You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: database/advanced/data-masking-subsetting/data-masking-subsetting.md
+39-13Lines changed: 39 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -196,7 +196,7 @@ Create a new Masking Definition under **Data Masking** where the masking formats
196
196
197
197
.png "23")
198
198
199
-
Now, let’s define the masking formats for the remaining three columns that do not yet have assigned formats.
199
+
Now, let’s define the masking formats for the remaining two columns that do not yet have assigned formats.
200
200
201
201
6. Select the **EMAIL** column in *`DEMO_HR_EMPLOYEES`*, then click the **Define Masking Format** option at the top.
202
202
@@ -251,7 +251,40 @@ Stay on the **Create Masking Definition** page to define the format for the othe
251
251
**What You Accomplished:**
252
252
A new Masking Definition for sensitive columns EMAIL, USERID and PASSWORD in the *`Employee_Data_Mask`* is created, where the automatically assigned masking formats are reviewed and the remaining ones are added.
253
253
254
-
## Task 5: Data Masking- Generate and Execute Masking Script
254
+
## Task 5: Data Masking- Pre Masking Checks
255
+
256
+
### Objective
257
+
Before generating and running a masking job, it is recommended to perform a pre-masking check. This task runs a pre-masking check job to validate the selected target database and ensure it is properly configured for masking.
258
+
259
+
### Steps
260
+
1. Click **Actions** for *`Employee_Data_Mask`* and choose **Pre-Masking Checks** as shown below:
261
+
262
+
263
+
264
+
2. Click Schedule
265
+
266
+
3. On the **Create Pre-Masking Check report**, fill in the below details:
267
+
268
+
- Associated Database: *`cdb1_PDB1`*.
269
+
- Database Named Credential: *`DMS_ADMIN`*.
270
+
271
+
272
+
273
+
274
+
3. Click **Submit**
275
+
4. Pre-Masking Check job is submitted. Use the **Refresh** icon to update the page.
276
+
277
+
278
+
279
+
5. Once the job is completed, a total of eleven checks are performed. Verify that all checks have passed successfully. Review and remediate any issues based on the error messages before proceeding.
280
+
281
+
**Note:**
282
+
Pre-Masking Checks ensure the masking user has required privileges, enough tablespace, and valid objects/packages. They verify that dependent objects, triggers, and indexes won’t block masking, confirm tables and columns exist with up-to-date stats, and check that security controls (OLS, VPD, Data Redaction, Database Vault) won’t restrict access or need to be rebuilt.
283
+
284
+
**What You Accomplished:**
285
+
Successfully ran a **Pre-Masking Check** job to validate the environment and ensure the masking job could run without issues.
286
+
287
+
## Task 6: Data Masking- Generate and Execute Masking Script
255
288
256
289
### Objective
257
290
- **Generate the masking script** for the previously created Masking Definition, *`Employee_Data_Mask`*. If needed, you can also export the script and perform bulk operations.
@@ -287,13 +320,6 @@ To monitor the status of the job, refresh the screen by clicking the **Re-fetch
287
320
288
321
Notice that the **Most Recent Job Status** has changed to *`Script Generated`* for *`Employee_Data_Mask`*. Now, your masking script is ready to be used!
289
322
290
-
291
-
**Note:**
292
-
Pre-Masking Validation Checks:
293
-
Oracle Data Masking Pack performs a series of validation checks during script generation to ensure that the Data Masking process proceeds successfully without errors. Once the validation checks listed below are successfully completed, Oracle Data Masking Pack generates a PL/SQL-based masking script, which is then transferred to the target database for execution:
294
-
- Masking Formats: This is a necessary step in the Data Masking process to ensure that the chosen masking formats meet the database and application integrity requirements.
295
-
- Data Constraints: The requirements may include generating unique values for the column being masked because of uniqueness constraints or generating values that meet the column length or type requirements
296
-
297
323
**Update the Host Named Credential**
298
324
4. The Host Named Credential has been pre-configured for you, but before running the masking script, you need to add your own SSH private key to enable it. Follow the steps below to update the Host Named Credential with the new SSH key based on your connection method:
299
325
@@ -412,7 +438,7 @@ Observe that the **Most Recent Job Status** changes to **Masking Job Scheduled**
412
438
**What You Accomplished:**
413
439
Generated the Masking Script for the *`Employee_Data_Mask`* definition, with the option to export it for future bulk operations. Updated the required Host Named Credential and executed the script by submitting a masking job, successfully masking the sensitive data.
414
440
415
-
## Task 6: Review the Masked Data and Share with Third-Party
441
+
## Task 7: Review the Masked Data and Share with Third-Party
416
442
417
443
### Objective
418
444
**Query and review the masked data** in the development and production environments for a before and after comparison. Share the masked data with your third-party collaborator.
@@ -501,7 +527,7 @@ As shown, sensitive data has been masked according to the defined formats in the
501
527
**What You Accomplished:**
502
528
Queried and reviewed masked data using Oracle SQL Developer, while also exploring the use case for securely sharing data with a third-party collaborator.
503
529
504
-
## Task 7: Data Subsetting- Create Data Subsetting Definition
530
+
## Task 8: Data Subsetting- Create Data Subsetting Definition
505
531
506
532
### Objective
507
533
Subset and mask your sensitive data for secure sharing with external partners. The following tasks will be performed to subset and mask the data together:
@@ -625,7 +651,7 @@ Now, your Data Masking script is associated with your Data Subsetting definition
625
651
**What you accomplished:**
626
652
Data Subsetting Definition is created with defined subsetting and masking rules. Alternatively, you can choose to just define subsetting rules without the masking definition inclusion by skipping step 13 and 14.
627
653
628
-
## Task 8: Data Subsetting- Generate and Execute Data Subsetting Script
654
+
## Task 9: Data Subsetting- Generate and Execute Data Subsetting Script
629
655
630
656
### Objective
631
657
Once the Data Subsetting Definition containing subsetting and masking rules is created, the next step is to:
@@ -701,7 +727,7 @@ After reviewing that the required space is available, click **Submit** to genera
701
727
**What you accomplished:**
702
728
Generated the Data Subsetting script including subsetting as well as masking rules and executed the script to successfully subset and mask the data in one step.
703
729
704
-
## Task 9: Review the Subsetted (and Masked) Data
730
+
## Task 10: Review the Subsetted (and Masked) Data
705
731
706
732
### Objective
707
733
Review subsetted and masked data across environments to understand how Data Masking and Subsetting enables secure data sharing with third-party collaborators. This includes querying subsetted and masked data in Production and Development environments for a before-and-after comparison.
0 commit comments