A redaction policy was added to the SAL column of the SCOTT.EMP table: All users have
their default set of system privileges. For which three situations will data not be redacted?
A.
SCOTT sessions, because he is the owner of the table
B.
SYSTEM session, only if the MGR role is set in the session
C.
SCOTT sessions, only if the MGR role is granted to SCOTT
D.
SCOTT sessions, only if the MGR role is set in the session
E.
SYSTEM sessions, regardless of the roles that are set in the session
F.
SYS sessions, regardless of the roles that are set in the session
CEF
BDF
BDF
B,D,F
EXPRESSION is the key line here.
Redaction will apply when the expression line is true.
As seen, it will check to see if the user has the role “MGR”
If the user does not have it, then REDACTION will take place.
So therefore, D is correct.
SYS and SYSTEM have role EXEMPT REDACTION POLICY as default, so they will automatically ignore any redaction.
https://docs.oracle.com/cd/E11882_01/network.112/e40393/redaction_config.htm#ASOAG10633
Remember that for user SYS and users who have the EXEMPT REDACTION POLICY privilege, all of the Data Redaction policies are bypassed, so the results of their queries are not redacted.
As above, this means that given answer DEF is correct
Yep, DEF is the right answer
SYS and SYSTEM have role EXEMPT REDACTION POLICY as default,
DEF or CEF?
What is the different?
I tested an correct is D – role must be set to disable the redaction – grant is not enough. Correct is DEF.
SQL> grant mgr to mk;
Grant succeeded.
SQL> alter user mk default role none;
User altered.
SQL> conn mk/mk
Connected.
SQL> select * from mk.emp;
SAL
———-
0
0
0
3 rows selected.
SQL> set role mgr;
Role set.
SQL> select * from mk.emp;
SAL
———-
1
2
2
3 rows selected.
That is correct
SYS_SESSION_ROLES – Indicates whether a specified role is currently enabled for the session.
role should be granted first even before setting it at session level.
I will go with CEF