The Oracle Data Masking and Subsetting Pack is an Enterprise Manager cost option
The pack incorporates the previous Data Masking and Test Data Management Pack
Data Masking is designed to mask regulated or confidential data in test or development systems.
A data mask must be associated with an application data model
Data masks can only be defined for columns marked as sensitive in the application data model
To list masking definitions that are currently defined in the Management Repository use:
$OMS_HOME/bin/emcli list_masking_definitions DEFINITION APPLICATION DATA MODEL TARGET STATUS MASKING_DEFINITION1 ADM1 DB1 Masking Job Succeeded MASKING_DEFINITION2 ADM2 DB3 Masking Job Succeeded MASKING_DEFINITION3 ADM1 DB2 Script Generated MASKING_DEFINITION4 ADM3 DB1 Script Generated
To export a masking definition use export_masking_definition. For example:
$OMS_HOME/bin/emcli export_masking_definition \ -definition_name="MASKING_DEFINITION2" -path=`pwd` Export masking definition completed successfully
The above command creates a file with a system-generated name in the current working directory. For example masking_def201505271433.xml
To specify an output file name use the -file option. For example:
$OMS_HOME/bin/emcli export_masking_definition \ -definition_name="MASKING_DEFINITION2" -file=/tmp/MASKING_DEFINITION2.xml Export masking definition completed successfully
To import a masking definition, use import_masking_definition. For example:
$OMS_HOME/bin/emcli import_masking_definition \ -file=/tmp/MASKING_DEFINITION3.xml -definition_name="MASKING_DEFINITION3" Import masking definition completed successfully
To generate a masking script use generate_masking_script. For example:
$OMS_HOME/bin/emcli generate_masking_script \ -definition_name="MASKING_DEFINITION2" -credential_name=SYS Data masking script generation completed successfully.
The following table shows masking formats available for common data types:
| Format | VARCHAR2 | NUMBER | DATE |
| Array List | Yes | Yes | Yes |
| Delete | Yes | Yes | Yes |
| Encrypt | Yes | Yes | Yes |
| Fixed Number | Yes | Yes | No |
| Fixed String | Yes | No | No |
| Null Value | Yes | Yes | Yes |
| Post-Processing Function | Yes | Yes | Yes |
| Preserve Original Data | Yes | Yes | Yes |
| Random Dates | No | No | Yes |
| Random Decimal Numbers | Yes | Yes | No |
| Random Digits | Yes | No | No |
| Random Numbers | Yes | Yes | No |
| Random Strings | Yes | No | No |
| Regular Expression | Yes | No | No |
| Shuffle | Yes | Yes | Yes |
| SQL Expression | Yes | Yes | Yes |
| Substitute | Yes | Yes | Yes |
| Substring | Yes | No | No |
| Table Column | Yes | Yes | Yes |
| Truncate | Yes | Yes | Yes |
| User Defined Function | Yes | Yes | Yes |
The following repository tables are used by data masking:
Contains one row for each data masking definition
| Column Name | Data Type | Notes |
| SS_GUID | RAW(16) | |
| SS_OWNER | VARCHAR2(256) | |
| SS_NAME | VARCHAR2(40) | |
| DDRM_ID | NUMBER | |
| SOURCE_ID | RAW(16) | |
| SOURCE_NAME | VARCHAR2(256) | |
| DESCRIPTION | VARCHAR2(2000) | |
| MODIFY_DATE | DATE | |
| SCRIPT_DATE | DATE | |
| DISABLE_LOGS | VARCHAR2(1) | |
| REFRESH_STATS | VARCHAR2(1) | |
| DROP_TEMP_TABLES | VARCHAR2(1) | |
| PARALLEL_DEGREE | VARCHAR2(10) | |
| DM_FLAGS | NUMBER | |
| POST_MASK_SCRIPT | CLOB | |
| FULL_SCRIPT | CLOB | |
| PRE_MASK_SCRIPT | CLOB | |
| RAT_COMPATIBLE | VARCHAR2(1) | |
| ENSURE_RAT_COMPATIBLE | VARCHAR2(1) | |
| DSD_ID | NUMBER | |
| INLINE_MASK | CLOB | |
| GRAPH_DATA | CLOB | |
| SUBSET_PARAMS | CLOB |
SS_NAME is data masking definition name
SS_OWNER is EM owner e.g. SYSMAN
Primary key based on MGMT_DM_SCOPESPECS_PK (SS_GUID)
Unique index based on MGMT_DM_SCOPESPECS_UC (SS_OWNER,SS_NAME)
Contains one row for each column in each data masking definition
| Column Name | Data Type | Notes |
| SS_GUID | RAW(16) | |
| RULE_GUID | RAW(16) | |
| TABLE_SCHEMA | VARCHAR2(30) | |
| TABLE_NAME | VARCHAR2(128) | |
| COLUMN_NAME | VARCHAR2(128) | |
| COLUMN_GROUP | VARCHAR2(30) | |
| SENSITIVE_TYPE_ID | NUMBER | |
| ENABLE | NUMBER |
Primary key based on MGMT_DM_COLUMNS_PK (SS_GUID,TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME)
Contains multiple rows for each column in each data masking definition
| Column Name | Data Type | Notes |
| SS_GUID | RAW(16) | |
| TABLE_SCHEMA | VARCHAR2(30) | |
| TABLE_NAME | VARCHAR2(128) | |
| COLUMN_NAME | VARCHAR2(128) | |
| RULE_GUID | RAW(16) |
No primary key
Non-unique index MGMT_DM_COLUMN_RULES_IX1 (SS_GUID)
Non-unique index MGMT_DM_COLUMN_RULES_IX2 (RULE_GUID)
Non-unique index MGMT_DM_COLUMN_RULES_IX3 (TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME)
Contains supplied and user-defined rule templates
| Column Name | Data Type | Notes |
| RULE_GUID | RAW(16) | |
| RULE_OWNER | VARCHAR2(256) | |
| SENSITIVE_TYPE_ID | NUMBER | |
| RULE_NAME | VARCHAR2(40) | |
| DESCRIPTION | VARCHAR2(4000) | |
| OUTPUT_TYPE | NUMBER | |
| IS_LIBRARY | NUMBER | |
| RULE_ORDER | NUMBER | |
| RULE_CONDITION | VARCHAR2(4000) |
For user-defined rules RULE_NAME = RULE_GUID
Primary key index MGMT_DM_RULETEMPLATES_PK (RULE_GUID)
Unique index MGMT_DM_RULETEMPLATES_UC (RULE_OWNER,RULE_NAME)
| Column Name | Data Type | Notes |
| RULE_GUID | RAW(16) | |
| ENTRY_ORDER | NUMBER | |
| RULE_TYPE | VARCHAR2(30) | |
| RULE_OPTION | VARCHAR2(2) | |
| RULE_LOW | NUMBER | |
| RULE_HIGH | NUMBER | |
| START_DATE | DATE | |
| END_DATE | DATE | |
| FIXED_STRING | VARCHAR2(4000) | |
| FIXED_NUMBER | NUMBER | |
| TABLE_SCHEMA | VARCHAR2(4000) | |
| TABLE_NAME | VARCHAR2(30) | |
| COLUMN_NAME | VARCHAR2(4000) | |
| UDF_NAME | VARCHAR2(512) |
Primary key is index MGMT_DM_RULEENTRY_PK (RULE_GUID,ENTRY_ORDER)