The workflow for data masking involves these main steps:
- Important: Create a backup of your production database. For example, you can use Recovery Manager (RMAN) and Oracle Cloud Storage service (or any other backup location) to create and store your production backups. You never want to mask the actual production database.
- Clone the backup of your production database to create a stage database. Do not expose the stage database to users. Create the stage database on the Oracle Cloud with supported services.
- Register your stage database with Oracle Data Safe. Be sure to run the SQL privileges script on your stage database beforehand.
- Use the Data Discovery wizard to discover sensitive data on the stage database and generate a sensitive data model (SDM).
- Create new masking formats in the Library if you require masking formats other than the predefined ones.
- Use the Data Masking wizard to create a masking policy and submit a data masking job. You can select your existing SDM to create a masking policy. The Data Masking wizard can also discover and mask data in one flow. The job uses the masking policy to mask data on the target database. Oracle Data Safe also generates a data masking report that shows you the results of your data masking job.
- Verify the masked data by reviewing the Data Masking report and validating data in the masked columns.
- Clone the stage database to create a test database. Or, export the masked data from the stage database, create a test database, and then import the masked data into the test database. Oracle strongly recommends creating a test database instead of giving your test and developer users access to your stage database.
- Grant your test and developer users access to your test database.