Oracle Cloud Using Oracle Data Safe
E92975-42 June 2021 Oracle Cloud Using Oracle Data Safe,
E92975-42
Copyright © 2019, 2021, Oracle and/or its affiliates.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. Contents
1 Get Started with Oracle Data Safe Oracle Data Safe Overview 1-1 Features of Oracle Data Safe 1-1 Key Concepts and Terminology 1-2 Try Oracle Data Safe for Free 1-6 Overvew 1-6 Trial Period 1-6 Grace Period 1-7 Set Up Oracle Data Safe 1-7 Sign In to the Oracle Data Safe Console 1-7 Sign In From Your Regional Oracle Data Safe Service Page 1-8 Sign In From the Oracle Cloud Infrastructure Console 1-9 Related Resources 1-10 Oracle Data Safe Dashboard 1-10
2 Security Assessment Security Assessment Overview 2-1 Introduction 2-2 Use Cases 2-2 Security Assessment Workflow 2-2 Comprehensive Assessment Reports 2-3 About Comprehensive Assessment Reports 2-3 Example 2-3 Findings 2-4 Baseline Reports 2-4 Comparison Reports 2-5 About Comparison Reports 2-5 Example 2-5 Interpreting Comparison Reports 2-6 View Comprehensive Assessment Reports 2-7 View a Comprehensive Report from the Security Assessment Wizard 2-7 View a Comprehensive Assessment Report from the Reports Tab 2-7
iii Create Security Assessment Jobs 2-7 Prerequisites 2-8 Create a Security Assessment Job 2-8 Compare Comprehensive Assessment Reports 2-8 Set a Baseline Report and Generate a Comparison Report from the Security Assessment Wizard 2-8 Set a Baseline Report from a Comprehensive Assessment Report Page 2-9 Generate a Comparison Report from a Comprehensive Assessment Report Page 2-9 Schedule Recurring Security Assessment Jobs 2-9 Schedule a Recurring Security Assessment Job for a Single Target Database 2-9 Update a Recurring Security Assessment Job for a Single Target Database 2-10 Schedule a Recurring Security Assessment Job for Multiple Target Databases 2-11 Delete a Recurring Security Assessment Job 2-11
3 User Assessment User Assessment Overview 3-1 User Assessment Reports 3-1 Charts 3-2 Table 3-3 Create User Assessment Jobs 3-4 Prerequisites 3-4 Create a User Assessment Job 3-4
4 Activity Auditing Activity Auditing Overview 4-2 About Activity Auditing 4-2 Activity Auditing Workflow 4-2 Audit Policies 4-3 Audit Policies in Oracle Data Safe 4-4 Basic Auditing Policies 4-4 Admin Activity Auditing Policy 4-6 User Activity Auditing Policy 4-7 Custom and Oracle Predefined Policies 4-7 Audit Compliance Standards 4-8 Audit Trails 4-8 Audit Trails in Oracle Data Safe 4-9 Supported Audit Trails 4-9 Auto Purge 4-10 Alerts and Alert Policies 4-10 Alerts Page 4-10
iv Alert Policies in Oracle Data Safe 4-11 Audit Data Lifecycle Management 4-11 Audit Data Retention 4-11 Audit Data Archival 4-12 Audit Data Retrieval 4-12 Deregistered Target Databases 4-12 Activity Auditing Reports 4-13 Service Activity Report 4-13 Retrieve and Provision Audit Policies 4-14 Add Audit Trails 4-17 Manage Audit Collection 4-18 Start and Stop Audit Collection on Target Databases 4-18 Update Audit Policies 4-19 Enable Auto Purge for Audit Trails 4-19 View an Audit Trail Log 4-19 Remove Audit Trails 4-20 Configure Audit Data Retention 4-20 Collect Audit Data Beyond the Free Limit 4-21 Retrieve Audit Data for a Target Database from the Archive 4-21 Return Audit Data to the Archive 4-22 Manage Alerts 4-22 View Alerts 4-22 Change the Status of Alerts 4-24 Create Alert Reports 4-24 Download Alert Reports 4-25 Update Alert Policies 4-25
5 Data Discovery Data Discovery Overview 5-1 About Data Discovery 5-2 Data Discovery Workflow 5-2 Sensitive Types 5-3 Predefined Sensitive Types 5-4 User-Defined Sensitive Types 5-4 Column Name Pattern 5-5 Column Comment Pattern 5-5 Column Data Pattern 5-6 Search Pattern 5-6 Related Content 5-7 Referential Relationships 5-7
v Dictionary-Based Referential Relationships 5-7 Non-Dictionary Referential Relationships 5-8 Sensitive Data Models 5-8 About Sensitive Data Models 5-8 Verification Feature 5-8 Incremental Update Feature 5-9 Data Discovery Reports 5-9 Create Sensitive Types 5-9 Create Data Discovery Jobs 5-10 Manage Sensitive Types 5-12 View Sensitive Type Details 5-12 Update a User-Defined Sensitive Type 5-13 Delete a User-Defined Sensitive Type 5-13 Manage Sensitive Data Models 5-13 View a Sensitive Data Model 5-14 Verify a Sensitive Data Model 5-14 Update a Sensitive Data Model 5-15 Manually Add or Remove Sensitive Columns From a Sensitive Data Model 5-16 Delete a Sensitive Data Model 5-17 Download a Sensitive Data Model 5-17 Upload a Sensitive Data Model 5-17
6 Data Masking Data Masking Overview 6-2 The Challenge 6-2 The Solution 6-2 Common Data Masking Requirements 6-3 Data Masking in Oracle Data Safe 6-3 Data Masking Workflow 6-4 Masking Formats 6-5 About Masking Formats 6-5 Combinable 6-5 Uniqueness 6-6 Reversible 6-6 Deterministic 6-6 Related Content 6-7 Masking Policies 6-7 Data Masking Reports 6-7 Conditional Masking 6-8 Group Masking 6-8
vi About Group Masking 6-8 Group Masking Example Using Shuffle 6-9 Group Masking Example Using Deterministic Substitution 6-9 Create Data Masking Jobs 6-10 Part 1: Select a Target Database 6-10 Part 2: Define the Masking Policy and Sensitive Data Model 6-11 Option 1: Create a Masking Policy and Sensitive Data Model 6-11 Option 2: Create a Masking Policy with a Sensitive Data Model from the Library 6-12 Option 3: Create a Masking Policy with an Uploaded Sensitive Data Model 6-12 Option 4: Reuse a Masking Policy from the Library 6-13 Option 5: Upload a Masking Policy and Sensitive Data Model 6-13 Option 6: Upload a Masking Policy and Select a Sensitive Data Model from the Library 6-14 Part 3: Review the Sensitive Data Model 6-14 Part 4: Configure the Masking Formats 6-15 Part 5: Schedule the Job 6-16 Create Masking Formats 6-17 About User-Defined Masking Formats 6-17 Create a Masking Format 6-17 Manage Masking Formats 6-18 View a Masking Format 6-18 Update a User-Defined Masking Format 6-19 Delete a User-Defined Masking Format 6-19 Manage Masking Policies 6-19 View a Masking Policy 6-20 Update a Masking Policy 6-20 Download a Masking Policy 6-20 Upload a Masking Policy 6-21 Delete a Masking Policy 6-21
7 Reports and Jobs Reports and Jobs Overview 7-1 Report Types 7-1 Jobs 7-2 Manage Reports 7-2 View Reports 7-2 Create a Custom Report 7-3 Delete a Custom Report 7-3 Download a Report 7-4 Manage Jobs 7-4 View Jobs 7-5
vii Suspend or Resume a Job 7-5 Abort or Delete a Job 7-5 Monitor the Number of Jobs Submitted 7-6
8 Reference Predefined Masking Formats 8-1 Basic Masking Formats 8-8 Supported Data Types 8-9 Delete Rows 8-10 Deterministic Encryption 8-11 Deterministic Substitution 8-13 Fixed Number 8-14 Fixed String 8-15 Group Shuffle 8-15 Null Value 8-16 Post Processing Function 8-17 Preserve Original Data 8-18 Random Date 8-19 Random Decimal Number 8-20 Random Digits 8-20 Random List 8-21 Random Number 8-22 Random String 8-23 Random Substitution 8-24 Regular Expression 8-25 Shuffle 8-26 SQL Expression 8-27 Substring 8-28 Truncate Data 8-29 User Defined Function 8-30 Regular Expressions 8-31 Introduction to Oracle Data Safe Video Script 8-33 Service Limits 8-36
viii Preface
The Using Oracle Data Safe guide describes how to use Oracle Data Safe to discover and mask sensitive data to render it safe for development use and testing. This guide also describes how to assess the security of your database and database users, audit user activity, and generate audit reports. The following sections are included: • Audience • Documentation Accessibility • Related Resources • Conventions Audience
The Using Oracle Data Safe guide is intended for those who want to use Oracle Data Safe features, including User Assessment, Security Assessment, Activity Auditing, Data Discovery, and Data Masking. Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup? ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. Related Resources
For more information, see these Oracle resources: • Administering Oracle Data Safe • What's New for Oracle Data Safe • Oracle Public Cloud Conventions
The following text conventions are used in this document:
Convention Meaning boldface Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary.
9 Conventions
Convention Meaning italic Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. monospace Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter.
10 1 Get Started with Oracle Data Safe
Oracle Data Safe is a fully-integrated, regional Cloud service focused on the security of your data. It provides a complete and integrated set of features for protecting sensitive and regulated data in Oracle databases. • Oracle Data Safe Overview Oracle Data Safe is a unified control center for your Oracle databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements. • Try Oracle Data Safe for Free Oracle offers a free tenancy and a 30-day free trial for a variety of Oracle Cloud Infrastructure services, including Oracle Data Safe. You can sign up for a free Oracle cloud account, and then try Oracle Data Safe with your Oracle cloud or on-premises Oracle databases. • Set Up Oracle Data Safe To use Oracle Data Safe features with your databases, you need to set up an Oracle Data Safe environment. Setup involves enabling Oracle Data Safe in a region of your tenancy and registering target databases. • Sign In to the Oracle Data Safe Console There are a few ways to sign in to the Oracle Data Safe Console. You can sign in from the Oracle Data Safe service page in Oracle Cloud Infrastructure. You can sign in through the Oracle Cloud Infrastructure Console. And you can sign in using a bookmark to your Oracle Data Safe Console. • Oracle Data Safe Dashboard When you sign in to Oracle Data Safe, you are presented with the Home tab. The Home tab is a dashboard consisting of several charts that you let you monitor activities. Oracle Data Safe Overview
Oracle Data Safe is a unified control center for your Oracle databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements. This article has the following topics: • Features of Oracle Data Safe • Key Concepts and Terminology Features of Oracle Data Safe
Oracle Data Safe provides the following set of features for protecting sensitive and regulated data in Oracle databases, all in a single, easy-to-use management console:
1-1 Chapter 1 Oracle Data Safe Overview
• Security Assessment helps you assess the security of your database configurations. It analyzes database configurations, user accounts, and security controls, and then reports the findings with recommendations for remediation activities that follow best practices to reduce or mitigate risk. • User Assessment helps you assess the security of your database users and identify high risk users. It reviews information about your users in the data dictionary on your target databases, and calculates a risk score for each user. For example, it evaluates the user types, how users are authenticated, the password policies assigned to each user, and how long it has been since each user has changed their password. It also provides a direct link to audit records related to each user. With this information, you can then deploy appropriate security controls and policies. • Data Discovery helps you find sensitive data in your databases. You tell Data Discovery what kind of sensitive data to search for, and it inspects the actual data in your database and its data dictionary, and then returns to you a list of sensitive columns. By default, Data Discovery can search for a wide variety of sensitive data pertaining to identification, biographic, IT, financial, healthcare, employment, and academic information. • Data Masking provides a way for you to mask sensitive data so that the data is safe for non-production purposes. For example, organizations often need to create copies of their production data to support development and test activities. Simply copying the production data exposes sensitive data to new users. To avoid a security risk, you can use Data Masking to replace the sensitive data with realistic, but fictitious data. • Activity Auditing lets you audit user activity on your databases so you can monitor database usage and be alerted of unusual database activities. Key Concepts and Terminology
Understand the following concepts and terminology to help you get started with Oracle Data Safe.
