Help Center> Data Warehouse Service> SQL Syntax Reference> Functions and Operators> Data Redaction Functions> Creating a Redact Policy

Creating a Redact Policy

Create a redact policy by using a function. GaussDB(DWS) provides the following function interfaces:

DBMS_REDACT.ADD_POLICY (
object_schema           IN  name,
object_name             IN  name,
policy_name             IN  name,
column_name            IN  name  default  NULL,
function_type           IN  int2  default  1,
function_parameters      IN  Text  default  NULL,
expression              IN  Text, 
enable                  IN  BOOLEAN  default  TRUE,
regexp_pattern          IN  Text  default  NULL,
regexp_replace_string    IN  Text  default  NULL,
regexp_position         IN  int4  defalult  1,
regexp_occurrence       IN  int4  defalut  0,
regexp_match_parameter  IN  Text  default  NULL,
policy_description       IN  Text  default  NULL,
column_description      IN  Text  default  NULL
)

In the preceding information:

object_schema: specifies the schema of the object to be redacted.
object_name: specifies the name of the table to be redacted.
policy_name: specifies the name of the redact policy.
column_name: specifies the name of the column to be redacted. If this parameter is left empty, only a policy is created, and redact_column is not created. In this case, no redact column takes effect.
function_type: specifies type of the redaction function. The value can be NONE or FULL. The default value is FULL, which takes effect on redact columns.
- NONE: No redact policy is configured for the column object.
- FULL: The column object is redacted to a fixed value.
function_parameters: specifies the redact function parameters. This parameter is valid only when function_type is set to PARTIAL.
expression: The redaction takes effect only when expression is set to true. If the redaction takes effect for all users, set expression to 1=1. Otherwise, use the sys_context function expression. expression can be used as the judgment basis for SYS_CONTEXT.
- The expression of the CURRENT_USER parameter is supported. The policy takes effect for user filtering.
```
function_parameters => 'SYS_CONTEXT("USERENV", "CURRNET_USER")! = "HR"
```
- Multiple expressions can be connected using AND, OR, and IN.
```
function_parameters => 'SYS_CONTEXT("USERENV", "CURRNET_USER") = "HR" and SYS_CONTEXT("USERENV", "USER_GROUP") = "GAUSS"'
```
enable: indicates whether the policy takes effect after the action is created. The default value is TRUE.
regexp_pattern: specifies the regular pattern. This parameter is valid only when function_type is set to REGEXP.
regexp_replace_string: specifies the regular replacement string.
regexp_position: specifies the start position for matching the regular expression source string.
regexp_occurrence: replaces the nth matched character string. The value 0 indicates that all matched character strings are replaced.
regexp_match_parameter: specifies the regular expression match parameter.
policy_description: specifies the policy description.
column_description: If column_name is specified, the description of the column can be added.

Parent topic: Data Redaction Functions

Last Article: Data Redaction Functions

Next Article: Modifying a Redact Policy

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Creating a Redact Policy