Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
New Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 
 

  Data Masking Pack tips

Oracle Database Tips by Donald BurlesonMarch 31, 2015


Question:
 I need to understand the Oracle Data Masking Pack.  How does the Data Masking Pack work?  Is the Data Masking Pack an extra-cost option?

Answer:  The Oracle Data Masking Pack new new in 11g and replaces real production data with realistic but false (scrubbed) data, all based on masking rules from the Data Masking Pack.  The Data Masking Pack is a separately licensed Oracle Enterprise Manager pack that has been included with both OEM Database Control and OEM Grid Control starting in Oracle Database 11g r2.   The Data Masking Pack is documented as part or the Oracle Real Application Testing (RAT).

Oracle notes three types of data masking:

"Compound masking: this technique ensures that a set of related columns is masked as a group to ensure that the masked data across the related columns retain the same relationship, e.g. city, state, zip values need to be consistent after masking.

Deterministic masking: this technique ensures repeatable masked values after a mask run. Enterprise may use this technique to ensure that certain values, e.g. a customer number gets masked to the same value across all databases. We will elaborate on this technique as it is a very common use case.

Key-based reversible masking: when businesses need to send their data to a 3rd party for analysis, reporting or any other business process, this technique transforms the original data into a masked representation of itself using a secure key-based reversible masking function. Once the data is recovered from the 3rd party, the business can recover the original data by reversing the masking using the same key."

The Oracle data masking pack costs about $11,500 per processor or abut $230 per named user, but see the Oracle Store for current prices.

The Data Masking Pack is useful in two areas:

  • Sharing data with third parties:  The regulatory compliance data confidentiality.  The data masking pack allows you to share your production with third parties, confident that the confidential data has not been compromised.

  • Copy production to test:  You can preserve the confidentially per regulatory compliance laws an copy production data to a test environment without disclosure.

Within Oracle Enterprise Manager, the Data Masking Pack enables centralized masking of confidential data in test and development databases or databases supplied to external vendors and third parties. The masking is defined using out-of-the-box masking formats via the OEM console, thereby storing all masking information centrally and not in the dispersed and manual scripts that were traditionally used.

Condition-based masking is possible. The process is irreversible, and it replaces the confidential data with scrubbed but realistic-looking data using masking rules. Database integrity rules are also followed when the masking process takes place.

When the database is cloned from production using OEM, the data masking can be executed as an integrated part of the cloning process, or it can be run independently with the dm_fmtlib package procedures. This helps in complying with privacy and personal information laws such as HIPAA, Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standard (PCIDSS).

There is also a very useful search function that allows you to query the data dictionary of any database and identify the tables and columns that need to be masked since they may be carrying confidential data.

Licensing the Data Masking Pack

There is no trial version of Data Masking Pack. Data Masking is available with the DB console or OEM 11G GRID / 12C CLOUD.

You can Download it (full product set) from OTN and test it. If you have an RDBMS 11gR2 you can just configure DB Console (if not already done) and go into the Data Mask Section.

However once you start/want to use it on Production Environments, you need a license for it, so you need to contact your Oracle Sales Representative.

Installing the Data Masking Pack

You start by downloading the data masking Pack software from OTN.

If you are using Oracle Data Masking through OEM Grid Control you need to make sure that the dm_fmtlib package has been installed in the target database. The dm_fmtlib package can be created by running the following two supplied scripts, while connected as the dbsnmp schema owner:

$ORACLE_HOME/sysman/admin/emdrep/sql/db/latest/masking/dm_fmtlib_pkgdef.sql

$ORACLE_HOME/sysman/admin/emdrep/sql/db/latest/masking/dm_fmtlib_pkgbody.plb

You can interface with the Data Masking Pack using OEM, or by calling any of the dm_fmtlib procedures.  Oracle Data Masking Pack also supports masking of data in heterogeneous databases, such as IBM DB2, Microsoft SQL Server (MS-SQL), Sybase, and Informix, through the use of the Oracle Database Gateways.

Built In Data Masking Formats in the Data Masking Pack

Oracle has many built in Masking Formats as part of the data masking library. There are some built in routines such as:

  • Shuffle the original data
  • Substitute masking (a deterministic masking that ensures the same value in yields the same result)
  • Substring
  • Table Column (select a random entry from another table)

The Data Masking Pack also includes "primitive" masks such as:

  • Fixed Numbers
  • Fixed Strings
  • Random Dates
  • Random Digits
  • Random Numbers
  • Random Strings

There are also custom data masking rules for specific real-world data strings.  These masking rules include:

  • American Express credit card Numbers
  • Discover credit card Numbers
  • Generic credit card Numbers
  • ISBN Numbers
  • MasterCard credit card Numbers
  • National Insurance Numbers
  • Social Insurance Numbers
  • Social Security Numbers
  • United Parcel (UPS) Codes
  • US Phone Numbers
  • Visa credit card Numbers

Oracle notes that the Oracle Data Masking Pack includes the following features:

  • Mask format libraries
  • Mask definitions
  • Masking techniques
    • Condition-based masking
    • Compound masking
    • Deterministic masking
  • Application masking templates import or export
  • Mask format library import or export
  • Masking script generation
  • Clone and Mask workflow

The dm_fmtlib package has the following procedures.  Fir example, here is the rule for generating a social security number:

select
   dbsnmp.dm_fmtlib.mgmt_dm_gen_ssn('A', 'A', '52')
from
   dual;

Here are the some of the procedures within the dm_fmtlib package:

Where:

cn = Canada
sin = Canada social insurance number
ph = phone number
vc = Visa Card

 

  • mgmt_dm_gen_cn_sin_fh
  • mgmt_dm_gen_cn_sin_fs
  • mgmt_dm_gen_isbn10
  • mgmt_dm_gen_isbn10_fh
  • mgmt_dm_gen_isbn13
  • mgmt_dm_gen_isbn13_fh
  • mgmt_dm_gen_ph_canada
  • mgmt_dm_gen_ph_canada_fh
  • mgmt_dm_gen_cn_sin
  • mgmt_dm_gen_ph_na
  • mgmt_dm_gen_ph_na_fh
  • mgmt_dm_gen_ph_usa
  • mgmt_dm_gen_ph_usa_ca
  • mgmt_dm_gen_ph_usa_ca_fh
  • mgmt_dm_gen_ph_usa_fh
  • mgmt_dm_gen_ssn
  • mgmt_dm_gen_ssn_fh
  • mgmt_dm_gen_uk_nin_fh
  • mgmt_dm_gen_upc
  • mgmt_dm_gen_upc_fh
  • mgmt_dm_gen_vc
  • mgmt_dm_gen_vc_fh

   
Oracle Training from Don Burleson 

The best on site "Oracle training classes" are just a phone call away! You can get personalized Oracle training by Donald Burleson, right at your shop!

Oracle training
 
 


 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2017

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.

Remote Emergency Support provided by Conversational

 

 

��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster