代码改变世界

简单实验理解什么是数据修订(Oracle Data Redaction)

2020-03-24 21:17  askscuti  阅读(535)  评论(0编辑  收藏  举报

Oracle Data Redaction

Oracle Data Redaction 是 12c 引进的新特性,是高级安全组件的一部分,目的是为了提供数据保护。例如,表中工资列、身份证ID等敏感数据,可以针对不同的用户通过修订策略来对其显示或者隐藏,而且无需更改应用程序代码。

This example assumes the following

  • 用户 SCOTT 下有张表 EMP(EMPNO,ENAME,JOB,MGR,HIREDATE,SAL,COMM,DEPTNO)
  • 用户 TOM 有对 SCOTT.EMP 的 READ 对象权限 (READ 也属于 12c 新特性)

先看效果

  • 查看 SCOTT 下的表 EMP
SQL> select * from scott.emp;

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7369 SMITH	 CLERK	     7902 1980-12-17 00:00:00	 800	       20
 7499 ALLEN	 SALESMAN    7698 1981-02-20 00:00:00	1600   300     30
 7521 WARD	 SALESMAN    7698 1981-02-22 00:00:00	1250   500     30
 7566 JONES	 MANAGER     7839 1981-04-02 00:00:00	2975	       20
 7654 MARTIN	 SALESMAN    7698 1981-09-28 00:00:00	1250  1400     30
 7698 BLAKE	 MANAGER     7839 1981-05-01 00:00:00	2850	       30
 7782 CLARK	 MANAGER     7839 1981-06-09 00:00:00	2450	       10
 7788 SCOTT	 ANALYST     7566 1987-04-19 00:00:00	3000	       20
 7839 KING	 PRESIDENT	  1981-11-17 00:00:00	5000	       10
 7844 TURNER	 SALESMAN    7698 1981-09-08 00:00:00	1500	 0     30
 7876 ADAMS	 CLERK	     7788 1987-05-23 00:00:00	1100	       20

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7900 JAMES	 CLERK	     7698 1981-12-03 00:00:00	 950	       30
 7902 FORD	 ANALYST     7566 1981-12-03 00:00:00	3000	       20
 7934 MILLER	 CLERK	     7782 1982-01-23 00:00:00	1300	       10

14 rows selected.
  • 连接 TOM 用户查看 SCOTT.EMP
# 因为 TOM 用户有对 SCOTT.EMP 表的 READ 权限
# GRANT READ ON SCOTT.EMP to TOM;

SQL> conn tom/tom@pdb1
Connected.
SQL> select * from scott.emp;

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7369 SMITH	 CLERK	     7902 1980-12-17 00:00:00	 800	       20
 7499 ALLEN	 SALESMAN    7698 1981-02-20 00:00:00	1600   300     30
 7521 WARD	 SALESMAN    7698 1981-02-22 00:00:00	1250   500     30
 7566 JONES	 MANAGER     7839 1981-04-02 00:00:00	2975	       20
 7654 MARTIN	 SALESMAN    7698 1981-09-28 00:00:00	1250  1400     30
 7698 BLAKE	 MANAGER     7839 1981-05-01 00:00:00	2850	       30
 7782 CLARK	 MANAGER     7839 1981-06-09 00:00:00	2450	       10
 7788 SCOTT	 ANALYST     7566 1987-04-19 00:00:00	3000	       20
 7839 KING	 PRESIDENT	  1981-11-17 00:00:00	5000	       10
 7844 TURNER	 SALESMAN    7698 1981-09-08 00:00:00	1500	 0     30
 7876 ADAMS	 CLERK	     7788 1987-05-23 00:00:00	1100	       20

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7900 JAMES	 CLERK	     7698 1981-12-03 00:00:00	 950	       30
 7902 FORD	 ANALYST     7566 1981-12-03 00:00:00	3000	       20
 7934 MILLER	 CLERK	     7782 1982-01-23 00:00:00	1300	       10

14 rows selected.
  • 思考:在不改变应用程序代码、不改变现有数据库权限的情况下如何实现对 TOM 用户屏蔽指定的字段的真实值(比如 SAL 工资列)

添加数据修订策略

  • 针对 SCOTT.EMP 表中的 SAL 列添加修订策略,达到屏蔽 SAL 的真实值
SQL> conn sys/oracle@pdb1 as sysdba
Connected.

