Oracle Cloud Infrastructure Documentation

Masking Policies

A masking policy maps sensitive columns to masking formats that should be used to mask the data. It is used to perform data masking on a target database. You can create a masking policy in the Data Masking wizard using a sensitive data model (SDM).

The Data Masking wizard shows you the sensitive columns from the chosen SDM along with the default masking formats. You can go through the list to ensure that the default masking formats meet your requirement. If you prefer, you can select a different masking format for a sensitive column. You can also manually add more sensitive columns to a masking policy and select masking formats for them.

In the Data Masking wizard, you can also upload scripts that should be run on the target before and/or after data masking. For example, you can upload a pre-masking script to create a column on the target database that should be used for the Deterministic Substitution masking format. And, you can upload a post-masking script to remove this column after data masking completes.

The created masking policies get stored in the Library. You can use an existing masking policy to mask target databases. Masking policies contain the following metadata:

  • Policy name
  • Policy description
  • Sensitive data model name
  • Data and time the policy was last updated
  • Policy owner

From the Library, you can mask target databases using existing masking policies, delete masking policies, and download masking policies in XML format. You can update a masking policy by directly modifying the downloaded XML file and upload it to the same or a different Oracle Data Safe Library.