ALTER MASKING POLICY¶
说明¶
修改脱敏策略
参数¶
policy_name
脱敏策略名称。
policy_add_comments
添加脱敏策略描述。
policy_modify_masking
修改脱敏策略的脱敏方式。
masking_function
指的是预置的八种脱敏方式(MASKALL、RANDOMMASKING、CREDITCARDMASKING、BASICEMAILMASKING、FULLEMAILMASKING、SHUFFLEMASKING、ALLDIGITSMASKING、REGEXPMASKING)。
policy_modify_filter
修改脱敏策略生效场景(过滤器)。
filter_value
指具体过滤信息内容(具体的用户名)。
policy_drop_filter
移除脱敏策略过滤器。
policy_state
修改脱敏策略状态。
示例¶
示例1: 为脱敏策略添加描述信息
-- 清理环境
DROP TABLE tab_mask1 CASCADE;
CREATE TABLE tab_mask1(col1 TEXT, col2 TEXT);
CONNECT syssecure/szoscar55;
-- 清理环境
DROP MASKING POLICY policy_mask1;
DROP RESOURCE LABEL label_mask1;
-- 创建资源标签
CREATE RESOURCE LABEL label_mask1 ADD COLUMN(sysdba.tab_mask1.col1);
-- 创建脱敏策略
CREATE MASKING POLICY policy_mask1 MASKALL ON LABEL(label_mask1);
SELECT MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED FROM SYS_MASK_POLICY WHERE MASKPOLNAME = 'POLICY_MASK1' ORDER BY MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED;
MASKPOLNAME(name) |MASKPOLCOMMENTS(name) |MASKPOLENABLED(boolean) |
-------------------------------------------------------------------------------
POLICY_MASK1 | |true |
总数目:1
-- 为脱敏策略添加描述信息
ALTER MASKING POLICY policy_mask1 COMMENTS 'MASKING POLICY FOR label_mask1';
SELECT MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED FROM SYS_MASK_POLICY WHERE MASKPOLNAME = 'POLICY_MASK1' ORDER BY MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED;
MASKPOLNAME(name) |MASKPOLCOMMENTS(name) |MASKPOLENABLED(boolean) |
-------------------------------------------------------------------------------
POLICY_MASK1 |MASKING POLICY FOR label_ma|true |
|sk1 | |
总数目:1
-- 删除脱敏策略
DROP MASKING POLICY policy_mask1;
-- 删除资源标签
DROP RESOURCE LABEL label_mask1;
CONNECT sysdba/szoscar55;
DROP TABLE tab_mask1 CASCADE;
示例2: 修改脱敏策略的脱敏方式
-- 清理环境
DROP TABLE tab_mask2 CASCADE;
CREATE TABLE tab_mask2(col3 TEXT, col4 TEXT);
CONNECT syssecure/szoscar55;
-- 清理环境
DROP MASKING POLICY policy_mask2;
DROP RESOURCE LABEL label_mask2;
-- 创建资源标签
CREATE RESOURCE LABEL label_mask2 ADD COLUMN(sysdba.tab_mask2.col3);
CREATE RESOURCE LABEL label_mask3 ADD COLUMN(sysdba.tab_mask2.col4);
-- 创建脱敏策略
CREATE MASKING POLICY policy_mask2 MASKALL ON LABEL(label_mask2);
SELECT MASKPOLNAME, MASKLABELNAME, MASKFUNCTION, MASKACTPARAMS FROM SYS_MASK_POLICY_LABEL, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_LABEL.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK2' ORDER BY MASKLABELNAME, MASKPOLNAME, MASKFUNCTION, MASKACTPARAMS;
MASKPOLNAME(name) |MASKLABELNAME(name) |MASKFUNCTION(name) |MASKACTPARAMS(name) |
-------------------------------------------------------------------------------------------------
POLICY_MASK2 |LABEL_MASK2 |MASKALL | |
总数目:1
-- 为脱敏策略新增资源标签
ALTER MASKING POLICY policy_mask2 ADD CREDITCARDMASKING ON LABEL(label_mask3);
SELECT MASKPOLNAME, MASKLABELNAME, MASKFUNCTION, MASKACTPARAMS FROM SYS_MASK_POLICY_LABEL, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_LABEL.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK2' ORDER BY MASKLABELNAME, MASKPOLNAME, MASKFUNCTION, MASKACTPARAMS;
MASKPOLNAME(name) |MASKLABELNAME(name) |MASKFUNCTION(name) |MASKACTPARAMS(name) |
-------------------------------------------------------------------------------------------------
POLICY_MASK2 |LABEL_MASK2 |MASKALL | |
-------------------------------------------------------------------------------------------------
POLICY_MASK2 |LABEL_MASK3 |CREDITCARDMASKING | |
总数目:2
-- 为脱敏策略移除资源标签