Oracle Cloud Infrastructure Oracle Cloud Infrastructure is a set of complementary cloud services that enables you to build and run a wide range of applications and services in a highly available hosted environment. Oracle Cloud Infrastructure offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network. Oracle Data Safe is integrated as a service into Oracle Cloud Infrastructure.
Oracle Cloud Infrastructure Console The Oracle Cloud Infrastructure Console is a simple and intuitive web-based user interface that you can use to access and manage Oracle Cloud Infrastructure. You also access the Oracle Data Safe Console through the Oracle Cloud Infrastructure Console.
Tenancy A tenancy is a secure and isolated partition within Oracle Cloud Infrastructure where you can create, organize, and administer your cloud resources. When you subscribe to
1-2 Chapter 1 Oracle Data Safe Overview
Oracle Data Safe, Oracle automatically creates a tenancy for you in Oracle Cloud Infrastructure, if necessary.
Regions and Availability Domains Oracle Cloud Infrastructure is physically hosted in regions and availability domains. A region is a localized geographic area, and an availability domain is one or more data centers located within a region. A region is composed of one or more availability domains. Oracle Cloud Infrastructure resources are either region-specific, such as a virtual cloud network, or availability domain-specific, such as a compute instance.
Oracle Data Safe Oracle Data Safe is a fully-integrated Cloud service focused on the security of your data. It provides a complete and integrated set of features for protecting sensitive and regulated data in Oracle databases. Oracle Data Safe consists of a web application and an Oracle pluggable database (PDB) and resides in Oracle Cloud Infrastructure. The web application is the main user interface for Oracle Data Safe and is referred to as the Oracle Data Safe Console. The PDB is the repository for Oracle Data Safe and contains audit data and collected sensitive data for target databases. You can enable Oracle Data Safe in each region of your tenancy in Oracle Cloud Infrastructure.
Oracle Cloud Infrastructure Identity and Access Management (IAM) The IAM service is the default, fully integrated, identity management service for Oracle Cloud Infrastructure. It lets you control who has access to your cloud resources, what type of access user groups have, and to which specific resources user groups have access. Oracle Data Safe uses all the shared services in Oracle Cloud Infrastructure, including IAM. You can use the IAM service to set up user access to Oracle Data Safe.
IAM Compartments In IAM, compartments allow you to organize and control access to your cloud resources. A compartment is a collection of related resources, such as database instances, virtual cloud networks, and block volumes. A compartment should be thought of as a logical group and not a physical container. When you begin working with resources in the Oracle Cloud Infrastructure Console, the compartment acts as a filter for what you are viewing. A group requires permission by an administrator to access a compartment.
IAM User Groups A user group in IAM is a collection of users who all need the same type of access to a particular set of resources or compartment. Tenancy administrators can create users and groups in the root compartment of a tenancy with the IAM service in Oracle Cloud Infrastructure. Oracle Data Safe retrieves user groups from IAM, but not individual users. Oracle automatically creates a tenancy administrator for you and adds it to the tenancy's Administrators group. This group has all permissions on all resources in the tenancy, and is responsible for creating the users, groups, and compartments for the tenancy.
IAM Policies An IAM policy is a document that specifies who can access which resources in Oracle Cloud Infrastructure, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific
1-3 Chapter 1 Oracle Data Safe Overview compartment, or to the tenancy itself. If you give a group access to your tenancy, the group automatically gets the same type of access to all the compartments inside your tenancy. Only tenancy administrators can create policies.
Oracle Data Safe Console The Oracle Data Safe Console is the main user interface for Oracle Data Safe. Upon opening Oracle Data Safe, you are presented with a dashboard that lets you monitor system activity. The side tabs provide access to the main features. The top tabs provide access to registered target databases, the Library, reports, alerts, and jobs. In the upper right corner, you can access links to user security and data retention settings.
Target Database A target database is an Oracle Database on which Oracle Data Safe can perform user and security assessment, data discovery, data masking, and auditing.
Authorization Policies in Oracle Data Safe Oracle Data Safe uses authorization policies to control user group access to compartments and features. For each compartment, an Oracle Data Safe Administrator (or delegated administrator) can grant a user group view, manage, or no privileges for Oracle Data Safe features. Features are grouped as follows: Assessment (User Assessment and Security Assessment), Discovery and Masking, and Activity Auditing. The view privilege grants read-only access to a feature's resources. The manage privilege enables a user group to create, read, update, delete, and delegate feature-related resources. Administrators cannot create more privileges.
Sensitive Types A sensitive type is a classification of sensitive data and defines the kind of sensitive columns to search for. For example, the US Social Security Number (SSN) sensitive type helps you discover columns containing Social Security numbers. Data Discovery searches for sensitive data in your databases based on the sensitive types that you choose. You can choose from a wide variety of predefined sensitive types and can also create your own sensitive types. Sensitive types are divided into categories. The top-level categories are Personal Identification Information (PII), Personal Biographic Information, Personal IT Information, Personal Financial Information, Personal Healthcare Information, Personal Employment Information, and Personal Academic Information. You can choose individual sensitive types or sensitive categories to search sensitive data.
Sensitive Data Models A sensitive data model is a collection of sensitive columns and referential relationships. Data Discovery identifies sensitive columns and referential relationships and creates a sensitive data model. Data Discovery automatically searches the Oracle data dictionary to find relationships between primary key columns and foreign key columns and flags them as sensitive. It can also discover non-dictionary referential relationships, which are relationships defined in applications and not in the Oracle data dictionary.
1-4 Chapter 1 Oracle Data Safe Overview
Masking Formats A masking format defines the logic to mask sensitive data in a database column. For example, the Shuffle masking format randomly shuffles values in a column. The Email Address masking format replaces values in a column with random email addresses. Oracle Data Safe provides many predefined masking formats. If needed, you can create your own.
Masking Policies A masking policy maps sensitive columns to masking formats that should be used to mask the data. You can use a masking policy to perform data masking on a target database. You can create a masking policy using a sensitive data model. You can also use a previously created masking policy from the Library. You can download a masking policy as XML, modify it, and upload it to the same or a different Oracle Data Safe service.
Audit Trails An audit trail is a table in a database that stores audit data. A widely used audit trail is the AUDSYS.UNIFIED_AUDIT_TRAIL data dictionary view. You can configure audit trails in Oracle Data Safe. Usually, you configure only one audit trail per database. When audit data collection is enabled, Oracle Data Safe copies the audit data from the database's audit trail into the Oracle Data Safe audit table. You can start and stop audit collection as needed. In Oracle Data Safe, you can manage the size of a target database's audit trail by using the auto purge feature. You can manage the size of the Oracle Data Safe audit table by configuring a data retention period.
Library The Library in Oracle Data Safe is a repository that stores resources used for Data Discovery and Data Masking. Resources include sensitive types, sensitive data models, masking formats, and masking policies. When you create these resources, they are automatically saved to the Library.
Audit Policies An audit policy defines specific events to track in a target database. In Oracle Data Safe, you can provision basic audit policies, administrator and user activity audit policies, the Center for Internet Security (CIS) Recommendations policy, custom audit policies, and Oracle pre- seeded audit policies. After an audit policy is provisioned, the target database can begin to generate audit data.
Alerts An alert is a message that notifies you when a particular audit event happens on a target database. Alerts are displayed in table format on the Alerts page in the Oracle Data Safe Console. You can view total alert counts for target databases, alert severity levels, and alert statuses. You can also filter alerts on the page, create and delete custom alert reports, open and close alerts, and download an alerts report in PDF format.
Alert Policies An alert policy defines an event in a database to monitor. Alert policies are rule-based and triggered depending on the audit data being collected. If an alert’s rule definition is matched (for example, an administrator fails to log in to a target database), then Oracle Data Safe raises an alert and displays it on the Alerts page.
