• 3 replies
  • Latest Post - ‏2013-08-22T02:07:20Z by vindal0012
1 Post

Pinned topic Mask data using Redact

‏2013-07-02T07:47:18Z |



I want to mask data of a specific column in the database. I am using two rules.

1. Access Rule - S-GATE Attach - If the user is within a user group, table is in the list of objects and column is within a group of fields.

2. Extrusion Rule - Redact - If the user is within a user group, and data pattern is ([aA0-zZ9].?) This means all the data in the column is masked with replacement character *.


We have Oracle 11g. HP-UX 11.31 64-bit. Character set UTF-8(AL32UTF8). However, these rules are not working. masking is not happening of the data.

Datatype of the column, which is supposed to be masked is VARCHAR2.



Shyamal Dave.

  • 1XWY_TS_Teh
    223 Posts

    Re: Mask data using Redact


    Hi, not sure this made any sense to you. I extract the following from user guide.

    Redaction (Scrub) on Linux is not supported. For all other Unix, Scrub only with ANSI character sets is supported.

    Redaction (Scrub) rules should be set on the session level (meaning, trigger rules on session attributes like IPs, Users, etc), not on the SQL level / attributes (like -OBJECT_NAME or VERB), because if you set the scrub rule on the SQL that needs to be scrubbed it probably will take a few miliseconds for the scrub instructions to make it to the S-TAP where some results may go though unmasked.

    To guarantee all SQL is scrubbed, set the S-TAP (S-GATE) default mode to "attach" for all sessions (in guard_tap.ini). This will guarantee that no command goes through without being inspected by the rules engine and holding each request and waiting for the policy's verdict on the request. This deployment will introduce some latency but this is the way to ensure 100% scrubbed data.
  • Arsibama
    2 Posts

    Re: Mask data using Redact



    Redaction works perfectly on Non-Linux and ASCII character sets, I have tested this.

    Doesn't seem to work on Unicode. I tested with AL32UTF8

    I have opened an RFE 35384 with IBM to enhance support to Linux and non-ascii character sets, IBM is working on this for a possible availability before end of year. Whoever has use of this feature, please send email through RFE system or an email/PMR so that it will catch their attention.



  • vindal0012
    13 Posts

    Re: Mask data using Redact


    Hi guys,

    I just want to ask if attaching the S-Gate is required to perform extrusion rule on data masking on the database server?