ALTER MASKING POLICY policy_mask2 REMOVE CREDITCARDMASKING ON LABEL(label_mask3);
SELECT MASKPOLNAME, MASKLABELNAME, MASKFUNCTION, MASKACTPARAMS FROM SYS_MASK_POLICY_LABEL, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_LABEL.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK2' ORDER BY MASKLABELNAME, MASKPOLNAME, MASKFUNCTION, MASKACTPARAMS;
MASKPOLNAME(name) |MASKLABELNAME(name) |MASKFUNCTION(name) |MASKACTPARAMS(name) |
-------------------------------------------------------------------------------------------------
POLICY_MASK2 |LABEL_MASK2 |MASKALL | |
总数目:1
-- 为脱敏策略的资源标签修改脱敏方式
ALTER MASKING POLICY policy_mask2 MODIFY CREDITCARDMASKING ON LABEL(label_mask2);
SELECT MASKPOLNAME, MASKLABELNAME, MASKFUNCTION, MASKACTPARAMS FROM SYS_MASK_POLICY_LABEL, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_LABEL.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK2' ORDER BY MASKLABELNAME, MASKPOLNAME, MASKFUNCTION, MASKACTPARAMS;
MASKPOLNAME(name) |MASKLABELNAME(name) |MASKFUNCTION(name) |MASKACTPARAMS(name) |
-------------------------------------------------------------------------------------------------
POLICY_MASK2 |LABEL_MASK2 |CREDITCARDMASKING | |
总数目:1
-- 删除脱敏策略
DROP MASKING POLICY policy_mask2;
-- 删除资源标签
DROP RESOURCE LABEL label_mask2;
DROP RESOURCE LABEL label_mask3;
CONNECT sysdba/szoscar55;
DROP TABLE tab_mask2 CASCADE;
示例3: 修改脱敏策略生效场景(过滤器)
-- 清理环境
DROP TABLE tab_mask3 CASCADE;
CREATE TABLE tab_mask3(col5 TEXT, col6 TEXT);
CONNECT syssecure/szoscar55;
-- 清理环境
DROP MASKING POLICY policy_mask3;
DROP RESOURCE LABEL label_mask4;
-- 创建资源标签
CREATE RESOURCE LABEL label_mask4 ADD COLUMN(sysdba.tab_mask3.col5);
-- 创建脱敏策略
CREATE MASKING POLICY policy_mask3 MASKALL ON LABEL(label_mask4);
SELECT MASKPOLNAME, MASKLOGICALOPERATOR FROM SYS_MASK_POLICY_FILTERS, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_FILTERS.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK3' ORDER BY MASKPOLNAME, MASKLOGICALOPERATOR;
MASKPOLNAME(name) |MASKLOGICALOPERATOR(text) |
总数目:0
-- 修改脱敏策略(USER)
ALTER MASKING POLICY policy_mask3 MODIFY (FILTER ON USER('SYSDBA'));
SELECT MASKPOLNAME, MASKLOGICALOPERATOR FROM SYS_MASK_POLICY_FILTERS, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_FILTERS.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK3' ORDER BY MASKPOLNAME, MASKLOGICALOPERATOR;
MASKPOLNAME(name) |MASKLOGICALOPERATOR(text) |
------------------------------------------------------
POLICY_MASK3 |user[1] |
总数目:1
-- 修改脱敏策略(USER)
ALTER MASKING POLICY policy_mask3 MODIFY (FILTER ON USER('SYSSECURE'));
SELECT MASKPOLNAME, MASKLOGICALOPERATOR FROM SYS_MASK_POLICY_FILTERS, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_FILTERS.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK3' ORDER BY MASKPOLNAME, MASKLOGICALOPERATOR;
MASKPOLNAME(name) |MASKLOGICALOPERATOR(text) |
------------------------------------------------------
POLICY_MASK3 |user[2] |
总数目:1
-- 修改脱敏策略(APP)
ALTER MASKING POLICY policy_mask3 MODIFY (FILTER ON APP('isql'));
SELECT MASKPOLNAME, MASKLOGICALOPERATOR FROM SYS_MASK_POLICY_FILTERS, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_FILTERS.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK3' ORDER BY MASKPOLNAME, MASKLOGICALOPERATOR;
MASKPOLNAME(name) |MASKLOGICALOPERATOR(text) |
------------------------------------------------------
POLICY_MASK3 |app[isql] |
总数目:1
-- 修改脱敏策略(IP)
ALTER MASKING POLICY policy_mask3 MODIFY (FILTER ON IP('127.0.0.1'));
