Data masking with APEX

Background¶

A common customer requirement is to mask sensitive or personally identifiable data from APEX reports.

Oracle has a 'Data Masking and Subsetting' product that performs this task.

However, for smaller APEX projects, the full blown data masking product might be overkill as it needs familiarity with the product and configuration. This may be time consuming and expensive.

However, we are able to use the PL/SQL package DBMS_REDACT to achieve the same result.

Test Environment¶

• APEX 22.1.5 on-premise (September 2022)
• APEX 22.1.4 (AlwaysFree) (September 2022)

This functionality is available on on-premise APEX environments and the AlwaysFree Oracle Cloud environment.

The data masking functionality is not available on apex.oracle.com as it requires access to the DBMS_REDACT package which is owned by 'SYS'.

User accounts¶

Create two APEX users called MANAGER and INTERN.

Sample data¶

Create an employee table with a couple of sensitive fields for the test scenario.

create table gdpr_emp
(id number generated by default on null as identity,
 first_name varchar(30),
 last_name varchar(30),
 ni_number varchar(10),
 salary number,
 email_address varchar(50),
 date_of_birth date,
 country varchar(30),
 credit_card varchar(20)
);

Insert a sample record.

insert into gdpr_emp
(first_name,
 last_name,
 ni_number,
 salary,
 email_address,
 date_of_birth,
 country,
 credit_card)
values
('Norman',
 'Whiteside',
 'NA564635I',
 35275,
 'norman@gmail.com',
 to_date('01-JAN-1970', 'DD-MON-YYYY'),
 'UK',
 '4321123467899876')
;

APEX application¶

• Create a APEX application named 'GDPR_DEMO'.

• Create a page named 'Employees' with an interactive report based on the 'GDPR_EMP' table.

Run the GDPR_DEMO application and login as 'MANAGER' and 'INTERN'. All fields should be visible on the 'Employees' page.

Create the redaction policy¶

The APEX schema needs privileges to access the DBMS_REDACT package. Login as SYS and grant the privileges.

grant execute on sys.dbms_redact to <APEXDEMO>;

Create the redaction policy. The expression parameter defines which user accounts do not have access to the actual values of the redacted columns.

According to this redaction policy, if the user account is 'INTERN', the CREDIT_CARD column value should be redacted. This means the 'INTERN' user will see zeros in place of the actual values in this column.

begin
  dbms_redact.add_policy(
    object_schema => 'APEXDEMO',
    object_name => 'GDPR_EMP',
    policy_name => 'GDPR Demo',
    expression => 'v(''APP_USER'') = ''INTERN''',
    column_name => 'CREDIT_CARD',
    function_type => dbms_redact.full
   );
end;
/

Add the EMAIL_ADDRESS and SALARY columns by modifying the existing redaction policy.

begin
  dbms_redact.alter_policy(
    object_schema => 'APEXDEMO',
    object_name => 'GDPR_EMP',
    policy_name => 'GDPR Demo',
    action => dbms_redact.add_column,
    column_name => 'EMAIL_ADDRESS',
    function_type => dbms_redact.full
  );

  dbms_redact.alter_policy(
    object_schema => 'APEXDEMO',
    object_name => 'GDPR_EMP',
    policy_name => 'GDPR Demo',
    action => dbms_redact.add_column,
    column_name => 'SALARY',
    function_type => dbms_redact.full
  );
end;
/

You can query the current redaction configuration by querying the REDACTION_COLUMNS, REDACTION_POLICIES and REDACTION_VALUES_FOR_TYPE_FULL views (as 'SYS').

Testing¶

Now login to the GDPR_DEMO application as 'MANAGER'. You will see the full, unredacted data as normal.

Now login as 'INTERN'. You will note that the email address and credit fields are redacted (spaces are displayed while the 'Salary' field is displayed as 0 (zero).

Improvements¶

This is a simple example of data redaction.

Other possible solutions would be to use APEX authorisation schemes to completely hide the sensitive columns from the 'INTERN' user.

This has the advantage of preventing user confusion where the user can see a sensitive field but not the actual value which may be mistaken as a bug.