1-5 Chapter 1 Try Oracle Data Safe for Free
Activity Auditing provides predefined alert policies that you can activate within the Activity Auditing wizard. There is a policy for database parameters changes, failed logins by admin users, audit policy changes, user creation or deletion, and user entitlement changes. Try Oracle Data Safe for Free
Oracle offers a free tenancy and a 30-day free trial for a variety of Oracle Cloud Infrastructure services, including Oracle Data Safe. You can sign up for a free Oracle cloud account, and then try Oracle Data Safe with your Oracle cloud or on-premises Oracle databases. This article has the following topics: • Overvew • Trial Period • Grace Period Overvew
During a free trial, you can enable Oracle Data Safe in your tenancy, and try out all of the main features, including Activity Auditing, User Assessment, Security Assessment, Data Discovery, and Data Masking. For more information, see Trial Period. When the free trial period ends, you have a 30-day grace period in which you can still use existing resources in Oracle Data Safe. For example, you can continue to use the databases that you registered with Oracle Data Safe during your free trial. For more information, see Grace Period. When the grace period ends, you no longer have access to Oracle Data Safe, your target databases are deregistered from Oracle Data Safe, and all Oracle Data Safe resources are reclaimed by Oracle. At any time, you can convert your free Oracle cloud account to a paid account. With a paid account, you can use all of the features of Oracle Data Safe, and opt for paid usage for audit collection. You can also register an unlimited number of target databases. Be aware that you are billed when you register an on-premises Oracle Database or an Oracle Database on a compute instance. Trial Period
For the first 30 days, you can do the following with Oracle Data Safe: • Enable Oracle Data Safe. • Register one or more of the following paid or free Cloud databases in your tenancy with Oracle Data Safe: – Autonomous Database on Shared Exadata Infrastructure with Secure Access from Everywhere – Autonomous Database on Shared Exadata Infrastructure with Private VCN Access – DB system (Virtual Machine, Bare Metal, or Exadata)
1-6 Chapter 1 Set Up Oracle Data Safe
• Register up to one paid on-premises Oracle Database or one paid Oracle Database on a compute instance. During the free trial period, billing for registering these two types of databases is waived. • Create up to two Oracle Data Safe private endpoints per region in your tenancy. • Create one Oracle Data Safe on-premises connector per region in your tenancy. • Use all Oracle Data Safe features with your registered target databases. You can configure audit trail collection for up to one million audit records per target database per month. Audit collection is automatically stopped after you reach the limit. Only non-paid audit collection is allowed. You cannot configure or change the audit data retention period. If you later convert your tenancy to a full-use tenancy, you can retroactively apply longer-term retention policies to the audit data you collected during the trial period. Auto- purge is disabled, meaning Oracle Data Safe will not delete any audit records on your target database. Grace Period
When the 30-day trial period ends, you have another 30-days of grace period during which you can continue to use the following: • Existing Oracle Data Safe services that you enabled during the trial period. You cannot enable Oracle Data Safe in any more regions. • Existing registered target databases. You cannot register any new target databases. • Existing Oracle Data Safe private endpoints and/or an existing Oracle Data Safe on- premises connector for already registered target databases. You cannot create and deploy a new private endpoint or on-premises connector. • All Oracle Data Safe features supported for the target databases that you registered during the trial period. You can continue to collect up to one million audit records per target database per month. Audit collection is automatically stopped after you reach the limit. Only non-paid audit collection is allowed. Auto-purge is disabled, meaning Oracle Data Safe will not delete any audit records on your target database. Set Up Oracle Data Safe
To use Oracle Data Safe features with your databases, you need to set up an Oracle Data Safe environment. Setup involves enabling Oracle Data Safe in a region of your tenancy and registering target databases. Please refer to the following information in the Administer Oracle Data Safe guide: • Enable Oracle Data Safe • Target Database Registration Sign In to the Oracle Data Safe Console
There are a few ways to sign in to the Oracle Data Safe Console. You can sign in from the Oracle Data Safe service page in Oracle Cloud Infrastructure. You can sign in through the Oracle Cloud Infrastructure Console. And you can sign in using a bookmark to your Oracle Data Safe Console.
1-7 Chapter 1 Sign In to the Oracle Data Safe Console
Both native and federated users can sign in to an Oracle Data Safe service without any special permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM). The Oracle Data Safe features available to the user depend on the privileges granted to the user by an Oracle Data Safe administrator. This article has the following topics: • Sign In From Your Regional Oracle Data Safe Service Page • Sign In From the Oracle Cloud Infrastructure Console • Related Resources Sign In From Your Regional Oracle Data Safe Service Page
To sign in to the Oracle Data Safe Console, you can enter a url in your browser that takes you directly to your regional Oracle Data Safe service page. From there, you can sign in to the Oracle Data Safe Console.
1. In a browser window, enter the url to your regional Oracle Data Safe service page in Oracle Cloud Infrastructure. For example, the url for the Ashburn region is as follows: https://console.us- ashburn-1.oraclecloud.com/data-safe/instances.
The url for the Frankfurt region is as follows: https://console.eu- frankfurt-1.oraclecloud.com/data-safe/instances. 2. In the Cloud Tenant field on the SIGN IN page, enter your tenancy name, and then click Continue. If your Console URL already contains the tenancy name, you are not prompted to enter a tenancy name. For example, the URL https://console.us- ashburn-1.oraclecloud.com/data-safe/?tenant=CompanyABC contains the tenancy name CompanyABC. 3. If the Single Sign-On option is presented on your sign-in page, it means that your tenancy is federated with an identity service other than the default one. Sign in the following way: a. Select your identity provider and click Continue. You are redirected to your identity provider to sign in. b. Enter your user name and password. The Overview page for Oracle Data Safe is displayed. 4. If the Single Sign-On option is not presented on your sign-in page, then your tenancy uses the default identity service, which is Oracle Cloud Infrastructure Identity and Access Management (IAM). Sign in the following way: a. Enter your Oracle Cloud Infrastructure user name and password, and then click Sign In. b. If you are signing in for the first time, you are prompted to change your temporary password. Enter a new password, making sure to follow the password criteria, and click Submit. The Overview page for Oracle Data Safe is displayed. 5. Click the Service Console button.
1-8 Chapter 1 Sign In to the Oracle Data Safe Console
The Home page for the Oracle Data Safe Console is displayed. 6. (Optional) In your browser, bookmark the URL to the Oracle Data Safe Console. 7. If you log out of the Oracle Data Safe Console and perform step 5 again, you are prompted to enter your credentials. Sign In From the Oracle Cloud Infrastructure Console
To sign in to the Oracle Data Safe Console, you can first sign in to the Oracle Cloud Infrastructure Console, and then access your regional Oracle Data Safe service page. From there, you can sign in to the Oracle Data Safe Console.
1. Open a supported browser and enter the following URL:
https://cloud.oracle.com
2. In the Cloud Account Name field, enter your tenancy name, and then click Next. The SIGN IN page is displayed. 3. If the Single Sign-On option is presented on your sign-in page, it means that your tenancy is federated with an identity service other than the default one. You can sign in the following way: a. Select your identity provider and click Continue. You are redirected to your identity provider to sign in. b. Enter your user name and password. You are signed in to your home region in the Oracle Cloud Infrastructure Console. 4. If the Single Sign-On option is not presented on your sign-in page, then your tenancy uses the default identity service, which is Oracle Cloud Infrastructure Identity and Access Management (IAM). You can sign in the following way: a. Enter your Oracle Cloud Infrastructure user name and password, and then click Sign In. b. If you are signing in for the first time, you are prompted to change your temporary password. Enter a new password, making sure to follow the password criteria, and click Submit. You are signed in to your home region in the Oracle Cloud Infrastructure Console. 5. (Optional) In the upper-right corner of the window, select the appropriate region that has Oracle Data Safe enabled; for example, US East (Ashburn). Oracle Data Safe resources, such as sensitive data models, masking policies, and registered target databases are region-specific. Therefore, you want to make sure that you select Oracle Data Safe in the region that contains the resources that you need. 6. From the navigation menu, select Oracle Database, and then Data Safe. The Overview page for the Oracle Data Safe service is displayed. 7. Click the Service Console button. The Home page for the Oracle Data Safe Console is displayed. 8. (Optional) In your browser, bookmark the URL to the Oracle Data Safe Console. 9. If you log out of the Oracle Data Safe Console and perform step 7 again, you are prompted to enter your credentials.
1-9 Chapter 1 Oracle Data Safe Dashboard
Related Resources
You may find the following Oracle Cloud Infrastructure resources helpful: • Oracle Cloud Infrastructure • Signing In to the Console Oracle Data Safe Dashboard
When you sign in to Oracle Data Safe, you are presented with the Home tab. The Home tab is a dashboard consisting of several charts that you let you monitor activities. The dashboard shows the following charts: • Security Assessment: View the percentage of low, medium, and high risk security configurations in your databases. • User Assessment: View the percentage of low, medium, high, and critical risk users in your database. • Data Discovery: View the top five sensitive categories in your databases. • All Activity: View the number of events per day for the last week performed by all users. • Admin Activity: View the number of events per day for the last week performed by admin users. • Open Alerts: View the number of open alerts per day for the last week. • Feature Usage: View the number of times an Oracle Data Safe feature (Security Assessment, User Assessment, Data Discovery, Data Masking, and Activity Auditing) was used during the last week and last month. • Jobs Summary: View the percentage of failed, running, and finished jobs. • Audit Trails: View the number of audit trails that are running, stopped, and failed. If you just enabled Oracle Data Safe and are accessing the Oracle Data Safe Console for the first time, then the charts have no data. After you register a target database, Oracle Data Safe automatically runs a User Assessment job and a Security Assessment job for that target database, which populates the Security Assessment and User Assessment charts in the dashboard. In the upper-right corner of the dashboard, you can filter the dashboard data by target databases, if needed. The following screenshot is an example of an Oracle Data Safe dashboard.
1-10 Chapter 1 Oracle Data Safe Dashboard
1-11 2 Security Assessment
This section discusses how to assess the security of your database configurations by using the Security Assessment feature in Oracle Data Safe. • Security Assessment Overview The Security Assessment feature in Oracle Data Safe helps you assess the security of your Oracle database configurations. • Comprehensive Assessment Reports The results of Security Assessment jobs are displayed in Comprehensive Assessment reports. • Baseline Reports A baseline report is a Comprehensive Assessment report to which you compare another Comprehensive Assessment report. • Comparison Reports In Security Assessment, you can generate Comparison Reports, which show you the differences between two Security Assessments. • View Comprehensive Assessment Reports You can view Comprehensive Assessment Reports from the Security Assessment Wizard or the Reports tab. You can view the most current report or a previous report from either location. • Create Security Assessment Jobs You can create security assessment jobs in the Security Assessment wizard. • Compare Comprehensive Assessment Reports Security Assessment lets you generate a Comparison Report that shows the changes on your target database between two Comprehensive Assessment reports. You can view details about database changes and risk level changes. You can generate a Comparison Report from the Security Assessment wizard or from a Comprehensive Report. • Schedule Recurring Security Assessment Jobs You can schedule recurring security assessment jobs for one or more target databases in Oracle Data Safe. The schedule can be daily, weekly, or monthly. Security Assessment Overview
The Security Assessment feature in Oracle Data Safe helps you assess the security of your Oracle database configurations. This article has the following topics: • Introduction • Use Cases • Security Assessment Workflow
2-1 Chapter 2 Security Assessment Overview
Introduction
Poor database configurations, such as weak password policies, no controls on over- privileged accounts, and lack of activity monitoring, are the most common causes of database vulnerabilities. In Oracle Data Safe, Security Assessment analyzes your database configurations, user accounts, and security controls, and then reports findings with recommendations for remediation activities that follow best practices to reduce or mitigate risk. Security Assessment reports provide you an overall picture of your database security status. They highlight recommendations by the Center for Internet Security (CIS), European Union's General Data Protection Regulation (GDPR), and Security Technical Implementation Guide (STIG), making it easier for you to identify the recommended security controls. Use Cases
Examples of what you might do with the Security Assessment feature: • Quickly and easily assess your database configurations to learn which configuration choices may have introduced unnecessary risk into your environment and how you can reduce, remove, or mitigate risks. • Apply security findings to accelerate compliance with the European Union's GDPR and other regulations. • Identify deployed security policies. • Learn how to protect sensitive data in your Oracle databases when moving applications from development to production. Security Assessment might suggest that you enable encryption and then point you to some documentation on how to do that. • Promote database security best practices. Security Assessment Workflow
The workflow for assessing your database security with Security Assessment is as follows:
1. Register the target database that you want to assess. After you register a target database, Oracle Data Safe automatically runs a Security Assessment job for that target database.