SELECT MASKPOLNAME, MASKLOGICALOPERATOR FROM SYS_MASK_POLICY_FILTERS, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_FILTERS.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK3' ORDER BY MASKPOLNAME, MASKLOGICALOPERATOR;
MASKPOLNAME(name) |MASKLOGICALOPERATOR(text) |
------------------------------------------------------
POLICY_MASK3 |ip[127.0.0.1] |
总数目:1
-- 删除脱敏策略
DROP MASKING POLICY policy_mask3;
-- 删除资源标签
DROP RESOURCE LABEL label_mask4;
CONNECT sysdba/szoscar55;
DROP TABLE tab_mask3 CASCADE;
示例4: 移除脱敏策略过滤器
-- 清理环境
DROP TABLE tab_mask4 CASCADE;
CREATE TABLE tab_mask4(col7 TEXT, col8 TEXT);
CONNECT syssecure/szoscar55;
-- 清理环境
DROP MASKING POLICY policy_mask4;
DROP RESOURCE LABEL label_mask5;
-- 创建资源标签
CREATE RESOURCE LABEL label_mask5 ADD COLUMN(sysdba.tab_mask4.col7);
-- 创建脱敏策略
CREATE MASKING POLICY policy_mask4 MASKALL ON LABEL(label_mask5) FILTER ON USER('SYSDBA');
SELECT MASKPOLNAME, MASKLOGICALOPERATOR FROM SYS_MASK_POLICY_FILTERS, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_FILTERS.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK4' ORDER BY MASKPOLNAME, MASKLOGICALOPERATOR;
MASKPOLNAME(name) |MASKLOGICALOPERATOR(text) |
------------------------------------------------------
POLICY_MASK4 |user[1] |
总数目:1
-- 移除脱敏策略过滤器
alter masking policy policy_mask4 drop filter;
SELECT MASKPOLNAME, MASKLOGICALOPERATOR FROM SYS_MASK_POLICY_FILTERS, SYS_MASK_POLICY WHERE SYS_MASK_POLICY_FILTERS.MASKPOLOID = SYS_MASK_POLICY.MASKPOLOID AND MASKPOLNAME = 'POLICY_MASK4' ORDER BY MASKPOLNAME, MASKLOGICALOPERATOR;
MASKPOLNAME(name) |MASKLOGICALOPERATOR(text) |
总数目:0
-- 删除脱敏策略
DROP MASKING POLICY policy_mask4;
-- 删除资源标签
DROP RESOURCE LABEL label_mask5;
CONNECT sysdba/szoscar55;
DROP TABLE tab_mask4 CASCADE;
示例5: 修改脱敏策略状态
-- 清理环境
DROP TABLE tab_mask5 CASCADE;
CREATE TABLE tab_mask5(col9 TEXT, col10 TEXT);
CONNECT syssecure/szoscar55;
-- 清理环境
DROP MASKING POLICY policy_mask5;
DROP RESOURCE LABEL label_mask6;
-- 创建资源标签
CREATE RESOURCE LABEL label_mask6 ADD COLUMN(sysdba.tab_mask5.col10);
-- 创建脱敏策略
CREATE MASKING POLICY policy_mask5 MASKALL ON LABEL(label_mask6);
SELECT MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED FROM SYS_MASK_POLICY WHERE MASKPOLNAME = 'POLICY_MASK5' ORDER BY MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED;
MASKPOLNAME(name) |MASKPOLCOMMENTS(name) |MASKPOLENABLED(boolean) |
-------------------------------------------------------------------------------
POLICY_MASK5 | |true |
总数目:1
-- 禁用脱敏策略
ALTER MASKING POLICY policy_mask5 disable;
SELECT MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED FROM SYS_MASK_POLICY WHERE MASKPOLNAME = 'POLICY_MASK5' ORDER BY MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED;
MASKPOLNAME(name) |MASKPOLCOMMENTS(name) |MASKPOLENABLED(boolean) |
-------------------------------------------------------------------------------
POLICY_MASK5 | |false |
总数目:1
-- 启用脱敏策略
ALTER MASKING POLICY policy_mask5 enable;
SELECT MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED FROM SYS_MASK_POLICY WHERE MASKPOLNAME = 'POLICY_MASK5' ORDER BY MASKPOLNAME, MASKPOLCOMMENTS, MASKPOLENABLED;
MASKPOLNAME(name) |MASKPOLCOMMENTS(name) |MASKPOLENABLED(boolean) |
-------------------------------------------------------------------------------
POLICY_MASK5 | |true |
总数目:1
-- 删除脱敏策略
DROP MASKING POLICY policy_mask5;
-- 删除资源标签
DROP RESOURCE LABEL label_mask6;
CONNECT sysdba/szoscar55;
DROP TABLE tab_mask5 CASCADE;