The scenarios described below assume that an Application Data Model (ADM) exists for a production (or test) database in which sensitive column details are captured. The steps outlined are at a high level. See "Masking with an Application Data Model and Workloads" for details on creating a masking definition; see "Creating a Data Subset Definition" for details on creating and editing a subset definition.
Consider the following scenarios:
As the Security Administrator, you want to create copies of the production database by exporting the data with masked values; that is, the export dump will have only masked values and no sensitive data.
Create a masking definition. Implies the following:
Select an appropriate ADM.
Search and select sensitive columns (includes dependent columns and recommended masking formats).
Review suggested formats and edit as necessary.
Save the results.
Create a subset definition. Implies the following:
Select an appropriate ADM.
Submit the create subset job.
On the Data Masking tab, search for and select masking definitions. System validation checks for overlapping columns that use multiple masking definitions.
Generate the subset using the Export option.
Summarizing the outcome:
Generates and executes a script to create a mapping table and a mapping function. Also creates a table to map the column(s) to the respective mapping function.
Copies subsetting and masking scripts to the target database.
Generates an export dump of production data, replacing sensitive data with masked values using the mapping function.
As the Security Administrator, you want to create a usable test database by masking sensitive information. The resulting database will have only masked values and no sensitive data.
Create a masking definition on a cloned database. Implies the following:
Select an appropriate ADM.
Search and select sensitive columns (includes dependent columns and recommended masking formats).
Review suggested formats and edit as necessary.
Save.
Create a subset definition. Implies the following:
Select an appropriate ADM.
Submit the create subset job.
On the Data Masking tab, search and select masking definitions. System validation checks for overlapping columns that use multiple masking definitions.
Generate the subset using the In-Place Delete option.
Summarizing the outcome:
Copies subsetting and masking scripts to the target database.
Performs data subsetting based on subset rules, if specified.
Sequentially executes the pregenerated data masking scripts on the target database.
Creates a masked copy of the production database for use in testing.
As the Security Administrator, you want to create copies of the production database by exporting a subset of production data with masked values.
Create a masking definition. Implies the following:
Select an appropriate ADM.
Search and select sensitive columns (includes dependent columns and recommended masking formats).
Review suggested formats and edit as necessary.
Save.
Create a subset definition. Implies the following:
Select an appropriate ADM.
Submit the create subset job.
Define table rules, resulting in space estimates.
On the Data Masking tab, search and select masking definitions. System validation checks for overlapping columns that use multiple masking definitions.
Generate the subset using the Export option.
Summarizing the outcome:
Generates and executes a script to create a mapping table and a mapping function. Also creates a table to map the column(s) to the respective mapping function.
Copies subsetting and masking scripts to the target database.
Generates an export dump of production data, replacing sensitive data with masked values using the mapping function.
As the Security Administrator, you want to create a usable test database by masking sensitive information. On import, the database will have only masked values and no sensitive data.
Create a masking definition. Implies the following:
Select an appropriate ADM.
Search and select sensitive columns (includes dependent columns and recommended masking formats).
Review suggested formats and edit as necessary.
Save.
Create a subset definition. Implies the following:
Select an appropriate ADM.
Submit the create subset job.
Define table rules, resulting in space estimates.
On the Data Masking tab, search and select masking definitions. System validation checks for overlapping columns that use multiple masking definitions.
Generate the subset using the In-Place Delete option.
Summarizing the outcome:
Copies subsetting and masking scripts to the target database.
Performs data subsetting based on subset rules, if specified.
Following subset completion, sequentially executes the pregenerated data masking scripts on the target database.
Applies masking definitions and subsetting rules, resulting in a masked database of reduced size.
As the Security Administrator, you want to create a targeted subset by selecting large-sized columns and setting them to null or a fixed value. Table rules can also be used to further reduce database size. Impact of size reduction is immediately visible and applied to the final subset.
Create a subset definition. Implies the following:
Select an appropriate ADM.
Submit the create subset job.
Click the Table Rules tab and select from existing options, if desired.
Click the Column Rules tab, then click Create.
Specify filtering criteria to search for large-sized columns and select the desired columns in the results table.
Click Manage Masking Formats and select a format from the drop-down list. Enter a value if appropriate to the selection.
Click OK and review the updated space estimates.
Generate the subset, using either the Export or In-Place Delete option.
Summarizing the outcome:
Generates an export dump/subset of production data.
Column rules are applied on the target database.
If table rules were also applied, the resulting subset reflects the combined effect of table and column rules.
As the Security Administrator, you want to export a subset definition for reuse.
Create a subset definition. Implies the following:
Select an appropriate ADM.
Submit the create subset job.
Create rules to compute space estimates.
On the Data Masking tab, search and select masking definitions. System validation checks for overlapping columns that use multiple masking definitions.
Select the subset definition on the Subset home page and export it.
The subset definition is saved on the client machine as an XML file that potentially contains the following:
Information on selected applications
Rules and rule parameters
Selected masking definitions
Columns to set to null
Pre- and post-scripts
Had column rules been used, they would replace the masking definitions in the list.
As the Security Administrator, you want to import a subset definition XML file to create replicas of the subset definition previously exported.
Import a subset definition.
Select an exported XML template that contains exported masking definitions. System validation:
Checks for overlapping columns that use multiple masking definitions.
Ensures that the masking definition specified is part of the same ADM as the current subset model.
Submit the job to create the subset model.
Summarizing the outcome:
Creates a subset definition model
Applies specified rules and calculates space estimates
Remembers masking definitions that were part of the XML
As the Security Administrator, you want to import a subset dump, which might contain either or both of the following:
A masked version of a production database
A subset version of a production database
Note that this example assumes a previous export dump.
On the subset home page, select Import Subset Dump from the Actions menu.
Provide credentials, a dump name, and select the dump location.
Provide the import type, tablespace options, and log file location details.
Schedule the job and submit.
The job reads the dump files and loads the data into the selected target database.
As the Security Administrator, you want to save a subset script bundle so that it can be executed on a target database external to Enterprise Manager.
This example presupposes the existence of a subset model that has required table rules and masking definitions.
On the subset home page, from the Actions menu, select Generate, then select Subset.
Complete the mode page as follows:
Indicate the method of subset creation.
Specify which credentials to use.
Provide rule parameters as appropriate.
Click Continue.
Complete the parameters page as follows:
Select the location where to save the subset export.
If the subset is to be stored externally, click the check box and select the location.
Specify an export file name. Note that you can use the % wildcard.
Specify the maximum file size and number of threads.
Indicate whether to generate a log file and specify a log file name.
Click Continue.
Note the progress of the script file generation. When complete, click Download.
Specify where to save the SubsetBundle.zip
file.