Security Assessment should not be run on CDB$ROOT. 2. Schedule a recurring security assessment job or create a one-time security assessment job for one or more target databases by using the Security Assessment wizard. 3. Analyze the results in the Comprehensive Assessment report.
2-2 Chapter 2 Comprehensive Assessment Reports
Comprehensive Assessment Reports
The results of Security Assessment jobs are displayed in Comprehensive Assessment reports. This article has the following topics: • About Comprehensive Assessment Reports • Example • Findings About Comprehensive Assessment Reports
A Comprehensive Assessment report includes findings for user accounts, privileges and roles, authorization control, data encryption, fine-grained access control, auditing, and database configurations. Each finding is assigned a risk level (High Risk, Medium Risk, Low Risk, Advisory, Evaluate, and Pass). The top of the report shows you the number of findings for each risk level, which helps you to see at a glance how secure your databases are. Some findings indicate that they are recommended by the Center for Internet Security (CIS), European Union's General Data Protection Regulation (GDPR), or Security Technical Implementation Guide (STIG). Example
The following screenshot is an example of a Comprehensive Assessment report.
2-3 Chapter 2 Baseline Reports
Findings
Findings in the Comprehensive Assessment report give recommendations to improve the security posture of the database and provide information for further analysis. Most findings consist of the following information: • Status: A status value can be High Risk, Medium Risk, Low Risk, Advisory (improve security posture by enabling more security features and technology), Evaluate (needs manual analysis), or Pass (no errors found). A High Risk finding might require immediate remedial action, whereas lower-risk findings might be fixed during a scheduled downtime, or bundled together with other maintenance activities. Use these values to help you prioritize and schedule changes. • Summary: This section presents a brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined. • Details: This section provides information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes. • Remarks: This section explains the reason for the rule and recommended actions for remediation. If a risk is reported, this section may also explain the recommended actions for remediation. • References: This section provides information on whether the finding is related to a Center for Internet Security (CIS) recommendation, a General Data Protection Regulation (GDPR) Article/Recital, or a Security Technical Implementation Guide (STIG) recommendation. The following screenshot is an example of a Findings section.
Baseline Reports
A baseline report is a Comprehensive Assessment report to which you compare another Comprehensive Assessment report. In Security Assessment, you can compare two Comprehensive Assessment reports. You set one of the reports as the baseline report, and then compare the other report to the baseline report. You can generate a Comparison Report for each target database. On the Security Assessment page, the default value in the Differs from Baseline column for a target database is Baseline not set. After you set a baseline report and run a comparison job, the value becomes Yes or No. See the screenshot below.
2-4 Chapter 2 Comparison Reports
• If the value is Yes, it means that there are changes on the target database since the baseline report was generated, and possibly new risks are added. A link is provided to the Comparison Report. • If the value is No, as shown in the following screenshot, it means that there are no changes on the target database since the baseline report was generated. A link is provided to the Comparison Report, although the report is empty.
Comparison Reports
In Security Assessment, you can generate Comparison Reports, which show you the differences between two Security Assessments. This article has the following topics: • About Comparison Reports • Example • Interpreting Comparison Reports About Comparison Reports
A Comparison Report consists of a summary table and a details table. The Summary table helps you to identify where the risk level changes are occurring on your target database and whether the risk levels are increasing, decreasing, or staying the same. The details table describes the changes on the target database. In the Summary table, the risk levels are categorized as High Risk, Medium Risk, Low Risk, Advisory, Evaluate, and Pass. The categories in the first column represent types of findings. They are User Accounts, Privileges and Roles, Authorization Control, Fine-Grained Access Control, Auditing, Encryption, and Database Configuration. You can view the number of new risks added and the number of risks remediated (removed). The upward-facing arrow represents new risks. The downward-facing arrow represents remediated risks. The change value is the total count of modified risks, new risks, and remediated risks on the target database for each category/risk level. In the details table, you can view the risk level of each change, the findings category to which the change belongs, and a description of the change. The Comparison column is important because it provides explanations of what is changed, added, or removed from the target database since the baseline report was generated. The column also tells you if the change is a new risk or a remediated risk. Example
2-5 Chapter 2 Comparison Reports
The following screenshot is an example of a Comparison Report.
Interpreting Comparison Reports
The following examples are intended to help you interpret the information in a Comparison Report. Example 2-1 New risk in a target database Suppose the baseline report does not contain a high risk finding in the Database Configuration category. The current assessment found one high risk finding. Therefore, the count for new risks is one. The count for remediated risks is zero. The change count is one. Example 2-2 Modified risk in a target database Suppose in the baseline report, the high risk level for the User Accounts category shows that three users have unlocked user accounts with the default password. The number of new risks is equal to one. The current assessment found two more users in the same situation. Because this is not a new risk, just a change to an existing risk, the modified risk count is equal to one and the number of new risks is zero. There are zero remediated risks so the change count is one. Example 2-3 Remediated risks and new risks in a target database Suppose the baseline report contains ten medium risk findings in the User Accounts category. In the current assessment, three of those risks are remediated. But, three new unique risks are found for the same category/risk level. In this case, the Summary table shows a count of three remediated risks and three new risks. There are zero modified risks so the change count is six. Each new risk is a separate line item in the details table below the Summary table.
2-6 Chapter 2 View Comprehensive Assessment Reports
View Comprehensive Assessment Reports
You can view Comprehensive Assessment Reports from the Security Assessment Wizard or the Reports tab. You can view the most current report or a previous report from either location. This article has the following topics: • View a Comprehensive Report from the Security Assessment Wizard • View a Comprehensive Assessment Report from the Reports Tab View a Comprehensive Report from the Security Assessment Wizard
1. Click the Home tab, and then click Security Assessment. 2. To view the last generated report, click View Report for your target database. 3. To view an older report, do the following: a. Click Set Baseline for your target database. The Select report for baseline dialog box is displayed. b. In the Last Assessed On column, click a report date. The Comprehensive Assessment report is displayed. View a Comprehensive Assessment Report from the Reports Tab
1. Click the Reports tab. 2. On the left, expand Security Assessment, and then click Comprehensive Assessment. The Comprehensive Assessment page is displayed. It shows one line for each target database. 3. To view the current assessment report for a target database, click View Report in the Last Generated Report column. The most current Comprehensive Assessment report is displayed. 4. To view an older assessment report for a target database, do the following: a. In the Last Generated Report column, click View History. The Assessment History dialog box is displayed. You can view whether a report is set as the baseline report, as well as the report's high, medium, and low risk counts. b. In the Last Assessed On column, click a report date. The Comprehensive Assessment report is displayed. Create Security Assessment Jobs
You can create security assessment jobs in the Security Assessment wizard. This article has the following topics:
2-7 Chapter 2 Compare Comprehensive Assessment Reports
• Prerequisites • Create a Security Assessment Job Prerequisites
Before you create a security assessment job, you need to register the target database that you want to assess. Security Assessment should not be run on CDB$ROOT. Create a Security Assessment Job
1. Click the Home tab and then click Security Assessment. 2. Select the check boxes for the target database that you want to assess. If needed, you can select multiple target databases. 3. Click Assess. The assessment runs for a couple of minutes and then generates a Security Assessment report for each selected target database. A check mark next to the assessment report indicates that the assessment is done. 4. Click View Report for a target database to open its report. 5. To expand a category, click it or click the triangle next to it. 6. Slide the vertical scroll bar to scroll through the report content. Compare Comprehensive Assessment Reports
Security Assessment lets you generate a Comparison Report that shows the changes on your target database between two Comprehensive Assessment reports. You can view details about database changes and risk level changes. You can generate a Comparison Report from the Security Assessment wizard or from a Comprehensive Report. This article has the following topics: • Set a Baseline Report and Generate a Comparison Report from the Security Assessment Wizard • Set a Baseline Report from a Comprehensive Assessment Report Page • Generate a Comparison Report from a Comprehensive Assessment Report Page Set a Baseline Report and Generate a Comparison Report from the Security Assessment Wizard
1. In the Security Assessment wizard, run at least two security assessment jobs for a target database over a period of time. 2. On the Security Assessment page, in the Differs from Baseline column, click Set Baseline for the target database. The Select report for baseline dialog box is displayed.
2-8 Chapter 2 Schedule Recurring Security Assessment Jobs
3. In the Baseline column, select the option button for the report that you want to set as the baseline report. 4. Click Set as Baseline. The Differs from Baseline column is updated to show a value of Yes or No. The value is Yes if the baseline report differs from the current report. The value is No if there are no differences. 5. To view the Comparison Report, click the Yes or No link. If there are no differences, then the Comparison Report has no data. Set a Baseline Report from a Comprehensive Assessment Report Page
1. View a Comprehensive Assessment report. 2. Click Set as Baseline. The Comprehensive Assessment report that you are viewing is set as the baseline report. Generate a Comparison Report from a Comprehensive Assessment Report Page
1. Ensure that a baseline report is set for your target database. 2. View a Comprehensive Assessment report. If a baseline report is set for the target database, the Compare with Baseline button is enabled; otherwise it is greyed out. 3. Click Compare with Baseline. The Comparison Report is displayed. Schedule Recurring Security Assessment Jobs
You can schedule recurring security assessment jobs for one or more target databases in Oracle Data Safe. The schedule can be daily, weekly, or monthly. This article has the following topics: • Schedule a Recurring Security Assessment Job for a Single Target Database • Update a Recurring Security Assessment Job for a Single Target Database • Schedule a Recurring Security Assessment Job for Multiple Target Databases • Delete a Recurring Security Assessment Job Schedule a Recurring Security Assessment Job for a Single Target Database
You can schedule a recurring security assessment job for a single target database from the Security Assessment wizard. 1. Click the Home tab, and then click Security Assessment.
2-9 Chapter 2 Schedule Recurring Security Assessment Jobs
2. Select the target database for which you want to schedule the assessment, and then click Schedule Periodic Assessment. The Schedule Jobs dialog box is displayed. 3. To configure a daily schedule, do the following: a. From the Schedule Type drop-down list, select Daily. b. Next to the At field, click the calendar widget and select a time. 4. To configure a weekly schedule, do the following: a. In the Schedule Type drop-down list, select Weekly. b. From the Every drop-down list, select a day of the week; for example, Monday. c. Next to the At field, click the calendar widget and select a time. 5. To configure a monthly schedule, do the following: a. From the Schedule Type drop-down list, select Monthly. b. From the Day drop-down list, select a day number; for example, 13 is the 13th day of the month. c. Next to the At field, click the calendar widget and select a time. 6. Click Schedule. 7. To view the job, click the Jobs tab and find the scheduled job. Update a Recurring Security Assessment Job for a Single Target Database
You can update the schedule for a recurring security assessment job from the Security Assessment wizard or from the Jobs page. The same scheduling options are available in both places. To update the security assessment schedule from the Security Assessment wizard:
1. Click the Home tab, and then click Security Assessment. 2. Select the target database for which you want to update the security assessment schedule, and then click Schedule Periodic Assessment. The Schedule Jobs dialog box shows the current settings for either a daily, weekly, or monthly recurrence. 3. Edit the schedule, and then click Schedule Job. To update the security assessment schedule from the Jobs page:
1. Click the Jobs tab. 2. Click the Scheduled Jobs subtab to view the list of scheduled assessment jobs. 3. Click the security assessment job ID. The Update Schedule dialog box shows the current settings for either a daily, weekly, or monthly recurrence. 4. Edit the schedule, and then click Update Schedule.
