Marc Linster has posted a blog, Creating a Data Redaction Capability to Meet GDPR Requirements Using EDB Postgres, to demonstrate data redaction on EDB Postgres Advanced Server 10, which has taken the approach to leverage the PostgreSQL search_path feature to direct privileged users to the raw unredacted data when they run a query, and to direct non-privileged users to a view that implements redaction logic.
EDB Postgres Advanced Server 11 comes with native data redaction capabilities that are much more concrete and safer than the redaction using search_path and views workaround.
For syntax and more detail, refer to the EDB Postgres Advanced Server 11 documentation. Here are some highlights of this data redaction policy:
- Redaction policies allow a user to choose redaction behavior via redaction function.
- Users can be made exempt from all column redaction policies, which the table owner and superuser is by default.
- More than one redaction policy can be created on the same table, but a column can only be associated with one policy.
- Flexibility to choose when actual redaction should apply and exemptions on columns in the query via the scope and exception options.
Continue reading this blog post on PostgresRocks, and I will demonstrate data redaction using native data redaction policy features in EDB Postgres Advanced Server 11.
Every #TechTuesday, EnterpriseDB shares a how-to post authored by a Postgres contributor and expert for Postgres Gems, the PostgresRocks community forum. PostgresRocks is a community to discuss all things Postgres. Join us at PostgresRocks and be part of the conversation.