There could also be finer levels of granularity:

• SuperUser
• HR Manager
• Employee
• Contractor
• Intern

Cleanup¶

To remove the redaction policy

begin
  dbms_redact.drop_policy (
    object_schema => 'APEXDEMO',
    object_name => 'GDPR_EMP',
    policy_name => 'GDPR Demo');
end;
/

This blog uses Hugo and was previously hosted on Amazon S3 storage. The traffic and hence the costs were minimal (zero).

After recently having to completely re-install Arch Linux after an idiotic mistake, I realised that Hugo was out of date, my Hugo theme was out of date and I'd forgotten precisely how the deployment to S3 actually worked.

I was toying with taking my ball home in a mindless fit of pique, migrating 1,000 posts to Eleventy and I also looked at the Publii static site CMS with interest.

However, that would have been foolish as I already had a Hugo blog that worked fine. The problem was I never actually used it. It's frictionless blogging but you have to actually produce content occasionally. The friction (for me at least) is typing the words in - not building, previewing and publishing the site.

So, in the great blog unification process, I resurrected all my historical blog posts, my very limited content on write.as and deposited the lot into Hugo.

I changed the theme to PaperMod as it was a modern, clean, minimal, single column theme reminiscent of write.as.

The migration was pretty straightforward as all the existing posts were already in Markdown format and the YAML front matter just needed tweaking.

As I had used Hugo and Netlify for a friend's conventional Web site, I took the opportunity to switch the blog from S3 to Netlify which gives me SSL support and is generally a 'one click' operation to push the content to GitHub and then publish on Netlify.

Tim Hall recently made a wonderful suggestion that the Oracle community remember the much missed Joel Kallman on 11 October 2021.

My contribution doesn't demonstrate APEX technical wizardry. Instead it's a short story from a real-life customer project implemented using APEX. Just to avoid any potential law suits, this post isn't about Agile development either - more how APEX can be used to quickly respond to changing customer requirements.

One particular post from Joel stuck with me about his attitude to customer service which can be encapsulated in a single line:

'Treat the customer (and really everyone) with respect and dignity'.

I work for Oracle in the UK and am currently working on an APEX project for a customer. This APEX application uses corporate single-sign-on (SSO) for authentication and a simple custom authentication scheme that uses group membership to control access to data (only members of the 'Sales' group can see 'Sales' reports).

Monday - 10:40

The program manager (not the project manager) sends me an email that strikes fear deep into my soul:

'Hey Norman, I need a quick Excel spreadsheet summarising the current list of users and their groups'.

A few years ago, I probably would have done this in SQL*Plus or SQL Developer and struggled to massage the output into the desired format. Now my immediate thought was 'This is a simple APEX report with a control break'.

I quickly created a APEX report and clicked 'Actions - Download' to quickly produce the Excel spreadsheet. I then had to waste time transferring the file before finally emailing the spreadsheet to the customer for review.

I had produced an Excel spreadsheet and it was undeniably 'quick' so I had clearly met both requirements. Time to put the kettle on.

Monday - 11:57

'That's great. Thanks but I also see to see members of the 'Admin' group'.

A trivial addition to the WHERE clause and I was about to repeat the whole tortuous process until I remembered we had already configured the Email Delivery Service on OCI for a different requirement.

I checked the output and again clicked 'Actions - Download' but checked the 'Send as Email' option.

As I simply love recursion, I sent the program manager a FAX to expect an automated email from the APEX bot imminently.

A nice feature of 'Send as Email' is that the recipient gets a link to the APEX report in addition to the Excel spreadsheet as a file attachment.

Monday - 15:32

'That's great. Thanks for the prompt turnaround'.

Tuesday - 09:17

'Hey Norman - I shared this Group Membership report with Julie and here's a list of more people who need to be added to the Admin group before the production deployment. Please send Julie and myself a copy of the updated report'.

Again, I added the list of users to the Admin group and sent the email adding Julie on 'Cc:'.

Tuesday - 13:47

'That's fantastic. Julie has now shared the Membership report with Graham from Operational Support and he was wondering whether you can email this report to him daily from now until a month after production deployment'.

Again, APEX provides an out of the box solution for this called 'Report Subscriptions'.

Not so much 'low code' as 'no code'. I simply added a 'Subscription' to the 'Membership' report and emailed it to Graham daily starting now and ending on 30 November.

I'm not really a betting man. Mainly because I'm a scientist.

On Grand National day, we normally nominate two or three horses each and someone wanders to place our bets at the bookies round the corner. My daughter normally wins.

