Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
103 views19 pages

Knowledge Transfer Data Redaction On EnterpriseDB

This document provides a step-by-step guide to implementing data redaction on EnterpriseDB Postgres. [1] It demonstrates creating redaction policies that mask sensitive data like social security numbers and salaries for non-privileged users, while allowing privileged users to see the raw data. [2] Redaction functions are defined to obfuscate specific columns, and a policy is created to apply these functions to the "employees" table when the current user is not privileged. [3] This allows privileged and table owner users to access raw data while protecting sensitive fields for other users.

Uploaded by

Guntur Ks
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
103 views19 pages

Knowledge Transfer Data Redaction On EnterpriseDB

This document provides a step-by-step guide to implementing data redaction on EnterpriseDB Postgres. [1] It demonstrates creating redaction policies that mask sensitive data like social security numbers and salaries for non-privileged users, while allowing privileged users to see the raw data. [2] Redaction functions are defined to obfuscate specific columns, and a policy is created to apply these functions to the "employees" table when the current user is not privileged. [3] This allows privileged and table owner users to access raw data while protecting sensitive fields for other users.

Uploaded by

Guntur Ks
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Knowledge Transfer

Data redaction On EnterpriseDB

060/IRD-ITGI/V/20
Agenda

● Introduction
● Highlight Data Direction
● Step-by-step walkthrough
Introduction
Creating a Data Redaction Capability to Meet GDPR Requirements Using EDB
Postgres to demonstrate data redaction on EDB Postgres Advanced Server 10, which
has taken the approach to leverage the PostgreSQL search_path feature to direct
privileged users to the raw unredacted data when they run a query, and to direct
non-privileged users to a view that implements redaction logic.
Highlight Data Direction

1. Redaction policies allow a user to choose redaction behavior via redaction


function.
2. Users can be made exempt from all column redaction policies, which the table
owner and superuser is by default.
3. More than one redaction policy can be created on the same table, but a column
can only be associated with one policy.
4. Flexibility to choose when actual redaction should apply and exemptions on
columns in the query via the scope and exception options.
Step-by-step

1. A sample data set with employee IDs, names, social security numbers, salary etc. is
created in the table ‘employees’ in the mycompany database.
2. A library of redaction functions for SSN, and salaries apply data type specific
redaction techniques.
3. A data redaction policy for ssn and salary column will be applied whenever user
other than ‘privileged user’ tries to access the ‘employees’ table data
Step-by-step

1. Create Database 3. Create table with employee


information
psql# DROP DATABASE IF EXISTS mycompany;
psql# CREATE DATABASE mycompany WITH OWNER = enterprisedb;
CREATE TABLE employees (
id INTEGER GENERATED BY
DEFAULT AS IDENTITY PRIMARY KEY,
2. Connect to the new database name VARCHAR(40) NOT NULL,
$ psql -d mycompany -U enterprisedb SSN VARCHAR(11) NOT NULL,
psql (11.0.4, server 11.0.4) salary MONEY);
Type "help" for help.

mycompany=#
Step-by-step
4. Add sample data

INSERT INTO employees (name, ssn, salary)


VALUES ( 'Sally Sample', '020-78-9345', 51234.34),
( 'Jane Doe', '123-33-9345', 62500.00),
( 'Bill Foo', '123-89-9345', 45350);

5. Create privileged and non-privileged user and grant the necessary access.

CREATE ROLE privilegeduser LOGIN PASSWORD 'password';


GRANT ALL ON employees TO privilegeduser;

CREATE ROLE non_privilegeduser LOGIN PASSWORD 'password';


GRANT ALL ON employees TO non_privilegeduser;
Step-by-step

6. Define redaction function for ssn column

CREATE OR REPLACE FUNCTION redact_ssn (ssn varchar(11)) RETURNS varchar(11)


AS
/* replaces 020-12-9876 with xxx-xx-9876 */
$$ SELECT overlay (ssn placing 'xxx-xx' from 1); $$
LANGUAGE SQL SECURITY DEFINER;

7. Define redaction function for salary column.

CREATE OR REPLACE FUNCTION redact_salary (salary money)


RETURNS money
AS
/* always returns 0 */
$$ SELECT 0::money; $$
LANGUAGE SQL SECURITY DEFINER;
Step-by-step

8. Create data redaction policy on employee table to redact column data when current session user is not
'privilegeduser'. ADD COLUMN … USING syntax adds a column of the table to the data redaction policy and
specifies a redaction function expression to mask that column data.
CREATE REDACTION POLICY emp_data_protect ON employees FOR (session_user <>
'privilegeduser')
ADD COLUMN ssn USING redact_ssn(ssn),
ADD COLUMN salary USING redact_salary(salary);

