0

Hi I am looking at the possibility of implementing the Oracle Data Masking Package but require some clarification. I am looking to mask just my non-production data. In the process of doing this does Oracle create clones of the the database? I am hoping to mask the PII data without creating a clone/ needing to create additional Oracle users. Does the Oracle solution meet these requirements? I am being told that deploying ODM, it will require application changes? Can anyone elaborate on this. My apologies I am extremely new to the DB world. Are there any other data masking solutions anyone can recommend?

Jarrett Emslie
  • 1
  • 1

1 Answers1

0

Which version of Oracle you are using ? Do you have advanced security License ?

You can make use of Redaction features as part of Advanced security available from 12.1. Oracle provides DBMS_REDACT to hide values after execution of queries i.e. only when they are displayed at screen and hence dont impact performance of any dependencies.

There are multiple options available with full/partial redaction.

Let me know if you require any more details, I have recently implemented it in production environment to protect PII DATA

Official documentation

Atif
  • 1,751
  • 4
  • 12
  • Thanks for the reply. We are currently using an 11 GR2 solution. We were looking at the possibility of using the Oracle Data Masking Package within Oracle Enterprise Manager.Our end goal is to protect the data in non-production environments, currently we have three non-production environments. – Jarrett Emslie Aug 19 '20 at 14:27
  • Data redaction has been made available in 11gR2(back ported in 11.2.0.4) although it was introduced in 12c and requires advanced security license.I proposed this because we are using the same in both production as well as pre-production environment and it is much more versatile and advanced then Data masking. – Atif Aug 19 '20 at 15:13
  • Thanks again. The goal of this solution would be when refreshing the data to non-production environments, the masking definition/redaction rules would annonymize the data so production data will not be identifiable. We do not want to clone the production data anywhere nor do we want separate users for the Oracle databases. Do you feel the Oracle Redaction solution would meet these needs? – Jarrett Emslie Aug 20 '20 at 16:50
  • @JarrettEmslie Purpose of redaction is to hide customer identiable information from authorized access for this you dont need to clone your database or create separate users. Within Redaction with the help of `DBMS_REDACT` package you will create policies which will govern which table/columns and on which users policies should be implemented and whether you want to redact complete column or partial or make it blank or replace the characters with something etc. Apart from License I dont see any challenges in implementing this. Feel free to contact me in case of any further queries. – Atif Aug 20 '20 at 17:28