BEGIN
 DBMS_REDACT.ADD_POLICY(
   object_schema    => 'SCOTT', 
   object_name      => 'EMP', 
   column_name      => 'SAL',
   policy_name      => 'REDACT_SAL_FULL', 
   function_type    => DBMS_REDACT.FULL,
   expression       => '1=1');
END;
/

PL/SQL procedure successfully completed.
  • SYS 和 SYSTEM 及其他拥有 DBA 权限的用户、包括 SCOTT 自己查询 SCOTT.EMP 显示如下(观察 SAL 列值)
SQL> select * from scott.emp;

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7369 SMITH	 CLERK	     7902 1980-12-17 00:00:00	 800	       20
 7499 ALLEN	 SALESMAN    7698 1981-02-20 00:00:00	1600   300     30
 7521 WARD	 SALESMAN    7698 1981-02-22 00:00:00	1250   500     30
 7566 JONES	 MANAGER     7839 1981-04-02 00:00:00	2975	       20
 7654 MARTIN	 SALESMAN    7698 1981-09-28 00:00:00	1250  1400     30
 7698 BLAKE	 MANAGER     7839 1981-05-01 00:00:00	2850	       30
 7782 CLARK	 MANAGER     7839 1981-06-09 00:00:00	2450	       10
 7788 SCOTT	 ANALYST     7566 1987-04-19 00:00:00	3000	       20
 7839 KING	 PRESIDENT	  1981-11-17 00:00:00	5000	       10
 7844 TURNER	 SALESMAN    7698 1981-09-08 00:00:00	1500	 0     30
 7876 ADAMS	 CLERK	     7788 1987-05-23 00:00:00	1100	       20

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7900 JAMES	 CLERK	     7698 1981-12-03 00:00:00	 950	       30
 7902 FORD	 ANALYST     7566 1981-12-03 00:00:00	3000	       20
 7934 MILLER	 CLERK	     7782 1982-01-23 00:00:00	1300	       10

14 rows selected.
  • 切换 TOM 普通用户查看 SCOTT.EMP 显示如下(观察 SAL 列值)
SQL> conn tom/tom@pdb1
Connected.
SQL> select * from scott.emp;

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7369 SMITH	 CLERK	     7902 1980-12-17 00:00:00	   0	       20
 7499 ALLEN	 SALESMAN    7698 1981-02-20 00:00:00	   0   300     30
 7521 WARD	 SALESMAN    7698 1981-02-22 00:00:00	   0   500     30
 7566 JONES	 MANAGER     7839 1981-04-02 00:00:00	   0	       20
 7654 MARTIN	 SALESMAN    7698 1981-09-28 00:00:00	   0  1400     30
 7698 BLAKE	 MANAGER     7839 1981-05-01 00:00:00	   0	       30
 7782 CLARK	 MANAGER     7839 1981-06-09 00:00:00	   0	       10
 7788 SCOTT	 ANALYST     7566 1987-04-19 00:00:00	   0	       20
 7839 KING	 PRESIDENT	  1981-11-17 00:00:00	   0	       10
 7844 TURNER	 SALESMAN    7698 1981-09-08 00:00:00	   0	 0     30
 7876 ADAMS	 CLERK	     7788 1987-05-23 00:00:00	   0	       20

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7900 JAMES	 CLERK	     7698 1981-12-03 00:00:00	   0	       30
 7902 FORD	 ANALYST     7566 1981-12-03 00:00:00	   0	       20
 7934 MILLER	 CLERK	     7782 1982-01-23 00:00:00	   0	       10

14 rows selected.

通过 TOM 普通用户查看 SCOTT.EMP 表的时候,Oracle服务会在返回结果前通过数据修订策略来实现数据的屏蔽,这个显示的值并不是真实的。接下来我们探讨两个问题,一个是数据修订策略中的 function_type => DBMS_REDACT.FULL 这个值是什么意思;一个是屏蔽的列 SAL 的数值为何是0?

引出 DBMS_REDACT.FULL

数据修订的五种方法如下:详细内容你可以参考官方文档

  • Full redaction.修订列数据的所有内容,具体返回值根据字段类型不同而不同,数字类型统一返回 0;字符型统一返回 空格;日期型统一返回 2001-01-01
  • Partial redaction.修订列数据的一部分,例如使用星号修订屏蔽手机号 1534223****
  • Regular expressions.使用正则表达式修订,针对字符型,例如邮箱
  • Random redaction.使用随机生成来修订数据,具体返回值根据字段类型不同而不同
  • No redaction. 内部操作测试使用(没用过)

所以,我们在数据修订策略中指定的类型 DBMS_REDACT.FULL 指的就是第一种方法:修订某列字段值的所有内容,所以 SAL 字段中的所有数值都变为了 0 ,你也可以根据语法去更换其他数据修订的类型。

引出 DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES

你是否还是有疑问 ?上面的那个工资列 SAL,既然屏蔽显示的是虚假数字,那我自己能否去更换要显示的数字?比如把显示的 0 更换成 -1 ?当然可以,这就涉及到了数据库默认的修订值。字段类型为数值型的,默认修订值为 0 ,你可以通过以下这个数据字典查到。

SQL> conn sys/oracle@pdb1 as sysdba
Connected.

SQL> select number_value from redaction_values_for_type_full;

NUMBER_VALUE
------------
	   0
  • 更改默认修订值(数值类型)

这时候就要用到这个存储过程 UPDATE_FULL_REDACTION_VALUES ,通过它可以把默认的修订值从 0 改为 -1

SQL> exec dbms_redact.update_full_redaction_values(-1);

PL/SQL procedure successfully completed.

SQL> select number_value from redaction_values_for_type_full;

NUMBER_VALUE
------------
	  -1

注意:执行完存储过程后,再次查询,看到发生了更改。但是如果再次用 TOM 查看 SCOTT.EMP,SAL 字段修订值依然为 0 。因为需要重启(考点)

  • 重启数据库再次查看(观察 SAL 列值)
SQL> show user
USER is "SYS"
SQL> shutdown immediate;
Pluggable Database closed.
SQL> startup;
Pluggable Database opened.
SQL> conn tom/tom@pdb1;
Connected.
SQL> select * from scott.emp;

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7369 SMITH	 CLERK	     7902 1980-12-17 00:00:00	  -1	       20
 7499 ALLEN	 SALESMAN    7698 1981-02-20 00:00:00	  -1   300     30
 7521 WARD	 SALESMAN    7698 1981-02-22 00:00:00	  -1   500     30
 7566 JONES	 MANAGER     7839 1981-04-02 00:00:00	  -1	       20
 7654 MARTIN	 SALESMAN    7698 1981-09-28 00:00:00	  -1  1400     30
 7698 BLAKE	 MANAGER     7839 1981-05-01 00:00:00	  -1	       30
 7782 CLARK	 MANAGER     7839 1981-06-09 00:00:00	  -1	       10
 7788 SCOTT	 ANALYST     7566 1987-04-19 00:00:00	  -1	       20
 7839 KING	 PRESIDENT	  1981-11-17 00:00:00	  -1	       10
 7844 TURNER	 SALESMAN    7698 1981-09-08 00:00:00	  -1	 0     30
 7876 ADAMS	 CLERK	     7788 1987-05-23 00:00:00	  -1	       20

EMPNO ENAME	 JOB	      MGR HIREDATE		 SAL  COMM DEPTNO
----- ---------- ---------- ----- -------------------- ----- ----- ------
 7900 JAMES	 CLERK	     7698 1981-12-03 00:00:00	  -1	       30
 7902 FORD	 ANALYST     7566 1981-12-03 00:00:00	  -1	       20
 7934 MILLER	 CLERK	     7782 1982-01-23 00:00:00	  -1	       10

14 rows selected.

关于该存储过程更详细的内容请参考官方文档。对于字符串类型的数据修订,经实测依然存在异常,最新版本 20c 的官方文档对字符串类型的数据修订异常说明如下:

Exceptions

ORA-28082 - The parameter parameter is invalid (where the possible values are char_val, nchar_val, varchar_val and nvarchar_val)

删除修订策略

SQL> conn sys/oracle@pdb1 as sysdba
Connected.
BEGIN
  DBMS_REDACT.DROP_POLICY (
    object_schema  => 'SCOTT',
    object_name    => 'EMP',
    policy_name    => 'REDACT_SAL_FULL');
END;
/

PL/SQL procedure successfully completed.

看一道题目

After implementing full Oracle Data Redaction, you change the default value for the NUMBER data type as follows:

SQL> select number_value from redaction_values_for_type_full;

NUMBER_VALUE
------------
	   0

SQL> exec dbms_redact.update_full_redaction_values(-1);

PL/SQL procedure successfully completed.

SQL> select number_value from redaction_values_for_type_full;

NUMBER_VALUE
------------
	  -1

After changing the value, you notice that FULL redaction continues to redact numeric data with zero. 
What must you do to activate the new default value for numeric full redaction?

A. Re-enable redaction policies that use FULL data redaction.
B. Re-create redaction policies that use FULL data redaction.
C. Re-connect the sessions that access objects with redaction policies defined on them.
D. Flush the shared pool.
E. Restart the database instance.

你觉得答案是哪个?Answer: 我是白色的 -> E