2-10 Chapter 2 Schedule Recurring Security Assessment Jobs
5. To find the date and time of the next security assessment job, check the Next Schedule Run column of the first job in the schedule job table. Schedule a Recurring Security Assessment Job for Multiple Target Databases
You can schedule a recurring security assessment job for multiple target databases at the same time from the Security Assessment wizard. The schedule overrides existing schedules for all selected target databases.
1. Click the Home tab, and then click Security Assessment. 2. Select multiple target databases. 3. Click Schedule Periodic Assessment. The Schedule Jobs dialog box is displayed. 4. To configure a daily schedule, do the following: a. From the Schedule Type drop-down list, select Daily. b. Next to the At field, click the calendar widget and select a time. 5. To configure a weekly schedule, do the following: a. In the Schedule Type drop-down list, select Weekly. b. From the Every drop-down list, select a day of the week; for example, Monday. c. Next to the At field, click the calendar widget and select a time. 6. To configure a monthly schedule, do the following: a. From the Schedule Type drop-down list, select Monthly. b. From the Day drop-down list, select a day number; for example, 13 is the 13th day of the month. c. Next to the At field, click the calendar widget and select a time. 7. Click Schedule. The schedule is applied to all selected target databases. Delete a Recurring Security Assessment Job
You can delete recurring security assessment jobs for single or multiple target databases from the Jobs page.
1. Click the Jobs tab. 2. Click the Scheduled Jobs subtab. 3. Select the recurring security assessment job for your target database(s), and then click Delete. The Delete Job dialog box asks you to confirm the deletion. 4. Click OK to confirm. The recurring security assessment job is deleted.
2-11 3 User Assessment
This section discusses how to assess user security by using the User Assessment feature in Oracle Data Safe. • User Assessment Overview User Assessment helps you assess the security of your database users and identify high risk users. In this overview, you learn about the key aspects of User Assessment and the general workflow for assessing users on your Oracle databases. • User Assessment Reports A User Assessment job generates a report that helps you identify users that pose a risk to your target database. The report includes four charts and a table. • Create User Assessment Jobs To assess user security on one or more target databases, you can create a user assessment job with the User Assessment wizard. User Assessment Overview
User Assessment helps you assess the security of your database users and identify high risk users. In this overview, you learn about the key aspects of User Assessment and the general workflow for assessing users on your Oracle databases. Knowing which users have access to sensitive data is essential to managing risk. Which database accounts have powerful roles, such as Database Administrator, Database Vault Administrator, or Audit Administrator? Who can make changes that seriously impact the system, access sensitive data, or grant access to unauthorized users? Is there a risk of hackers taking over some user accounts because the passwords have not been changed in a long time? The User Assessment feature in Oracle Data Safe answers these questions and more to help you identify your high risk users. Administrators can then deploy appropriate security controls and policies. User Assessment reviews information about your users in the data dictionaries on your target databases, and then calculates a risk score for each user. For example, it evaluates the user types, how users are authenticated, the password policies assigned to each user, and how long it has been since each user has changed their password. With this information, you can decide whether to implement more restrictive password policies, use Oracle Database Vault, or do something to further limit user access, if needed. After you register a target database, Oracle Data Safe automatically runs a User Assessment job for that target database. User Assessment Reports
A User Assessment job generates a report that helps you identify users that pose a risk to your target database. The report includes four charts and a table. This article has the following topics: • Charts
3-1 Chapter 3 User Assessment Reports
• Table Charts
The following charts are displayed at the top of a User Assessment report: • User Risk: Shows the number of users who are Critical Risk, High Risk, Medium Risk, and Low Risk.
• User Roles: Compares the number of users with the DBA, DV Admin, and Audit Admin roles.
• Last Password Change: Shows the number of users who have changed their passwords in the last 30 days, the last 30-90 days, and 90 days ago or more.
3-2 Chapter 3 User Assessment Reports
• Last Login: Shows the percentage of users that signed in to the database within the last 24 hours, within the last week, within the current month, within the current year, and a year ago or more.
Table
The table is displayed below the charts and contains the following information about each user in a target database: • User account name • Target database name • User type: Admin, Application, Privileged, Schema, or Non-privileged. A user with one or more of the following administrative privileges is classified as an Admin user: SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, or SYSKM. A privileged user is a user who is granted system and object privileges that classify the user as High or Very High risk. • A check mark if the user has the DBA, DV Admin, or Audit Admin role • Risk level: Low, Medium, High, and Critical
3-3 Chapter 3 Create User Assessment Jobs
• Status: OPEN, LOCKED, or EXPIRED & LOCKED • Date/time when the user last logged into the target database • Time duration since the user was created, for example, four months ago • Authentication method used by the user, for example, PASSWORD or NONE • Password profile used by the user, for example, DEFAULT • Date/time when the user's password was last changed • Link to the user's audit records The following is an example table in a User Assessment report.
Create User Assessment Jobs
To assess user security on one or more target databases, you can create a user assessment job with the User Assessment wizard. This article has the following topics: • Prerequisites • Create a User Assessment Job Prerequisites
Before you create a user assessment job, you need to register the target database that you want to assess. Create a User Assessment Job
You can create a User Assessment job in the User Assessment wizard.
1. Click the Home tab, and then click User Assessment. The User Assessment page is displayed. 2. Select the check boxes for the database targets for which you want to assess user security. 3. Click Assess. When the assessment is finished, a link to the User Assessment report is displayed for each selected target database. 4. Click View Report for a target database.
3-4 Chapter 3 Create User Assessment Jobs
The User Assessment report is displayed. 5. To view more charts, click the small circles directly below the charts. 6. To browse within a page, drag the scroll bars on the right and bottom of the report. 7. To browse between pages, at the bottom of the report, enter a page number or click a page number. You can also use the arrow keys to step through the pages or move directly to the first or last page.
3-5 4 Activity Auditing
This section discusses how to configure audit and alert policies for monitoring Oracle database activities, collecting audit data, and generating alerts on audit events by using the Activity Auditing feature in Oracle Data Safe. • Activity Auditing Overview Activity Auditing lets you audit user activity on your target databases so you can monitor database usage and be alerted of unusual database activities. • Audit Policies An audit policy defines specific events to track in a target database. • Audit Trails An audit trail is a database table that stores audit data. In Oracle Data Safe, audit data collection copies audit data from the database's audit trail into the Oracle Data Safe audit table. You can use the auto purge feature to purge audit records from your target databases. • Alerts and Alert Policies An alert is a message that notifies you when a particular audit event happens on a target database. Alerts are based on the alert policies that you enable in Activity Auditing. • Audit Data Lifecycle Management The audit data retention, archival, and retrieval features help you to manage the quantity of audit data that you store with the Activity Auditing feature. • Activity Auditing Reports An Activity Auditing job generates reports that you can access from the Reports tab. The reports track general database activities, such as audited SQL statements, application access activities, and user login activities, as well as Oracle Data Safe activities. • Service Activity Report Oracle Data Safe administrators can use the Service Activity report to track user activities in Oracle Data Safe. • Retrieve and Provision Audit Policies You can retrieve and provision audit policies for one or more databases at a time by using the Activity Auditing wizard. • Add Audit Trails For each target database that you want to collect audit records, you need to add at least one audit trail to Oracle Data Safe. You can add audit trails from the Audit Trails page or while you are working in the Activity Auditing wizard. • Manage Audit Collection You can manage audit collection from the Audit Trails and Settings pages. • Manage Alerts Alerts notify you when particular events occur on your target databases and collect on the Alerts page in the Oracle Data Safe Console. Oracle Data Safe provides ways that you can investigate, monitor, and report on alerts as well as modify the types of alerts generated.
4-1 Chapter 4 Activity Auditing Overview
Activity Auditing Overview
Activity Auditing lets you audit user activity on your target databases so you can monitor database usage and be alerted of unusual database activities. This article has the following topics: • About Activity Auditing • Activity Auditing Workflow About Activity Auditing
You entrust your databases to your database administrators, account owners, and end users. However, it’s important to monitor database activity regularly because accounts are always at risk for being compromised or misused. Activity Auditing in Oracle Data Safe helps to ensure accountability and improve regulatory compliance. With Activity Auditing, you can monitor user activities on Oracle databases by doing the following: • Collect and retain audit records per industry and regulatory compliance requirements. For example, you can audit sensitive database changes, administrator and user activities, activities recommended by the Center for Internet Security (CIS), and activities defined by your own organization. Up to one million audit records per month per target database are included in Oracle Data Safe at no additional cost. • Trigger alerts as needed for unusual behavior. For example, you can choose to be alerted when a database parameter or audit policy changes, a failed login by an admin occurs, a user entitlement changes, and when a user is created or deleted. Activity Auditing provides a wide range of interactive audit reports, including the All Activity report, which is a comprehensive report that contains every audited activity. Other reports focus on specific areas, such as user and entitlement changes, administrative activity, data access, database schema changes, and login sessions. You can also download a report as a spreadsheet or PDF file, which is useful for compliance reporting. Activity Auditing Workflow
The workflow for Activity Auditing involves registering target databases, configuring Activity Auditing jobs, monitoring the audit data, and managing the activity auditing jobs. The following steps outline the general process for using the Activity Auditing feature.
1. Register the target database for which you want to collect audit data. 2. On the Settings page, configure usage settings and audit data retention settings. • Specify if you want to collect audit data for your target database after it reaches the monthly free limit. Up to one million audit records per month per target database are included in Oracle Data Safe at no additional cost.