Also, we might cut up the runners from the Daily Mail supplement and do a lucky dip sweepstake.

I also used to routinely bet on the final score and first scorer in the FA Cup Final to add some interest (if United weren't involved).

I don't do 'Accumulators'. I don't do 'in-match betting' (despite the repeated urging from Ray Winstone) aired during every single live football match.

I don't buy scratchcards. I don't do the lottery. I have never visited a casino. I don't play poker.

I prefer to gamble any spare money on the stock market or cryptocurrencies.

However, some years ago, a mate was talking about short-term, real-time, matched betting on the General Election outcome and making some money which piqued my interest.

I opened a BetFair account and placed some long term bets about United and the Premiership. I was interested in the possibility of cashing out before the bet expired.

I won two bets and lost three but using the 'FREE MATCHED BET WHEN YOU OPEN AN ACCOUNT', I came out even and forgot about it.

Today, I received an email from BetFair inviting me to 'Verify my account'. Even though, this account has been dormant for two years, they still had to verify it.

I went to login, not to verify my account but to check the balance was zero and then close it.

I'd forgotten my password. No problem. Click the 'Reset password' link but no joy - 'Your account has been suspended pending Verification'

Go to hunt on the Web site for an email address (which is quite rare these days) or a Contact Form (also quite rare) so had to content myself with 'Online Chat'.

15 minutes before an agent responds due to 'Exceptional demand'.

I explain the Catch-22 situation. I want to verify my account but I can't login to verify my account. I can't reset my password until I verify my account.

The customer service agent (eventually) starts to assist me by asking for 'Proof of address' and 'Proof of identify'. This requires a scan of my driving licence and a water bill.

The driving licence fails 'Validation' - presumably because it's the old style 'Classic' paper driving licence and doesn't contain a photo of me at 22 years old.

So I am forced to upload more personal data - a scan of my passport. This is acceptable. Hurrah !

He then sent me a 'Reset Password' link and I have now regained control of my BetFair account.

As I suspected, the account balance is zero so I can go ahead and close it. Look around for 'Close account'. Nothing. Google tells me that 'Contact customer service if you want to close your BetFair account'.

Thankfully, the chat window is still open so I politely ask the gentleman that, instead of loading my account with £100 to bet on tonight's Europa League fixtures, I just want to close my account.

'Yes. I can help you with this but company policy demands that you provide a reason'.

Well, I initiated this process a full 90 minutes ago so I was a little frustrated but it was a background activity so I just replied:

'Sure. 90 minutes to reset my password. The invasive and unnecessary requirements to share personal data over an insecure channel - simply to verify a dormant account to then close it'.

'Thanks'.

'Oh and also add - The fact you can't close your account from the Web site and customers are are forced to contact Customer Service. Imagine if I was a problem gambler struggling with debt and desperately trying to close all my online betting accounts. BetFair deliberately make this hard for me'.

'I am pleased to confirm your account is now closed'.

And all the online betting companies have the gall to post that 'Gamble Aware' logo on their sites and adverts.

[ This post doesn't contain any affiliate links to BetFair as I truly believe the gambling industry is immoral, insidious, untruthful and responsible for a lot of personal heartache, significant debt and in cases, people being driven to despair and ultimately taking their own lives ]

Saturday 18 July

A beautiful, sunny Saturday morning but instead of sitting in a field in Hook Norton, drinking real ale, laughing, chatting rubbish and analysing the football season with my mates, instead we enjoyed a long overdue visit from my wife's hairdresser. She is self-employed and a mobile hairdresser. We opened up the garage door and prepared chairs, black bin liners (to avoid using her capes) and an extension cable for her hairdryer and clippers.

She looked aghast as she entered:

'I honestly thought Norma was joking when she said 'Use the side entrance'.

As we chatted outside, she said 'It's going to be sweltering out here. Can't we just go into the kitchen ?'

It was 10:00am in the shade and perfectly fine.

She didn't want us to wear masks - 'Well I can't cut your hair if you're wearing a mask, can I ?'

Well, actually, you probably could, if we held our masks on by hand when you needed to access the areas around the ears. Or had given the subject any thought whatsoever.

She also steadfastly refused to don a mask. She did pay us the courtesy of donning gloves however but she always did this as she's handling chemical bleaching agents.

