Oracle Cloud Infrastructure Documentation

Create a Data Masking Job

To mask sensitive data in a target database, you can create a data masking job with the Data Masking wizard. The wizard guides you through the process of defining a masking policy for a sensitive data model and then masks the data on the database. This procedure is divided into parts to make it easier for you to navigate the wizard.

Part 1: Select a Target Database

This part gets you started by accessing the Data Masking wizard and selecting the target database that you want to mask.

Select the target database that you want to mask:
  1. In the left pane, click Data Masking to launch the Data Masking wizard.
  2. On the Select Target for Data Masking page, select the target database that you want to mask, and click Continue.
    You can select only one target database.
  3. If your target database is not listed, click Register and follow the steps to register a target database.
    The Select Masking Policy page is displayed.

Part 2: Define the Masking Policy and Sensitive Data Model

This part walks you through how to configure the Select Masking Policy page. This page provides options to create, upload, and reuse masking policies and sensitive data models. Decide on one of the following options.

Option 1: Create a Masking Policy and Sensitive Data Model

This option is an all-in-one workflow where you configure a data discovery job and a data masking job.

To create a new masking policy and sensitive data model (sensitive data model):
  1. Make sure you are on the Select Masking Policy page.
  2. For Masking Policy, leave Create selected.
  3. Leave the default masking policy name as is or enter your own.
  4. For Sensitive Data Model, leave Create selected.
  5. Leave the default sensitive data model name as is or enter your own.
  6. If you want to retrieve sample data for sensitive columns during data discovery, move the Show and save sample data slider to the right.
  7. Select the resource group to which you want the new masking policy and new sensitive data model to belong.
  8. Click Continue.
    The Select Target for Sensitive Data Discovery page is displayed.
  9. Select the target database on which you want to discover sensitive data, and click Continue.
    The Select Schemas for Sensitive Data Discovery page is displayed.
  10. Select one or more schemas, and click Continue.
    The Select Sensitive Types for Sensitive Data Discovery page is displayed.
  11. Select the sensitive types and/or sensitive categories that you want to discover.
  12. (Optional) Select Use non-dictionary referential relationships for sensitive column discovery.
  13. Click Continue to run the data discovery job.
  14. When the job is completed and the status reads FINISHED, click Continue.
  15. If you opted to search for non-dictionary referential relationships, the Non-Dictionary Referential Relationships page is displayed. Review the sensitive columns, deselect the columns that you do not want to include in the sensitive data model, and click Save and Continue.
    The Sensitive Data Discovery Result page is displayed.
  16. Continue to Part 3.

Option 2: Create a Masking Policy with a Sensitive Data Model from the Library

You can create a new masking policy that reuses an existing sensitive data model from the Library. Use this approach if you have already discovered sensitive data on your target database.

To create a masking policy with an sensitive data model from the Library:
  1. Make sure you are on the Select Masking Policy page.
  2. For Masking Policy, leave Create selected.
  3. Leave the default masking policy name as is, or enter your own.
  4. For Sensitive Data Model, select Pick from Library.
  5. Select the resource group to which you want the new masking policy to belong.
  6. Click Continue.
  7. On the Select Sensitive Data Model page, do the following:
    1. Select a sensitive data model.
    2. Select Verify if SDM is compatible with the target or Update the SDM with the target (default).
    3. Click Continue to start the verification or update job.
  8. If you chose to verify your sensitive data model:
    1. When the job is completed, verify that the Detail column reads Data model verification job finished successfully, and click Continue.
    2. On the Data Model Verification Result page, review the differences between your sensitive data model and the target database that you want to mask.
    3. If there are differences, make note of them, and then either exit the wizard or click Back and choose to update the sensitive data model instead.
    4. If there are no differences between your sensitive data model and the target database that you want to mask, click Continue.
  9. If you chose to update your Library sensitive data model:
    1. Wait for the sensitive data model to update.
    2. When the Status reads FINISHED, click Continue.
  10. Continue to Part 3.

Option 3: Create a Masking Policy with an Uploaded Sensitive Data Model

Use this option if the sensitive data model that you want to use for your masking policy is in XML file format. The following steps include uploading the sensitive data model into the Library.

To create a masking policy that uses an uploaded sensitive data model:
  1. For Masking Policy, leave Create selected.
  2. Leave the default masking policy name as is, or enter your own.
  3. For Sensitive Data Model, click Upload.
  4. Leave the default sensitive data model name as is or enter your own name.
  5. Click Choose File, select your sensitive data model file, and click Open.
  6. Select the resource group to which you want the new masking policy to belong.
  7. Click Continue.
    The sensitive data model is uploaded into the Library and automatically verified against the selected target database.
  8. Click Continue.
  9. Continue to Part 3.

Option 4: Reuse a Masking Policy from the Library

Use this option if you already have a masking policy in the Library that you want to reuse for the selected target database.