4-2 Chapter 4 Audit Policies
• Specify the number of months that you want to retain audit data online. The default is 12 months. • Specify the number of months that you want to archive audit data. The default is 0 months. The total months is the sum of online and archive months and impacts how long the audit records are stored in Oracle Data Safe. 3. Configure an Activity Auditing job for your target database. You can choose to configure multiple target databases at one time. a. In the Activity Auditing wizard, select your target database and retrieve its audit policies. b. Select audit policies to provision on your target database. You can choose categories of audit policies, individual custom policies, Oracle pre-defined policies, and audit compliance standards policies. c. Select alert policies to provision on your target database. Alerts are generated when certain user activities occur on the target database. You can choose to be alerted to database parameter changes, failed logins by administrator users, audit policy changes, user creations/deletions, and user entitlement changes. d. Register an audit trail for the target database. For an Autonomous Database, Activity Auditing automatically registers the UNIFIED_AUDIT_TRAIL. e. Start collecting audit data. Audit data collection begins when you start the Activity Auditing job and continues until you stop the job. Turn on the auto purge feature at your discretion. Please be aware of the implications of turning on auto purge. 4. Monitor the audit data: • View and manage audit reports for the target database from the Reports tab. • View and manage alerts from the Alerts tab. 5. Control audit data collection: • Manage the audit trail from the Audit Trails page. You can start, stop, pause, and resume collecting audit data and delete the audit trail. • View the audit job running on the Jobs page, but manage the job from the Audit Trails page. 6. Retrieve audit data as needed. On the Retrieve Audit Data page, you can retrieve audit data from the archive if archiving has been configured. Audit Policies
An audit policy defines specific events to track in a target database. This article has the following topics: • Audit Policies in Oracle Data Safe • Basic Auditing Policies • Admin Activity Auditing Policy • User Activity Auditing Policy • Custom and Oracle Predefined Policies • Audit Compliance Standards
4-3 Chapter 4 Audit Policies
Audit Policies in Oracle Data Safe
In Oracle Data Safe, you can provision the following audit policies on your target databases: • Basic auditing policies • Administrator and user activity auditing policies • Audit compliance standards • Additional audit policies After an audit policy is provisioned, the target database can begin to generate audit data. You can manage audit data by using the auto purge feature (which is disabled by default) and audit data retention setting. The audit data retention setting lets you specify how long, in months, your audit data is kept in the Oracle Data Safe repository. Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online. Enabling auto-purge deletes all audit records in the target database every seven days, including those older than the retention period (hence not collected in Oracle Data Safe). After considering this impact, you should enable this feature carefully.
Note:
Provisioning and retrieval of audit policies is not supported in Oracle Database 12.1 and below.
Basic Auditing Policies
You can enable the following basic auditing policies: • Critical Database Activity • Login Events • Database Schema Changes The Critical Database Activity policy allows you to audit critical database activity, for example, when a user, role, or profile is created, modified, or dropped. The following audit policy gets provisioned on the target database:
CREATE AUDIT POLICY ORA_ADS$_CRITICAL_DB_ACTIVITY PRIVILEGES EXEMPT ACCESS POLICY,EXEMPT REDACTION POLICY, ADMINISTER KEY MANAGEMENT,EXPORT FULL DATABASE,IMPORT FULL DATABASE,
4-4 Chapter 4 Audit Policies
CREATE PUBLIC DATABASE LINK, ALTER PUBLIC DATABASE LINK, DROP PUBLIC DATABASE LINK, CREATE PUBLIC SYNONYM, DROP PUBLIC SYNONYM, SELECT ANY DICTIONARY, ADMINISTER DATABASE TRIGGER, PURGE DBA_RECYCLEBIN, LOGMINING ACTIONS CREATE USER, ALTER USER, DROP USER, CREATE ROLE, DROP ROLE, ALTER ROLE, SET ROLE, GRANT, REVOKE, CREATE PROFILE, ALTER PROFILE, DROP PROFILE, CREATE PLUGGABLE DATABASE, DROP PLUGGABLE DATABASE, ALTER PLUGGABLE DATABASE, CREATE LOCKDOWN PROFILE, ALTER LOCKDOWN PROFILE, DROP LOCKDOWN PROFILE, ALTER DATABASE, ALTER SYSTEM, CREATE TABLESPACE, ALTER TABLESPACE, DROP TABLESPACE, CREATE ROLLBACK SEGMENT, ALTER ROLLBACK SEGMENT, DROP ROLLBACK SEGMENT, CREATE DIRECTORY, DROP DIRECTORY, CREATE DISK GROUP,ALTER DISK GROUP,DROP DISK GROUP, CREATE PFILE,CREATE SPFILE ACTIONS COMPONENT = datapump EXPORT,IMPORT ACTIONS COMPONENT = DIRECT_LOAD LOAD;
AUDIT POLICY ORA_ADS$_CRITICAL_DB_ACTIVITY; -- enabled for all users
The Login Events policy tracks all login and logoff activities by users. You can specify Oracle-maintained users and non-Oracle-maintained users to be excluded. The following audit policy gets provisioned on the target database:
CREATE AUDIT POLICY ORA_ADS$_LOGON_EVENTS ACTIONS LOGON,LOGOFF; CREATE AUDIT POLICY ORA_ADS$_LOGON_FAILURES ACTIONS LOGON; AUDIT POLICY ORA_ADS$_LOGON_EVENTS EXCEPT
The Database Schema Changes policy tracks all Data Definition Language (DDL) commands issued by any database user, for example, when a table, database link, function, or trigger is created, modified, or dropped. The following audit policy gets provisioned on the target database:
CREATE AUDIT POLICY ORA_ADS$_DB_SCHEMA_CHANGES PRIVILEGES CREATE EXTERNAL JOB, CREATE JOB, CREATE ANY JOB ACTIONS CREATE PROCEDURE, DROP PROCEDURE, ALTER PROCEDURE, CREATE PACKAGE, ALTER PACKAGE, DROP PACKAGE, CREATE PACKAGE BODY, ALTER PACKAGE BODY, DROP PACKAGE BODY, CREATE FUNCTION, DROP FUNCTION, ALTER FUNCTION, CREATE TRIGGER, ALTER TRIGGER, DROP TRIGGER, CREATE LIBRARY, ALTER LIBRARY, DROP LIBRARY, CREATE SYNONYM, DROP SYNONYM, CREATE TABLE, ALTER TABLE, DROP TABLE, TRUNCATE TABLE, CREATE DATABASE LINK, ALTER DATABASE LINK, DROP DATABASE LINK, CREATE INDEX, ALTER INDEX, DROP INDEX,
4-5 Chapter 4 Audit Policies
CREATE OUTLINE, ALTER OUTLINE,DROP OUTLINE, CREATE CONTEXT, DROP CONTEXT, CREATE ATTRIBUTE DIMENSION,ALTER ATTRIBUTE DIMENSION,DROP ATTRIBUTE DIMENSION, CREATE DIMENSION,ALTER DIMENSION,DROP DIMENSION, CREATE INDEXTYPE,ALTER INDEXTYPE,DROP INDEXTYPE, CREATE OPERATOR,ALTER OPERATOR,DROP OPERATOR, CREATE JAVA,ALTER JAVA,DROP JAVA, CREATE MINING MODEL,ALTER MINING MODEL,DROP MINING MODEL, CREATE TYPE BODY,ALTER TYPE BODY,DROP TYPE BODY, CREATE TYPE,ALTER TYPE,DROP TYPE, CREATE MATERIALIZED VIEW,ALTER MATERIALIZED VIEW,DROP MATERIALIZED VIEW, CREATE MATERIALIZED VIEW LOG, ALTER MATERIALIZED VIEW LOG,DROP MATERIALIZED VIEW LOG, CREATE MATERIALIZED ZONEMAP, ALTER MATERIALIZED ZONEMAP,DROP MATERIALIZED ZONEMAP, CREATE VIEW, ALTER VIEW, DROP VIEW,CREATE ANALYTIC VIEW, ALTER ANALYTIC VIEW, DROP ANALYTIC VIEW, CREATE SEQUENCE, ALTER SEQUENCE, DROP SEQUENCE, CREATE CLUSTER, ALTER CLUSTER, DROP CLUSTER,TRUNCATE CLUSTER;
AUDIT POLICY ORA_ADS$_DB_SCHEMA_CHANGES; -- enabled for all users
Admin Activity Auditing Policy
The Admin Activity Auditing policy lets you audit all activities by privileged administrators. These administrators can make significant changes to the wider system. A database administrator (DBA) can have access to sensitive data that is not protected by realms, and can exfiltrate. The Admin Activity auditing policy audits all activities for any user who has one of the following privileges or roles: • Admin privileges: SYSOPER, SYSDG, SYSKM, SYSRAC, and SYSBACKUP • Roles: DBA, DATAPUMP_EXP_FULL_DATABASE, DATAPUMP_IMP_FULL_DATABASE, EXP_FULL_DATABASE, IMP_FULL_DATABASE The following audit policy gets provisioned on the target database:
CREATE AUDIT POLICY ORA_ADS$_ADMIN_USER_ACTIVITY ACTIONS ALL WHEN ©SYS_CONTEXT(©©USERENV©©, ©©CURRENT_USER©©) NOT IN (©©DIP©©,©©WMSYS©©,©©XDB©©, ©©ORDDATA©©,©©OLAPSYS©©,©©MDSYS©©,©©ORDPLUGINS©©,©©GSMADMIN_INTERNAL©©, ©©SI_INFORMTN_SCHEMA©©,©©ANONYMOUS©©,©©GGSYS©©,©©DBSFWUSER©©,©©APPQOSSYS ©©,©©DBSNMP©©, ©©GSMUSER©©,©©SYSDG©©,©©SYS$UMF©©,©©ORACLE_OCM©©,©©OUTLN©©,©©SYSKM©©,©©S YS©©,©©SYSTEM©©, ©©XS$NULL©©,©©GSMCATUSER©©,©©MDDATA©©,©©SYSBACKUP©©,©©REMOTE_SCHEDULER_A GENT©©,©©SYSRAC©©, ©©CTXSYS©©,©©DVF©©,©©OJVMSYS©©,©©DVSYS©©,©©AUDSYS©©,©©ORDSYS©©,©©LBACSYS
4-6 Chapter 4 Audit Policies
©©)© EVALUATE PER STATEMENT;
AUDIT POLICY ORA_ADS$_ADMIN_USER_ACTIVITY BY USERS WITH GRANTED ROLES DBA, DATAPUMP_EXP_FULL_DATABASE, DATAPUMP_IMP_FULL_DATABASE, EXP_FULL_DATABASE, IMP_FULL_DATABASE;
AUDIT POLICY ORA_ADS$_ADMIN_USER_ACTIVITY BY PUBLIC, SYSDG, SYSKM, SYSRAC, SYSBACKUP;
For Oracle Database 19c, the following audit policy also gets provisioned:
CREATE AUDIT POLICY ORA_ADS$_SYS_TOP_ACTIVITY ACTIONS ALL ONLY TOPLEVEL; AUDIT POLICY ORA_ADS$_SYS_TOP_ACTIVITY by SYS;
User Activity Auditing Policy
The User Activity Auditing policy tracks all activity by users who may have access to sensitive data or who are under observation. These users could be “non-admin but privileged” users. When enabling this policy in the interface, you must specify non-Oracle maintained users to audit. The following audit policy gets provisioned on the target database:
CREATE AUDIT POLICY ORA_ADS$_USER_ACTIVITY ACTIONS ALL WHEN ©SYS_CONTEXT(©©USERENV©©, ©©CURRENT_USER©©) NOT IN (©©DIP©©,©©WMSYS©©,©©XDB©©,©©ORDDATA©©,©©OLAPSYS©©,©©MDSYS©©,©©ORDPLUGINS©©,© ©GSMADMIN_INTERNAL©©,©©SI_INFORMTN_SCHEMA©©,©©ANONYMOUS©©,©©GGSYS©©,©©DBSFWUS ER©©,©©APPQOSSYS©©,©©DBSNMP©©,©©GSMUSER©©,©©SYSDG©©,©©SYS$UMF©©,©©ORACLE_OCM© ©,©©OUTLN©©,©©SYSKM©©,©©SYS©©,©©SYSTEM©©,©©XS$NULL©©,©©GSMCATUSER©©,©©MDDATA© ©,©©SYSBACKUP©©,©©REMOTE_SCHEDULER_AGENT©©,©©SYSRAC©©,©©CTXSYS©©,©©DVF©©,©©OJ VMSYS©©,©©DVSYS©©,©©AUDSYS©©,©©ORDSYS©©,©©LBACSYS©©)© EVALUATE PER STATEMENT;
AUDIT POLICY ORA_ADS$_USER_ACTIVITY BY
Custom and Oracle Predefined Policies
If you have custom unified audit policies created on your target database or have Oracle predefined unified policies already defined, you can enable them in Oracle Data Safe.
