Scribd Logo
Upload

Welcome to Scribd!

  • Knowledge Transfer Data Redaction On EnterpriseDB

    Uploaded by

    Guntur Ks
    26 views19 pages
    This document provides a step-by-step guide to implementing data redaction on EnterpriseDB Postgres. [1] It demonstrates creating redaction policies that mask sensitive data like social security numbers and salaries for non-privileged users, while allowing privileged users to see the raw data. [2] Redaction functions are defined to obfuscate specific columns, and a policy is created to apply these functions to the "employees" table when the current user is not privileged. [3] This allows privileged and table owner users to access raw data while protecting sensitive fields for other users.

    Original Description:

    How to do Data Redaction on EDB PostgreSQL

    Original Title

    Knowledge Transfer Data redaction On EnterpriseDB

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a step-by-step guide to implementing data redaction on EnterpriseDB Postgres. [1] It demonstrates creating redaction policies that mask sensitive data like social security numbers and salaries for non-privileged users, while allowing privileged users to see the raw data. [2] Redaction functions are defined to obfuscate specific columns, and a policy is created to apply these functions to the "employees" table when the current user is not privileged. [3] This allows privileged and table owner users to access raw data while protecting sensitive fields for other users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    26 views19 pages

    Knowledge Transfer Data Redaction On EnterpriseDB

    Uploaded by

    Guntur Ks
    This document provides a step-by-step guide to implementing data redaction on EnterpriseDB Postgres. [1] It demonstrates creating redaction policies that mask sensitive data like social security numbers and salaries for non-privileged users, while allowing privileged users to see the raw data. [2] Redaction functions are defined to obfuscate specific columns, and a policy is created to apply these functions to the "employees" table when the current user is not privileged. [3] This allows privileged and table owner users to access raw data while protecting sensitive fields for other users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 19

    Knowledge Transfer

    Data redaction On EnterpriseDB

    060/IRD-ITGI/V/20
    Agenda

    ● Introduction
    ● Highlight Data Direction
    ● Step-by-step walkthrough
    Introduction
    Creating a Data Redaction Capability to Meet GDPR Requirements Using EDB
    Postgres to demonstrate data redaction on EDB Postgres Advanced Server 10, which
    has taken the approach to leverage the PostgreSQL search_path feature to direct
    privileged users to the raw unredacted data when they run a query, and to direct
    non-privileged users to a view that implements redaction logic.
    Highlight Data Direction

    1. Redaction policies allow a user to choose redaction behavior via redaction


    function.
    2. Users can be made exempt from all column redaction policies, which the table
    owner and superuser is by default.
    3. More than one redaction policy can be created on the same table, but a column
    can only be associated with one policy.
    4. Flexibility to choose when actual redaction should apply and exemptions on
    columns in the query via the scope and exception options.
    Step-by-step

    1. A sample data set with employee IDs, names, social security numbers, salary etc. is
    created in the table ‘employees’ in the mycompany database.
    2. A library of redaction functions for SSN, and salaries apply data type specific
    redaction techniques.
    3. A data redaction policy for ssn and salary column will be applied whenever user
    other than ‘privileged user’ tries to access the ‘employees’ table data
    Step-by-step

    1. Create Database 3. Create table with employee


    information
    psql# DROP DATABASE IF EXISTS mycompany;
    psql# CREATE DATABASE mycompany WITH OWNER = enterprisedb;
    CREATE TABLE employees (
    id INTEGER GENERATED BY
    DEFAULT AS IDENTITY PRIMARY KEY,
    2. Connect to the new database name VARCHAR(40) NOT NULL,
    $ psql -d mycompany -U enterprisedb SSN VARCHAR(11) NOT NULL,
    psql (11.0.4, server 11.0.4) salary MONEY);
    Type "help" for help.

    mycompany=#
    Step-by-step
    4. Add sample data

    INSERT INTO employees (name, ssn, salary)


    VALUES ( 'Sally Sample', '020-78-9345', 51234.34),
    ( 'Jane Doe', '123-33-9345', 62500.00),
    ( 'Bill Foo', '123-89-9345', 45350);

    5. Create privileged and non-privileged user and grant the necessary access.

    CREATE ROLE privilegeduser LOGIN PASSWORD 'password';


    GRANT ALL ON employees TO privilegeduser;

    CREATE ROLE non_privilegeduser LOGIN PASSWORD 'password';


    GRANT ALL ON employees TO non_privilegeduser;
    Step-by-step

    6. Define redaction function for ssn column

    CREATE OR REPLACE FUNCTION redact_ssn (ssn varchar(11)) RETURNS varchar(11)


    AS
    /* replaces 020-12-9876 with xxx-xx-9876 */
    $$ SELECT overlay (ssn placing 'xxx-xx' from 1); $$
    LANGUAGE SQL SECURITY DEFINER;

    7. Define redaction function for salary column.

    CREATE OR REPLACE FUNCTION redact_salary (salary money)


    RETURNS money
    AS
    /* always returns 0 */
    $$ SELECT 0::money; $$
    LANGUAGE SQL SECURITY DEFINER;
    Step-by-step

