Learn how to create query rewrite definitions for data masking and access control
scenarios.
Procedure
-
Go to .
-
Provide a unique and meaningful name for the query rewrite definition in the
Name field.
-
Create and parse a model query.
-
Provide a model query in the Enter a model query field.
For example, to create a rewrite definition preventing the use of
SELECT *
from
statements, enter
SELECT * from EMPLOYEE as a
model.
-
Click the DB Type menu and select a SQL parser to use with the model
query.
-
Click Parse to process the model query.
Your model query will be broken down into individual components with each actionable
component highlighted with underlined text.
-
Define how to rewrite specific components of the model query.
-
Click on an underlined component of the parsed query that you would like to rewrite. A dialog
opens to help create your query rewrite definition.
Options:
- Select and modify an individual verb, field, or object from the parsed query
- Add a component to the query (shown as gray underlined text next to the parsed query)
- Rewrite the entire query by clicking the gray underlined [R] next to the
parsed query
In the example SELECT * from EMPLOYEE where we want to prevent the use of
SELECT * from
statements, click the * to provide rewrite
content.
-
The Change from field indicates what will be rewritten.
-
The To field defines the rewritten component.
For example, to prevent the use of SELECT * from
statements, replace the
*
component with a list of specific objects: EMPNO, FIRSTNME, MIDINIT,
LASTNAME, WORKDEPT, PHONENO, HIREDATE, JOB, EDLEVEL, SEX.
Important: Rewrite definitions are based on
syntax, so any statement with the form
SELECT * from [OBJECT]
will match the
example. For instance, both
SELECT * from DEPARTMENT
and
SELECT * from
EMPLOYEE
statements match our example. Query rewrite definitions can be restricted to
specific objects using access policy rules. See
Defining a security policy to activate query rewrite for
instructions.
-
Click Save to save the rewrite definition, then click
Back to close the dialog.
-
Review the output of the query rewrite definition using the Real time
preview field and make any changes as needed.
Using our example, SELECT * from EMPLOYEE
is rewritten as SELECT EMPNO,
FIRSTNME, MIDINIT, LASTNAME, WORKDEPT, PHONENO, HIREDATE, JOB, EDLEVEL, SEX from
EMPLOYEE
.
-
When you are satisfied with the results, click Save to save your query
rewrite definition.
Your query rewrite definition is saved and displayed in the list of available query rewrite
definitions in the Query Rewrite Builder.
What to do next
Continue working with query rewrite definitions:
- Create additional definitions by clicking New and repeating the steps in
this task.
- Edit an existing query rewrite definition by double-clicking an item in the list of available
query rewrite definitions.
- Copy and edit an existing query rewrite definition by selecting the item in the list of
available query rewrite definitions and clicking Clone.
- Delete an existing query rewrite definition by selecting the item in the list of available query
rewrite definitions and clicking Delete.
When you are finished working with query rewrite definitions, continue to the next step in this
sequence to test and implement your definitions.