To reuse a masking policy from the Library:
  1. On the Select Masking Policy page, for Masking Policy, select Pick from Library.
  2. Click Continue.
    The Select Masking Policy page is displayed.
  3. Select a masking policy and click Save and Continue.
    The Masking Policy page is displayed.
  4. Continue to Part 4.

Option 5: Upload a Masking Policy and Sensitive Data Model

You can reuse an existing file-based masking policy. This approach uploads your file-based masking policy and sensitive data model into the Library.
  1. On the Select Masking Policy page, for Masking Policy, select Upload (file includes an SDM) or Upload (separate files for Masking Policy and SDM).
  2. Click Choose File for the masking policy and sensitive data model (if needed), select your files, and click Open.
  3. Leave the default masking policy name and sensitive data model name as is or enter new names.
  4. Select the resource group to which you want the new masking policy and sensitive data model to belong.
  5. Click Continue.
    The masking policy and sensitive data model are uploaded into the Library and the sensitive data model is verified against the target database that you want to mask. The Data Model Verification Result page is displayed.
  6. If there are differences between the sensitive data model and the target database that you want to mask, exit the wizard and update the sensitive data model. Otherwise, click Continue.
    The Sensitive Data Model page is displayed.
  7. Continue to Part 3.

Part 3: Review the Sensitive Data Model

This part walks you through the Sensitive Data Model page (or Sensitive Data Discovery Result page), where you can review the sensitive data model and add and remove sensitive columns as needed.

To review the sensitive data model:
  1. On the Sensitive Data Model page (or Sensitive Data Discovery Result page), move the Expand All slider to the right to review the list of sensitive columns.
  2. (Optional) In the drop-down list, select Category View or Schema View.
  3. (Optional) Deselect the sensitive categories, sensitive types, and/or sensitive columns that you do not want to include in your sensitive data model.
  4. (Optional) Add sensitive columns:
    1. Click Add to add new sensitive columns.
      The Add Sensitive Columns dialog box is displayed.
    2. In the dialog box, select one or more columns from the schemas.
    3. Select a sensitive type that describes the selected columns.
    4. Click Add to Result.
  5. To continue to data masking, click Save and Continue.
    The Masking Policy page is displayed.
  6. To save and view the Data Discovery report before continuing to data masking, do the following:
    1. Click Save and View Report.
    2. Review the report.
    3. Click Continue.
    The Masking Policy page is displayed.
  7. Continue to Part 4.

Part 4: Configure the Masking Formats

This part walks you through the Masking Policy page where you configure a masking format for the sensitive columns in your sensitive data model.

To configure the masking formats for the sensitive columns in the sensitive data model:
  1. (Optional) On the Masking Policy page, move the Expand All slider to the right to show all the sensitive columns and their masking formats.
  2. Review the default masking formats configured for each sensitive column.
  3. If you do not want to mask a sensitive column, deselect it.
  4. To add sensitive columns to the sensitive data model, click Add, select columns, and click Add To Policy.
  5. To edit a masking format for a sensitive column, perform the following steps:
    1. Select a different masking format from the drop-down list or click the pencil icon.
      The Edit Format dialog box is displayed.
    2. To add a condition, move the Conditional Masking slider to the right, and then configure the condition. In the first field, enter the name of the column that you are masking or another column from the same table. In the drop-down list, select an operator. In the second field, enter a value. Below the condition, configure a masking format.
    3. To remove a condition, click Delete Condition.
    4. If your condition requires multiple masking formats, you can add another masking format by clicking Add Format. A new masking format template is added below the existing masking formats. Select a masking format from the drop-down list and configure its parameter values.
    5. To remove a masking format, click Delete Format next to the masking format that you want to remove.
      The masking format is immediately removed.
    6. Click Save.
  6. If you have existing pre-masking or post-masking scripts that you want to upload, click Upload Pre/Post Masking Scripts.
  7. Click Confirm Policy to create the masking policy.
  8. Continue to Part 5.

Part 5: Schedule the Job

This part walks you through the Schedule the Masking Job page where you can choose to run the job immediately or schedule it for later.

To schedule the data masking job:
  1. On the Schedule the Masking Job page, click Right Now or Later.
    If you choose to run the masking job later, specify the date and time at which it must be run.
  2. Click Review to verify the masking job details.
    The Review and Submit page is displayed.
  3. Click Submit to start the data masking job.
    You can monitor the status of a job, or suspend or abort the job from the Jobs page. If the data masking job fails, the masked tables are not restored.
  4. (Optional) Click Download Masking logs to download the log files for the data masking job.
  5. (Optional) Click Report to view the Data Masking report.
  6. (Optional) Click Exit to exit the wizard.
  7. To ensure that all of the sensitive data is successfully masked, review the masked data on your database.