    8. Create data redaction policy on employee table to redact column data when current session user is not
    'privilegeduser'. ADD COLUMN … USING syntax adds a column of the table to the data redaction policy and
    specifies a redaction function expression to mask that column data.
    CREATE REDACTION POLICY emp_data_protect ON employees FOR (session_user <>
    'privilegeduser')
    ADD COLUMN ssn USING redact_ssn(ssn),
    ADD COLUMN salary USING redact_salary(salary);

    9. User can add more columns to this policy using the ALTER REDACTION POLICY command like this:

    ALTER REDACTION POLICY emp_data_protect ON employees


    ADD COLUMN <column_name> USING <redaction_function>
    Step-by-step

    8. Create data redaction policy on employee table to redact column data when current session user is not
    'privilegeduser'. ADD COLUMN … USING syntax adds a column of the table to the data redaction policy and
    specifies a redaction function expression to mask that column data.
    CREATE REDACTION POLICY emp_data_protect ON employees FOR (session_user <>
    'privilegeduser')
    ADD COLUMN ssn USING redact_ssn(ssn),
    ADD COLUMN salary USING redact_salary(salary);

    9. User can add more columns to this policy using the ALTER REDACTION POLICY command like this:

    ALTER REDACTION POLICY emp_data_protect ON employees


    ADD COLUMN <column_name> USING <redaction_function>
    Step-by-step

    This policy can be seen in the table description

    mycompany=# \d employees
    Table "public.employees"
    Column | Type | Collation | Nullable | Default
    --------+-----------------------+-----------+----------+---------------------------
    -------
    id | integer | | not null | generated by default as
    identity
    name | character varying(40) | | not null |
    ssn | character varying(11) | | not null |
    salary | money | | |
    Indexes:
    "employees_pkey" PRIMARY KEY, btree (id)
    Redaction Policies:
    REDACTION POLICY "emp_data_protect" FOR (SESSION_USER <>
    'privilegeduser'::name) ENABLED
    Number of redacted columns: 2 (Use \d+ to list them.)
    Step-by-step
    By default table owner and super user can see unreacted data.

    mycompany=# select tableowner from pg_tables where tablename = 'employees';


    tableowner
    --------------
    enterprisedb
    (1 row)

    mycompany=# select * from employees;


    id | name | ssn | salary
    ----+--------------+-------------+------------
    1 | Sally Sample | 020-78-9345 | $51,234.34
    2 | Jane Doe | 123-33-9345 | $62,500.00
    3 | Bill Foo | 123-89-9345 | $45,350.00
    (3 rows)
    Step-by-step
    Also, privilegeduser can see unredacted data to whom we have exempted from the policy.

    $ psql -d mycompany -U privilegeduser


    psql (11.0.4, server 11.0.4)
    Type "help" for help.

    mycompany=> select * from employees;


    id | name | ssn | salary
    ----+--------------+-------------+------------
    1 | Sally Sample | 020-78-9345 | $51,234.34
    2 | Jane Doe | 123-33-9345 | $62,500.00
    3 | Bill Foo | 123-89-9345 | $45,350.00
    (3 rows)
    Step-by-step

    When a user other than privilegeduser tries to access the employee table will see redacted data for
    ssn and salary column.

    $ psql -d mycompany -U non_privilegeduser


    psql (11.0.4, server 11.0.4)
    Type "help" for help.

    mycompany=> select * from employees;


    id | name | ssn | salary
    ----+--------------+-------------+--------
    1 | Sally Sample | xxx-xx-9345 | $0.00
    2 | Jane Doe | xxx-xx-9345 | $0.00
    3 | Bill Foo | xxx-xx-9345 | $0.00
    (3 rows)
    Step-by-step

    Also, non_privilegeduser will not able to search on SSN.

    mycompany=> select * from employees where ssn = '123-89-9345';


    id | name | ssn | salary
    ----+------+-----+--------
    (0 rows)
    Step-by-step

    Connect to table owner and alter the redaction option for SSN column

    psql -d mycompany -U enterprisedb


    psql (11.0.4, server 11.0.4)
    Type "help" for help.

    mycompany=# ALTER REDACTION POLICY emp_data_protect ON employees


    MODIFY COLUMN ssn WITH OPTIONS (EXCEPTION equal);
    ALTER REDACTION POLICY
    Step-by-step

    Now connect to non_privilegeduser and search for ssn.

    $ psql -d mycompany -U non_privilegeduser


    psql (11.0.4, server 11.0.4)
    Type "help" for help.

    mycompany=> select * from employees where ssn = '123-89-9345';


    id | name | ssn | salary
    ----+----------+-------------+--------
    3 | Bill Foo | xxx-xx-9345 | $0.00
    (1 row)
    Step-by-step
    ALTER is not the only way to set the redaction option. You can specify at the time
    of policy creation as well, as follows:

    CREATE REDACTION POLICY emp_data_protect ON employees FOR (session_user <>


    'privilegeduser')
    ADD COLUMN ssn USING redact_ssn(ssn) WITH OPTIONS (EXCEPTION equal),
    ADD COLUMN salary USING redact_salary(salary) ;
    THANK YOU

    You might also like