9. User can add more columns to this policy using the ALTER REDACTION POLICY command like this:

ALTER REDACTION POLICY emp_data_protect ON employees


ADD COLUMN <column_name> USING <redaction_function>
Step-by-step

8. Create data redaction policy on employee table to redact column data when current session user is not
'privilegeduser'. ADD COLUMN … USING syntax adds a column of the table to the data redaction policy and
specifies a redaction function expression to mask that column data.
CREATE REDACTION POLICY emp_data_protect ON employees FOR (session_user <>
'privilegeduser')
ADD COLUMN ssn USING redact_ssn(ssn),
ADD COLUMN salary USING redact_salary(salary);

9. User can add more columns to this policy using the ALTER REDACTION POLICY command like this:

ALTER REDACTION POLICY emp_data_protect ON employees


ADD COLUMN <column_name> USING <redaction_function>
Step-by-step

This policy can be seen in the table description

mycompany=# \d employees
Table "public.employees"
Column | Type | Collation | Nullable | Default
--------+-----------------------+-----------+----------+---------------------------
-------
id | integer | | not null | generated by default as
identity
name | character varying(40) | | not null |
ssn | character varying(11) | | not null |
salary | money | | |
Indexes:
"employees_pkey" PRIMARY KEY, btree (id)
Redaction Policies:
REDACTION POLICY "emp_data_protect" FOR (SESSION_USER <>
'privilegeduser'::name) ENABLED
Number of redacted columns: 2 (Use \d+ to list them.)
Step-by-step
By default table owner and super user can see unreacted data.

mycompany=# select tableowner from pg_tables where tablename = 'employees';


tableowner
--------------
enterprisedb
(1 row)

mycompany=# select * from employees;


id | name | ssn | salary
----+--------------+-------------+------------
1 | Sally Sample | 020-78-9345 | $51,234.34
2 | Jane Doe | 123-33-9345 | $62,500.00
3 | Bill Foo | 123-89-9345 | $45,350.00
(3 rows)
Step-by-step
Also, privilegeduser can see unredacted data to whom we have exempted from the policy.

$ psql -d mycompany -U privilegeduser


psql (11.0.4, server 11.0.4)
Type "help" for help.

mycompany=> select * from employees;


id | name | ssn | salary
----+--------------+-------------+------------
1 | Sally Sample | 020-78-9345 | $51,234.34
2 | Jane Doe | 123-33-9345 | $62,500.00
3 | Bill Foo | 123-89-9345 | $45,350.00
(3 rows)
Step-by-step

When a user other than privilegeduser tries to access the employee table will see redacted data for
ssn and salary column.

$ psql -d mycompany -U non_privilegeduser


psql (11.0.4, server 11.0.4)
Type "help" for help.

mycompany=> select * from employees;


id | name | ssn | salary
----+--------------+-------------+--------
1 | Sally Sample | xxx-xx-9345 | $0.00
2 | Jane Doe | xxx-xx-9345 | $0.00
3 | Bill Foo | xxx-xx-9345 | $0.00
(3 rows)
Step-by-step

Also, non_privilegeduser will not able to search on SSN.

mycompany=> select * from employees where ssn = '123-89-9345';


id | name | ssn | salary
----+------+-----+--------
(0 rows)
Step-by-step

Connect to table owner and alter the redaction option for SSN column

psql -d mycompany -U enterprisedb


psql (11.0.4, server 11.0.4)
Type "help" for help.

mycompany=# ALTER REDACTION POLICY emp_data_protect ON employees


MODIFY COLUMN ssn WITH OPTIONS (EXCEPTION equal);
ALTER REDACTION POLICY
Step-by-step

Now connect to non_privilegeduser and search for ssn.

$ psql -d mycompany -U non_privilegeduser


psql (11.0.4, server 11.0.4)
Type "help" for help.

mycompany=> select * from employees where ssn = '123-89-9345';


id | name | ssn | salary
----+----------+-------------+--------
3 | Bill Foo | xxx-xx-9345 | $0.00
(1 row)
Step-by-step
ALTER is not the only way to set the redaction option. You can specify at the time
of policy creation as well, as follows:

CREATE REDACTION POLICY emp_data_protect ON employees FOR (session_user <>


'privilegeduser')
ADD COLUMN ssn USING redact_ssn(ssn) WITH OPTIONS (EXCEPTION equal),
ADD COLUMN salary USING redact_salary(salary) ;
THANK YOU

You might also like