Mapping Sensitive Data with PII_CATALOG in SQL*Plus

Using PII_CATALOG in SQL*Plus is the direct way to identify sensitive fields across Oracle schemas. It exposes every column tagged as Personally Identifiable Information, so you can see exactly where names, emails, addresses, and other private details live. This visibility is essential for compliance, audits, and breach prevention.

To run the catalog, connect to your database with SQL*Plus:

sqlplus user/password@DB
SELECT * FROM PII_CATALOG;

By default, PII_CATALOG draws from Oracle’s data dictionary. It lists table names, column names, and PII types assigned through Oracle Data Safe or custom classification jobs. Pair this with ALL_PII_COLUMNS or DBA_PII_COLUMNS for a deeper, multi-schema scan. The output can be filtered:

SELECT table_name, column_name, pii_type
FROM PII_CATALOG
WHERE pii_type = 'EMAIL';

This makes it simple to target only certain identifiers when planning encryption, masking, or access restrictions. Regularly running the query in SQL*Plus ensures you detect schema changes or newly added sensitive fields before they become exposure risks.

Integrating PII_CATALOG into operational scripts means you can automate export to CSV, monitor through CI/CD pipelines, and alert when unauthorized PII appears. Combine it with precise role-based access control to enforce principle of least privilege.

Oracle does not protect you by default—you must know where every piece of PII lives. PII_CATALOG in SQL*Plus gives you that map in seconds.

Run this check yourself. Visit hoop.dev and see how you can surface and act on SQL*Plus PII catalog data in minutes.