I was relatively straightforward and quick - short back and sides but my wife has her hair coloured which takes longer.

As she finished up and was packing away, she told us that her brother lives in Portugal and she was flying out there this week to visit him.

I asked 'Isn't Portugal on the red list ?'

'No, no. My brother said it'll be fine and, anyway, I've got tickets for free using my vouchers'.

'But won't you be asked to self quarantine for 14 days on your return ?'

'No, no, it's fine now'.

Fair enough. I let it go and assumed the guidance had recently changed. I checked later and it hadn't but that won't bother her as if airlines are flying to Porto, ergo, it must be safe.

After leaving us, she was going to visit a 70 year old lady in her home. She had booked and cancelled on multiple occasions because her son had reservations. I nearly asked for her phone number so I could forewarn her.

Later, as we admired our smart new haircuts, my wife quietly said 'I've known Janet for 18 years and I really like her but, if she doesn't change her working practices or the restrictions aren't relaxed before her next visit, I don't think I'll use her again'.

Same evening, two long-standing friends come over for a barbecue. The lady is a primary school teacher and was telling us about the health precautions and detailed measures in place at her school.

Talk turned to the previous day (Friday) which was the last day of term. As is tradition (apparently), the teachers adjourned to a local pub for a bite to eat and cocktails.

The pub landlord sensibly split the large group of 20 teachers into four separate groups on separate tables outside in the beer garden to comply with the guidelines.

'But it didn't matter, when the staff weren't looking, we rotated tables so we could all spend time with each other'.

Long, deep sigh, Long, deep slug on my Stella.

Inevitably, some teachers wanted another drink and visited a tapas bar at the top of our road. The group couldn't be accommodated outside but the owner kindly (or stupidly) offered to seat them all inside.

An older lady in her 60's said 'I'm not comfortable with this so I'm going home'.

The rest sat down in a single group, indoors and gleefully perused the cocktail menu.

Awkward silence. A furtive glance exchanged with the missus. Another long, deep sigh, Another long, deep slug on my Stella.

When our teacher friend first arrived, she insightfully remarked that some parents 'simply don't get and won't ever get it until their Auntie is hospitalised or dies from Covid'. Obviously, her Auntie is still alive and well.

Then to top it all off, her husband who is an intelligent man, double first from Cambridge, worked as a scientist for Shell for 25 years, a man who can lucidly discuss, argue and offer thought provoking ideas about politics, current affairs and anything else.

I don't know if he was embarrassed or couldn't take his alcohol but he baldly stated:

'Yes - of course it was alright because, essentially, they have formed an extended work related bubble'.

I was so stunned I just sat there in silence. I wish I'd been quick witted enough to say (lifted from Stewart Lee's These Days sketch).

'Sorry, you're saying that it's alright to sit indoors in a restaurant in a group of 20. When did this come in ?'

I am not sure I like this increasing but irritating use of the More or Sensitive Content tag on Mastodon. From a cursory glance, I can't even see how to add it from the Web interface.

I'm not sure whether it's enforced by the Mastodon instance or actively selected by the user. I presume it's the latter. Microblogging to supposed to be short, snappy and spontaneous.

I understand why sensitive media content might merit another key click (to protect the children) but if you're posting about politics, I'd really rather see all the content in one fell swoop and then I would feel free to choose to ignore it.

You really don't need to put introduce your wonderful, world beating, gonna go viral post with tags

#politics #rant

and then take the trouble and waste your time to add a '^L' style teaser

'Show More'

....which when clicked then reveals

I think all lives matter.

...because that is just one line and I have had to waste 0.8 seconds to hit a key to read your banal, trite one liner.

If you truly have a thought provoking rant or have produced a lengthy essay on the current political situation or some new, insightful thoughts on Covid 19, then either write a blog or consider doing a degree in PPE.

That stands for 'Philosophy, Politics and Economics' not 'Personal Protective Equipment' BTW.

Edit: Turns out this is trivial to disable these teasers in the Mastodon Web client simply by setting the preference 'Always show media marked as sensitive'. RTFM.

Five years ago, I purchased a Roberts Digital radio for the kitchen. Mainly to listen to the radio but also this device could play music from Spotify, a USB stick or act as a UPNP client.

As I already had the Plex Media Server set up which had a DLNA option, this looked attractive. The setup worked pretty well apart from one minor glitch.

