apex users and my database schema user for being redacted?
--Script---
BEGIN
DBMS_REDACT.add_policy(
object_schema => 'GDMWTQ_OWNER',
object_name => 'USER_QUIZ_RESULT',
column_name => 'QUIZ_SCORE',
policy_name => 'USER_QUIZ_RESULT_RED',
function_type => DBMS_REDACT.full,
expression => '1=1'
);
END;
BEGIN
DBMS_REDACT.alter_policy (
object_schema => 'GDMWTQ_OWNER',
object_name => 'USER_QUIZ_RESULT',
policy_name => 'USER_QUIZ_RESULT_RED',
action => DBMS_REDACT.modify_expression,
expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''APEX_PUBLIC_USER'''
);
END;
BEGIN
DBMS_REDACT.alter_policy (
object_schema => 'GDMWTQ_OWNER',
object_name => 'USER_QUIZ_RESULT',
policy_name => 'USER_QUIZ_RESULT_RED',
action => DBMS_REDACT.modify_expression,
expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''GDMWTQ_OWNER'''
);
END;
Note: The problem in the above code is that data redaction is applied to the GDMWTQ_OWNER only (last statement) as it overrides the previous APEX_PUBLIC_USER. Can we specify them together Like this:
expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''GDMWTQ_OWNER'' Or ''APEX_PUBLIC_USER''' '
So that both of them are exempted from data redaction.
Thanks in Advance