Custom Policies If you create an audit policy on your target database, you can enable or disable it from the Oracle Data Safe Console.
Oracle Predefined Policies Oracle predefined unified audit policies are groups of audit options for common audit use cases. The following are examples. Depending on your target database, such as Autonomous Transaction Processing (serverless) and Autonomous Data Warehouse, you may have additional predefined policies than those listed below.
4-7 Chapter 4 Audit Trails
• ORA_ACCOUNT_MGMT • ORA_DATABASE_PARAMETER • ORA_SECURECONFIG • ORA_DV_AUDPOL • ORA_DV_AUDPOL2 • ORA_RAS_POLICY_MGMT • ORA_RAS_SESSION_MGMT • ORA_LOGON_FAILURES • COMMON_USER • ADB_ADMIN_AUDIT • ADB_MANDATORY_AUDIT Audit Compliance Standards
During Activity Auditing, you can enable or disable two audit compliance standards policies: • Center for Internet Security (CIS) Configuration - available for Oracle Database 12.2 and later • Security Technical Implementation Guidelines (STIG) - available for Oracle Database 21c and later These policies tracks many activities and can help you evaluate whether you are adhering to database compliance requirements. For example, you can track when a user, database link, profile, or procedure is created, altered, or dropped. The Center for Internet Security (CIS) Recommendations policy (ORA_CIS_RECOMMENDATIONS) is a pre-defined unified audit policy in Oracle Database designed to perform audits that the CIS recommends. CIS is a world-recognized organization that provides consensus-based best practices for helping organizations assess and improve their cyber security posture. They provide resources, such as configuration assessment tools, secure configuration benchmarks, security metrics, and certifications. One of the main objectives of the organization is to help businesses prioritize what they need to do for security, and they strive to provide recommendations in simple, non-technical terms. STIG is a set of rules, checklists, and other best practices created by the Defense Information Systems Agency (DISA) to ensure compliance with Department of Defense (DOD)-mandated security requirements. Audit Trails
An audit trail is a database table that stores audit data. In Oracle Data Safe, audit data collection copies audit data from the database's audit trail into the Oracle Data Safe audit table. You can use the auto purge feature to purge audit records from your target databases. This article has the following topics:
4-8 Chapter 4 Audit Trails
• Audit Trails in Oracle Data Safe • Supported Audit Trails • Auto Purge Audit Trails in Oracle Data Safe
When audit data collection is enabled, Oracle Data Safe copies the audit data from the database's audit trail into the Oracle Data Safe audit table. You can configure audit trails in Oracle Data Safe. In most cases, you configure only one audit trail per database. The most commonly used audit trail is the UNIFIED_AUDIT_TRAIL data dictionary view, which consolidates all Oracle Database audit trails into one location and in a unified format. Over time an audit trail can become quite large, therefore, you may want to consider the auto purge feature in Oracle Data Safe. You can start and stop audit collection as needed. Supported Audit Trails
The following table describes the supported audit trail locations for supported target databases. The SQL_TEXT, SQL_BINDS, and RLS_INFO columns in UNIFIED_AUDIT_TRAIL and SYS.AUD$ are truncated to 32KB before being stored in Oracle Data Safe. So are LSQLTEXT, LSQLBIND, and RLS$INFO in SYS.FGA_LOG$.
Database Version Standard Edition Enterprise Edition DB system, Oracle SYS.AUD$ SYS.AUD$ Database on a SYS.FGA_LOG$* compute instance, on-premises Oracle DVSYS.AUDIT_TRAIL$ (when Database Database versions Vault is enabled) 11.2.0.4, 12.1.0.1, 12.1.0.2 DB system, Oracle UNIFIED_AUDIT_TRAIL UNIFIED_AUDIT_TRAIL Database on a SYS.AUD$ SYS.AUD$ compute instance, on-premises Oracle SYS.FGA_LOG$* Database versions DVSYS.AUDIT_TRAIL$ (when Database 12.2, 18c, 19c, 20c Vault is enabled)
Note:
SYS.AUD$, SYS.FGA_LOG$ *, and DVSYS.AUDIT_ TRAIL$ are available in mixed mode only.
4-9 Chapter 4 Alerts and Alert Policies
Database Version Standard Edition Enterprise Edition Autonomous (not applicable) UNIFIED_AUDIT_TRAIL Databases (latest version)
*When you enable auto-purge for an FGA_LOG$ audit trail, you may encounter an error and the audit trail is in a stopped state. To enable auto-purge, re-run the datasafe_privileges.sql on the target database and restart the audit trail. Auto Purge
The Oracle Data Safe auto purge feature in Activity Auditing lets you purge audit records from your target databases on a regularly scheduled basis. The auto purge feature is an operation on a target database. When auto purge is enabled on a target database, audit data in the target database is deleted every seven days so that the database's audit trail does not become too large. You can configure auto purge on the Audit Trails page.
Caution:
Enabling auto purge deletes all audit records in the target database every seven days, including those older than the initial start date of the audit collection ("Collect Audit Data from" date). Hence, records might be deleted even if they are not collected in Oracle Data Safe. After considering this impact, you should enable this feature carefully.
Auto-purge is disabled by default. Even if you disable auto-purge in Oracle Data Safe, be aware that your target database may still be purging audit data based on the target database's audit data retention settings. Please refer to your database's documentation for details. Alerts and Alert Policies
An alert is a message that notifies you when a particular audit event happens on a target database. Alerts are based on the alert policies that you enable in Activity Auditing. This article has the following topics: • Alerts Page • Alert Policies in Oracle Data Safe Alerts Page
Alerts are displayed on the Alerts page in Oracle Data Safe Console. On this page, you can view total alert counts for target databases, alert severity levels, and alert statuses; filter alerts on the page; create and delete custom alert reports; open and close alerts; and download an alerts report in PDF format.
4-10 Chapter 4 Audit Data Lifecycle Management
Alert Policies in Oracle Data Safe
You can use the Activity Auditing wizard to provision alert policies on your target databases. An alert policy defines an event in a database to monitor. Alert policies are rule-based and are triggered based on the audit data collected. If an alert’s rule definition is matched (for example, an administrator fails to log in to a target database), then Oracle Data Safe raises an alert and displays it on the Alerts page. The following table describes the predefined alert policies.
Predefined Alert Severity Level Description Profile Changes Critical Changes in user profile Failed Logins by Admin User Critical Failed admin user login attempts Database Parameter Changes High Database parameter changes Audit Policy Changes High Changes in audit policy Database Schema Changes Medium Changes in database schema User Creation/Modification Medium Creation or modification of users User Entitlement Changes Medium User entitlement changes Audit Data Lifecycle Management
The audit data retention, archival, and retrieval features help you to manage the quantity of audit data that you store with the Activity Auditing feature. This article has the following topics: • Audit Data Retention • Audit Data Archival • Audit Data Retrieval • Deregistered Target Databases Audit Data Retention
Activity auditing collects audit records from audit trails for select target databases and copies the data into the Oracle Data Safe audit repository. The repository consists of online storage (available for immediate reporting and analysis) and offline storage (archive). The audit data retention feature helps you to manage the volume of audit data in the Oracle Data Safe database and in the archive. You can store up to twelve months of audit data online by specifying the online period on the Audit Data Retention Settings page. The minimum online retention period is one month. Up to one million audit records per month per target database are included in Oracle Data Safe at no additional cost. If you exceed this limit, you may be charged for audit records over the limit. It depends on your settings in the Oracle Data SafeConsole. The default is to continue collection beyond a million audit records. If you do not want to pay after it reaches the one million audit records per target per month limit, please configure the service to stop collecting. Tenancy administrators, Oracle Data Safe administrators, and delegated
4-11 Chapter 4 Audit Data Lifecycle Management
administrators can configure audit collection for target databases to which they have access. For more information on pricing, consult the Oracle Cloud price list. Audit Data Archival
If you want to retain audit data for more than the online retention period, you can enable archiving by setting the archive period on the Audit Data Retention Settings page. By default, the archive period is zero months. The minimum archive period you can set is zero months and the maximum is 72 months (six years). Thus, you can store audit data for a maximum of seven years in Oracle Data Safe from the time the audit record was generated on the target database (one year online and six years in the archive). Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online. When your audit data is archived, you cannot view it in reports. To be able to view it in reports, you need to retrieve the data from the archive. Audit Data Retrieval
At any time, you can retrieve up to twelve months of archived audit data for each of your target databases. There is no requirement for the twelve month period to be consecutive. Retrieving audit data from the archive usually takes at least one hour. You can configure audit data retrieval from the Retrieved Archive Data page. Suppose you retrieve four months of archived data for a target database. You can do a second retrieval of up to eight months of archived data. If you drop the four months of retrieved data prior to doing the second retrieval, then you can retrieve twelve months of archived data. If you need to retrieve more than twelve months of archived data for any target database, you can file a service request with Oracle Support. In the service request, specify the increase in months needed and how long (in months) you need the increase to be in effect. The increased limit applies to all target databases in your tenancy. You can retrieve audit data from the archive up to six times per month per target database. If needed, you can request an increase by filing a service request with Oracle Support. In the service request, specify how many more retrievals per month you require. The increased limit applies to all target databases in your tenancy. Deregistered Target Databases
If you deregister a target database, the audit data collected for it in the Oracle Data Safe repository is retained according to how you set the online period and archive period before you deregistered the target database. Metadata for the deregistered target database is kept indefinitely.
4-12 Chapter 4 Activity Auditing Reports
Activity Auditing Reports
An Activity Auditing job generates reports that you can access from the Reports tab. The reports track general database activities, such as audited SQL statements, application access activities, and user login activities, as well as Oracle Data Safe activities. The following table describes the audit reports.
