Data redaction key concepts v18

The EDB Postgres Extended Server Data redaction extension provides a mechanism to limit sensitive data exposure by dynamically modified data presented to non-privileged users. This extension creates a new schema data_redaction that contains functions, views and required function's to create and manage data redaction policies.

To use the data redaction feature, first add the data_redaction libraries to shared_preload_libraries parameter in the postgresql.conf file and restart the database server.

You implement data redaction by defining a function for each field to which to apply redaction. The function returns the value to display to the users subject to the data redaction.

These functions are then incorporated into a redaction policy by using the CREATE_REDACTION_POLICY function. In addition to other options, this command specifies:

• The table on which the policy applies
• The table columns affected by the specified redaction functions
• Expressions to determine the affect session users

When a user queries a table with an active redaction policy, the system evaluates the policy expression. If the expression evaluates to true for that user session, the system applies the redaction functions to the specified columns in the query result.

For example,

• A social security number (SSN) is stored as 021-23-9567. Privileged users can see the full SSN, while other users see only the last four digits: xxx-xx-9567.

• For the SSN field, the redaction function returns xxx-xx-9567 for an input SSN of 021-23-9567.

• For a salary field, a redaction function always returns $0.00, regardless of the input salary value.