Oracle | DBMS_TSDP

Oracle DBMS_TSDP_MANAGE Version 21c

General Information

Library Note

Morgan's Library Page Header

ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.

Purpose Provides an interface to import and manage sensitive columns and sensitive column types in the database, and is used in conjunction with the DBMS_TSDP_PROTECT package with regard to transparent sensitive data protection (TSDP) policies.

AUTHID CURRENT_USER

Constants

Name	Data Type	Value
DB	INTEGER	1
ADM	INTEGER	2
CUSTOM	INTEGER	3

Dependencies

DBA_TSDP_IMPORT_ERRORS	DBA_TSDP_POLICY_TYPE	TSDP_POLICY$
DBA_TSDP_POLICY_CONDITION	DBMS_STANDARD	TSDP_PROTECTION$
DBA_TSDP_POLICY_FEATURE	DBMS_TSDP_LIB	TSDP_SUBPOL$
DBA_TSDP_POLICY_PARAMETER	TSDP$VALIDATION_CHECK	TSDP_SENSITIVE_DATA$
DBA_TSDP_POLICY_PROTECTION	TSDP_FEATURE_POLICY$	XMLTYPE

Documented Yes

Exceptions

Error Code	Reason
ORA-45602	Schema <schema_name> does not exist.
ORA-45605	Invalid sensitive type <type_name_string>
ORA-45608	There are no sensitive columns for source <source_name_string>

First Available 12.1

Security Model Owned by SYS with no privileges granted

Source {ORACLE_HOME}/rdbms/admin/dbmstsdpm.sql

Subprograms

ADD_SENSITIVE_COLUMN	DROP_SENSITIVE_COLUMN	IMPORT_DISCOVERY_RESULT
ADD_SENSITIVE_TYPE	DROP_SENSITIVE_TYPE	IMPORT_SENSITIVE_TYPES
ALTER_SENSITIVE_COLUMN	DROP_SENSITIVE_TYPE_SOURCE	REMOVE_DISCOVERY_RESULT

ADD_SENSITIVE_COLUMN

Used to add a Column to the Sensitive Column List dbms_tsdp_manage.add_sensitive_column( schema_name IN VARCHAR2, table_name IN VARCHAR2, column_name IN VARCHAR2, sensitive_type IN VARCHAR2, user_comment IN VARCHAR2 DEFAULT NULL);

conn / as sysdba

      

      ALTER SESSION SET CONTAINER = PDBDEV;

      

      Session altered.

      

      exec dbms_tsdp_manage.add_sensitive_type('FIN_TYPE', 'Finanical Information');

      

      PL/SQL procedure successfully completed.

      

      col policy_name format a30

      col sensitive_type format a30

      

      SELECT *

      FROM dba_tsdp_policy_type;

      

      POLICY_NAME     
      SENSITIVE_TYPE

      --------------- ---------------

      REDACT_AUDIT    FIN_TYPE

      

      exec dbms_tsdp_manage.add_sensitive_column('UWCLASS', 'EMPLOYEES', 'EMPLOYEE_ID', 'FIN_TYPE', 'Personal Financial Info.');

      

      PL/SQL procedure successfully completed.

      
      

      col schema_name format a12

      col tsdp_policy format a20

      col security_feature_policy format a20

      col table_name format a11

      col column_name format a11

      

      SELECT *

      FROM dba_tsdp_policy_protection;

      

      SCHEMA_NAME  
      TABLE_NAME  COLUMN_NAME TSDP_POLICY   SECURITY_FEA 
      SECURITY_FEATURE_POL  SUBPOLICY#

      ------------ ----------- ----------- ------------- ------------ 
      --------------------- ----------

