A redaction policy was added to the SAL column of the SCOTT.EMP table:
All users have their default set of system privileges.For which three situations will data not be redacted?
A.
SYS sessions, regardless of the roles that are set in the session
B.
SYSTEM sessions, regardless of the roles that are set in the session
C.
SCOTT sessions, only if the MGR role is set in the session
D.
SCOTT sessions, only if the MGR role is granted to SCOTT
E.
SCOTT sessions, because he is the owner of the table
F.
SYSTEM session, only if the MGR role is set in the session
Explanation:
Both users SYS and SYSTEM automatically have the EXEMPT REDACTION POLICY system privilege.
(SYSTEM has the EXP_FULL_DATABASE role, which includes the EXEMPT REDACTION POLICY system
privilege.) This means that the SYS and SYSTEM users can always bypass any existing Oracle Data Redaction
policies, and will always be able to view data from tables (or views) that have Data Redaction policies defined
on them
IMHO: If SCOTT has MGR role but role is not default then “C” NOT “D”.
Explanation:
GRANT MGR TO SCOTT;
ALTER USER SCOTT DEFAULT ROLE NONE;
conn scott/****
Output of “select * from user_role_privs” executed by SCOTT has MGR role
but in this case after logon in output of query “select * from session_roles” it does not exists till SCOTT executes an a statement ie. “set role mgr;” statement.
A,B,D.
SQL> connect / as sysdba
SQL> CREATE ROLE MGR;
SQL> connect SCOTT;
SQL> select SYS_CONTEXT (‘SYS_SESSION_ROLES’,’MGR’) from dual;
SYS_CONTEXT(‘SYS_SESSION_ROLES’,’MGR’)
——————————————————————————–
FALSE
SQL> connect / as sysdba
SQL> GRANT MGR TO ATTMDEV;
Grant succeeded.
SQL> connect SCOTT;
SQL> select SYS_CONTEXT (‘SYS_SESSION_ROLES’,’MGR’) from dual;
SYS_CONTEXT(‘SYS_SESSION_ROLES’,’MGR’)
——————————————————————————–
TRUE
SQL>