And, like a dripping water tap, or the endless, harrowing screams of a baby played on a tight loop in an American interrogation facility, any minor technical glitch can't simply be ignored.

The cover art didn't display. I'm not sure why I believed that cover art should be displayed. Maybe it was because it was displayed in other music players or on the glossy Roberts Web site.

I tried everything, well a couple of things, to try to resolve this. I meticulously downloaded cover art for more than 200 albums and uploaded them to the appropriate directory as 'cover.jpg'. Or maybe it had to be 'folder.jpg'. Or 'Folder.jpg'.

No change. Still no cover art. I researched further on the Plex forums and any other DLNA/UPNP site I could access. I think the only solution I discovered was to embed the cover art image in the FLAC file but that was a lot of work, didn't feel right and would bloat the size of the lossless music files needlessly.

No cover art. After a while, I was forced to let it go. The digital radio played my music, the wife was pleased and that was the main thing.

Until yesterday, when I was busy shaving yet another shaggy haired yak and immersing myself deep down in yet another rat-hole that was actually a million miles removed from the original task in hand - to quickly experiment with the i3 tiling window manager.

I wanted to use a dedicated music player for radio and music rather than use a Web browser. Maybe I could even display 'Now playing' on my i3 status bar. VLC could access my music on the Plex Media Server but Rhythmbox (my preferred media player) couldn't. I played around with Music Player Daemon (MPD) and about 57 different GUI and command line MPC clients. While doing so, I noticed that MPD doesn't necessarily need access to local music files as it has a UPNP plugin.

My joy was short-lived as this didn't work. It could see the Plex Media Server (just to get my hopes up) but couldn't stream any music. Just like Rhythmbox. Which started me thinking. Maybe it was the server software not the client. So, I decided to waste a little more time by installing MiniDLNA (now ReadyMedia) which is a simple, lightweight, OpenSource media server on my FreeNAS.

This software was trivial to install on FreeBSD and I had successfully configured it within five minutes. Finally, I was playing music in Rhythmbox using UPNP. Mission accomplished. Pat yourself on the back and finally put the kettle on.

However, when I was in the kitchen, filling up the kettle, I couldn't resist the temptation and tried the Roberts Radio to see if it also recognised the new UPNP server.

Not only did it recognise it, it also manage to rapidly browse my music by Artist, by Album. Probably confirmation bias, but it seemed quicker than Plex.

More importantly, it actually played music - complete with cover art. Golly, I am so happy I have organised a socially distanced dinner party in the garden.

Of course, we won't be eating anything - just sitting around the table gazing at the unadorned beauty of the Roberts Stream 93i and taking turns to choose a song.

I anxiously coaxed my wife out of the door to her work trying not to raise her suspicions. My stomach was fluttering as I had an important early morning meeting.

To fully prepare, first, I chose my mask. I had two options; a flesh coloured creation that resembled a one bosom bra or a more sinister black model. I tried the pale pink mask but as it, err, masked my nose, mouth and chin, it made me resemble a burns victim who had endured time consuming and expensive reconstructive surgery which had either failed or was still ongoing.

The black one was much better; when I looked in the mirror I saw Kendo Nagasaki. I felt strong. I felt powerful.

The door-bell chimed. I opened it and was greeted by a middle aged, balding man wearing a pale blue mask and surgical gloves carrying a toolbox.

'Good morning. it's John isn't it ? I know I shouldn't really but would you like a cup of tea from a sterilised mug ?'

'No - thanks. I'd rather just get straight down to business'.

Ah now that what's I was hoping for; firm, dominant and to the point.

'Do most people watch or just leave you to it ?'

'Not bothered. You can watch as long as you're eight feet away ?'

John got down on all fours and got on the job straightaway. There was a lot of puffing and panting.

'Christ - this is a tight fit. Dunno how the last fella managed to fit it in this small gap'.

I said nothing. There was no answer to that.

'Bloody hell, if you had another 2 inches on your red hot pipe, that'd help'.

Slightly rude and I was supposed to be the dominatrix here. After all, I am Kendo Nagasaki clad in the black mask.

More puffing and panting.

'Ere, can you pass me that vaseline ? I may as well lubricate this joint while I'd down here'.

'Here you go. I thought you looked like a doctor in the blue face mask but I didn't think you'd have time to treat my arthritic knee'.

'I must say - your waste outlet is pretty good considering but your cold water pipe has a kink in it'.

Was I paying £60 call-out and £30 per hour to be insulted like this ?

More puffing and expletives

'Ere - pass us a tea towel, will you ? There's something dripping out the end of your pipe'.

'Ooh - sorry about that. Here you go'.

'Nah - it's OK. I've had a lot worse spilled on me in my line of work. Sort of an occupational hazard'.

'Oh - I see'.

There was a strange vibration. Initially, I assumed the batteries in John's sex toy, that he'd surreptitiously taken out of his toolbox, needed replacing.

'Ere - pass me that wrench, will you ? Your front extendable leg needs adjusting slightly'.

Weird as I don't actually have a prosthetic limb. Anywhere.

'Right - that's done. Now, have you got a small load you'd like to give me ?'

Another insult about the size of my manhood. I don't understand it. This chap had excellent reviews on the Web site.

'Do you want me to flush your U-bend while I'm down 'ere ?'

Hmm - colonic irrigation was never mentioned at any point. Would this be extra ?

There's a stilted silence while we stare at each other, waiting for my small load to finish.

We looked at each other in an embarrassed silence. I place £60 on the table which John silently picked up. He grabbed his toolbox and went to leave.

'OK. Thanks for coming so promptly, John'.

'No problem. If you or the missus ever need anything doing again, just give us a ring'.

Although she didn't know it yet, the wife had a new washing machine.

Theres nothing worse than yet another lockdown Netflix list.

Sons Of Anarchy

Heard about this series from Linux Outlaws many years ago. Jax Teller is a very handsome man. I am convinced he is the bastard son of Kurt Cobain and Brad Pitt.

A decent series about biker gangs in California that inevitably features gratuitous violence and goes through peaks and troughs (the season when they went to Ireland was very weak).

Tiger King

A slow burner. Almost gave up on it after one episode but this turned out to be worth the hype. A truly bizarre story.

The Innocence Files

Recommended by rpcutts. A sobering reminder of man's inhumanity to man. Prosecutors who steadfastly refuse to admit defeat in the face of scientific DNA evidence. Innocent men locked up for years (sometimes on Death Row) and yet emerge with unbelievable grace and humility.

Fear The Walking Dead

My wife's choice. Eerily, I knew what was coming. Catastrophic event. Zombie apocalypse. Society breaks down.

A group of people find a settlement, encounter zombies on the march, spear zombies with sharp implement, find another settlement, zombies on the march, spear zombies with sharp implement, find another settlement. Rinse and repeat.

One of the most enjoyable elements was Alicia. This actress was just stunning. I don't know if the distance between her eyes, nose, ears, cheekbones and chin all match the perfect ratio but she was strangely compelling.

After Life

It's Ricky Gervais. If you've seen 'Derek', you've seen 'After Life'. Why, he even uses the same actors so you get that comforting sense of familiarity.

Take Us Home

I'm a sucker for football documentaries. I've watched the City one which revealed Pep Guardiola to be a rather intense manager. I hugely enjoyed the Sunderland one with the idiotic, pretentious, self-important marketing manager. This series felt more like a 'David Brent' spinoff than a true David Brent spinoff. And now we move onto the Leeds one. Only two episodes in but, disappointingly, there's little insight into the coaching methods of Marco Biesla.

Today is the 18 May 2020 and marks the 40th anniversary of when Ian Curtis took his own life so I was pleased to see that Bernard Sumner and Stephen Morris are remembering the event - Moving through Silence

I grew up in South Manchester and it's hard to describe how important music and football were during my formative years.

I never saw Joy Division play live but some of my schoolmates did ('He did this weird dance'). However, I have visited Curtis' memorial in Macclesfield cemetery.

I've read all the books, avidly watched all the documentaries, seen all the films ('Control') and watched all the YouTube interviews about Joy Division. It's clear Ian Curtis was no angel and he was suffering from a horrible illness and maybe didn't get the best treatment.

The constant, endless bitching between Bernard Sumner and Peter Hook is rather tedious and unsavoury but there's no doubt that, 40 years on, the lyrics of Ian Curtis and his deep baritone on 'Unknown Pleasures' inspired many, many bands and remains quite haunting.