      UWCLASS      EMPLOYEES   EMPLOYEE_ID REDACT_AUDIT  REDACT_AUDIT REDACT_AUDIT_POLICY            1

ADD_SENSITIVE_TYPE

Used to create and add a Sensitive Column Type to the list Sensitive Column Types in the database dbms_tsdp_manage.add_sensitive_type( sensitive_type IN VARCHAR2, user_comment IN VARCHAR2 DEFAULT NULL);

See ADD_SENSITIVE_COLUMN Demo Above

ALTER_SENSITIVE_COLUMN

Used to alter the Sensitive Type and/or the Comment of a Column in the Sensitive Column List dbms_tsdp_manage.alter_sensitive_column( schema_name IN VARCHAR2, table_name IN VARCHAR2, column_name IN VARCHAR2, sensitive_type IN VARCHAR2, user_comment IN VARCHAR2 DEFAULT NULL);

exec dbms_tsdp_manage.alter_sensitive_column('SCOTT', 'EMP', 'SAL', 'SAL_TYPE');

DROP_SENSITIVE_COLUMN

Used to remove a Column from the Sensitive Column List dbms_tsdp_manage.drop_sensitive_column( schema_name IN VARCHAR2 DEFAULT '%', table_name IN VARCHAR2 DEFAULT '%', column_name IN VARCHAR2 DEFAULT '%');

exec dbms_tsdp_manage.drop_sensitive_column('SCOTT', 'EMP', 'SAL');

DROP_SENSITIVE_TYPE

Used to drop a Sensitive Column Type from the list Sensitive Column Types in the database dbms_tsdp_manage.drop_sensitive_type(sensitive_type IN VARCHAR2);

exec dbms_tsdp_manage.drop_sensitive_type('FIN_TYPE');

DROP_SENSITIVE_TYPE_SOURCE

Used to drop Sensitive Column Types corresponding to a Source from the list Sensitive Column Types in the database. dbms_tsdp_manage.drop_sensitive_type_source(source IN VARCHAR2);

See IMPORT_DISCOVERY_RESULT Demo Below

IMPORT_DISCOVERY_RESULT

Used to import Sensitive Columns for an ADM instance as a CLOB

Overload 1 dbms_tsdp_manage.import_discovery_result( discovery_result IN CLOB, discovery_source IN VARCHAR2, force IN BOOLEAN DEFAULT FALSE);

exec dbms_tsdp_manage.import_discovery_result('CLOB_SRC', UW_DRIMPORT_DEMO');

      

      exec dbms_tsdp_manage.drop sensitive_type_source(UW_DRIMPORT_DEMO');

Used to import Sensitive Columns for an ADM instance as XMLType

Overload 2 dbms_tsdp_manage.import_discovery_result( discovery_result IN XMLTYPE, discovery_source IN VARCHAR2, force IN BOOLEAN DEFAULT FALSE);

exec dbms_tsdp_manage.import_discovery_result('XML_SRC', UW_DRIMPORT_DEMO', TRUE);

      

      exec dbms_tsdp_manage.drop sensitive_type_source(UW_DRIMPORT_DEMO');

IMPORT_SENSITIVE_TYPES

Used to import a list of Sensitive Column Types from a source as a CLOB
Overload 1 dbms_tsdp_manage.import_sensitive_types( sensitive_types IN CLOB, source IN VARCHAR2);

exec dbms_tsdp_manage.import_sensitive_types('CLOB_SRC', UW_TIMPORT_DEMO');

Used to import a list of Sensitive Column Types from a source as XMLType
Overload 2 dbms_tsdp_manage.import_sensitive_types( sensitive_types IN XMLTYPE, source IN VARCHAR2);

exec dbms_tsdp_manage.import_discovery_result('XML_SRC', UW_TIMPORT_DEMO');

REMOVE_DISCOVERY_RESULT

Used to remove Sensitive Columns corresponding to an ADM instance dbms_tsdp_manage.remove_discovery_result(discovery_source IN VARCHAR2);

exec dbms_tsdp_manage.remove_discovery_result('UW_DRIMPORT_DEMO');