Report Name Description Audit Summary Graphical report that shows a summary of events collected and alerts raised. You can gain an understanding of the activity trends for one or more of your target databases. All Activity All audited activities Admin Activity Activities by administrative users User/Entitlement User creation/deletion/privilege and role changes Changes Audit Policy All changes in audit policies Changes Login Activity Database login attempts Data Access Database query operations Data Modification Data modification activities (DMLs) Database Schema Database schema changes (DDLs) Changes Data Safe Activity Activity generated by the Oracle Data Safe service. Database Vault Auditable activities of enabled Oracle Database Vault policies in target databases, Activity including mandatory Database Vault configuration changes, realm violations, and command rule violations. Service Activity Report
Oracle Data Safe administrators can use the Service Activity report to track user activities in Oracle Data Safe. The report includes the following information: • Oracle Cloud Identifier (OCID) for the user • Event name (for example, Get All Targets, Get Sensitive Data Models, and Get All Targets) • Event time • Response code • Response message • Extension - If not all of the data is displayed, you can expand the Extension cell by clicking the blue elipses box.
4-13 Chapter 4 Retrieve and Provision Audit Policies
Retrieve and Provision Audit Policies
You can retrieve and provision audit policies for one or more databases at a time by using the Activity Auditing wizard.
Note:
Provisioning and retrieval of audit policies is not supported in Oracle Database 12.1 and below.
1. Click the Home tab, and then click Activity Auditing. 2. (Optional) If you haven't granted the Activity Auditing roles on your target database, do the following: a. If your target database is database other than an Autonomous Database, click Download Privilege Script, download the datasafe_privileges.sql script to your local computer, and then run the script on your target database. b. If your target database is an Autonomous Database, run the DS_TARGET_UTIL PL/SQL package on your Autonomous Database. 3. Select the check box for the target database that you want to audit. Only target databases to which you have access are listed. You can select multiple target databases. 4. If your target database is not listed, click Register and register your database. 5. Click Continue. The Retrieve Audit Policies page is displayed. 6. Select the check box for your target database, and then click Retrieve. 7. Wait until the Retrieval Status column displays a check mark. A check mark indicates that the audit policies are successfully retrieved from your target database. You need to successfully retrieve audit policies for your target database at least once before you can provision audit policies on your target database. 8. Click Continue. The Review and Provision Audit and Alert Policies page is displayed. 9. Review the current audit configuration for the target database. 10. To modify the audit policy configuration, do the following: a. Click your target database's name. The Audit Policies tab in the Edit Policies dialog box is displayed. b. (Optional) Select or deselect one or more categories provided by Oracle Data Safe. c. (Optional) Select or deselect one or more compliance policies.
4-14 Chapter 4 Retrieve and Provision Audit Policies
d. (Optional) Select or deselect one or more custom or Oracle predefined audit policies. 11. To modify the alert policy configuration, do the following: a. Click the Alert Policies tab. b. Select or deselect one or more alert policies. 12. Click Provision. You are returned to the Review and Provision Audit and Alert Policies page. 13. Review the audit and alert policy configuration, and then click Continue. The Start Audit Collection page is displayed. Oracle Data Safe automatically selects an audit trail for each of your registered target databases based on their type. For example, Oracle Data Safe selects UNIFIED_AUDIT_TRAIL for Autonomous Databases. 14. If you want to use the default selected audit trail, complete the following: a. In the Collect Audit Data From column, click the calendar widget, configure a start date, and then click Done. Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online. Values for To Be Collected, Collected, and Total columns are calculated when you select the Collect Audit Data From date. b. Wait for the To Be Collected, Collected, and Total columns to populate. The To Be Collected column shows you the number of records to be retrieved for the selected audit trail since the specified start date. The Collected column shows the number of audit records already collected for the current month for the target database (includes audit data collected from all the audit trails for the target database). This value helps you to determine whether you are going to exceed your monthly free quota of one million records. You need to review this information prior to starting the audit trail, or change the Collect Audit Data From date to reduce the number of audit records collected and not incur any charge. If you have not elected Paid Usage for this target database, then you will need to change the Collect Audit Data From date to stay within the one million limit for the month. The Total column totals the To Be Collected and Collected values for a target database. This value tells you the overall number of audit records you are going to collect for a target database for the current month. c. (Optional) Click the refresh button for a particular row in the Collected column to update the value. d. To enable or disable auto purge for your target database, move the slider in the Auto Purge Trail column to the right (ON) or left (OFF). e. To start audit collection, click Start. The Start Audit Collection dialog box is displayed. It lists the target databases for which you are going to collect audit records and asks you to confirm. f. To confirm, click Start.
4-15 Chapter 4 Retrieve and Provision Audit Policies
15. If you want to add additional audit trails for a target database, do the following: a. Click Add. The Register Audit Trail dialog box is displayed. Trail Type is set to TABLE. b. Select a target database. The number of audit records available for the current month in the default selected audit trail is automatically calculated and displayed next to Records Already Collected. c. Select one or more audit trails. The Records Already Collected value is recalculated and includes records for all selected audit trails. d. To enable or disable auto purge for the selected target database, move the Auto Purge Trail slider to the right (ON) or left (OFF). Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online. When you enable auto-purge, all audit records in the target database are deleted after the collection is completed, including those older than the retention period and hence not collected into the Oracle Data Safe repository. e. From the Collect Audit Data From drop-down list, click the calendar widget, configure a start date, and then click Done. You can configure a date as far back as the total audit retention period (online period plus archive period) set for that database. Dates prior to the Audit Data Retention Period (under Settings) are not available. Oracle Data Safe collects audit records into its repository from the selected date and onward. The date you select here only affects the selected target database. A message is displayed at the bottom of the dialog box requesting that you compute and review the audit record count before you complete the registration. f. To display the number of additional audit records to be collected into the Oracle Data Safe repository, click Compute audit record count. If the total number of records for the month (number of records collected and records to be collected) exceeds one million, be aware that if you proceed, you will exceed your free monthly quota and incur charges (if you chose Paid Usage for the target database). If you did not choose Paid Usage for the target database, then you need to change the Collect Audit Data From date to stay within the one million free limit for the month. g. (Optional) To view pricing information for audit collection, click Pricing Details. h. Click Register. When registration is completed, the audit trail is listed in the table on the Audit Trails page and the message Successfully created the trail is displayed at the top of the page.
4-16 Chapter 4 Add Audit Trails
16. Click Done. The Audit Trails page is displayed. 17. View the Collection State column. When the audit trail is started, the collection state shows as STARTING. When the collector begins retrieving audit data from the target database, the state shows as COLLECTING. After collection is completed, the state shows as IDLE. Audit data collection happens periodically. During collection, the state alternates between COLLECTING and IDLE. If you manually stop the audit trail, the state becomes SUSPEND_IMMEDIATE_ISSUED. You can start the trail to resume normal operations. If after trying for some time the collector is not able to reach the target database (for example, if the network is down or if the Oracle Data Safe user account on the target database is changed), the collection state shows as SUSPENDED. If the monthly limits for audit data collection for the target database are reached and you are not electing to pay to collect audit data beyond the limit, the state shows as STOPPED. You can extend your limit on the Settings tab. Add Audit Trails
For each target database that you want to collect audit records, you need to add at least one audit trail to Oracle Data Safe. You can add audit trails from the Audit Trails page or while you are working in the Activity Auditing wizard.
1. Click the Targets tab. 2. On the left, click Audit Trails. 3. Click Add. The Add Trail dialog box is displayed. By default, Trail Type is set to TABLE. 4. Select a target database. After you select a target database, two operations happen automatically. First, Oracle Data Safe automatically selects a default audit trail for the target database. For example, if you select an Autonomous Database, the audit trail called UNIFIED_AUDIT_TRAIL is automatically selected and you cannot deselect it. Second, the number of audit records loaded for the current month in the default selected audit trail is automatically displayed next to Records Already Collected. 5. (Optional) Select additional audit trail locations, if needed. 6. To enable or disable auto purge for the selected target database, move the Auto Purge Trail slider to the right (ON) or left (OFF). Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online. When you enable auto-purge, all audit records in the target database are deleted after the collection is completed, including those older than the collection start date you set when starting the audit trail."
4-17 Chapter 4 Manage Audit Collection
7. From the Collect Audit Data From drop-down list, click the calendar widget, configure a start date, and then click Done. Oracle Data Safe collects audit records into its repository from the selected date and onward. The date you select here only affects the selected target database. A message is displayed at the bottom of the dialog box requesting that you compute and review the record count of the audit data to be loaded before you complete the registration. 8. To display the number of audit records to be collected into the Oracle Data Safe repository, click Compute audit record count. If the total number of records for the month (number of records collected and records to be collected) exceeds one million, be aware that if you proceed, you will exceed your free monthly quota and incur charges (if you chose Paid Usage for the target database). If you did not choose Paid Usage for the target database, then you need to change the Collect Audit Data From date to stay within the one million free limit for the month. 9. To view pricing information for audit collection, click Pricing Details. 10. Click Register. After registration is completed, the audit trail is listed in the table on the Audit Trails page and a message Successfully created the trail is displayed at the top of the page. Manage Audit Collection
You can manage audit collection from the Audit Trails and Settings pages. This article has the following topics: • Start and Stop Audit Collection on Target Databases • Update Audit Policies • Enable Auto Purge for Audit Trails • View an Audit Trail Log • Remove Audit Trails • Configure Audit Data Retention • Collect Audit Data Beyond the Free Limit • Retrieve Audit Data for a Target Database from the Archive • Return Audit Data to the Archive Start and Stop Audit Collection on Target Databases
After you start an audit trail, you can stop and start audit data collection multiple times without any data loss. When the audit trail starts, it resumes the collection from the last point where it stopped collecting.
1. Click the Targets tab. 2. On the left, click Audit Trails.
4-18 Chapter 4 Manage Audit Collection
3. Select the check boxes for the audit trails that you want to modify, and click the Start or Stop button. The Collection State column displays the status of each audit trail. Update Audit Policies
If you need to change the type of audit data that you are collecting for a target database, you can update your audit policy with the Activity Auditing wizard. While working in the wizard, be sure to retrieve the latest list of audit policies available on a target database before you update the audit policy.
1. Retrieve the latest list of available audit policies on the target database: a. Click the Home tab. b. On the left, click Activity Auditing. The Select Targets for Auditing page is displayed. c. Select the check box for the target database on which you want to modify the audit and alert policies, and click Continue. The Retrieve Audit Policies page is displayed. d. Select the check box for the target database, and click Retrieve. e. Wait for the green check mark to be displayed in the Retrieval Status column. f. Click Continue. 2. Provision the audit policy on the target database. a. Click the target database name. The Edit Policies dialog box is displayed. b. On the Audit Policies tab, modify the selection of audit categories and policies, and click Provision. 3. (Optional) Modify the selected audit categories and policies from the Targets tab. Enable Auto Purge for Audit Trails
When configuring audit trails, you can choose to enable or disable an automatic weekly purge of audit data collected from the target database. By default, auto purge is disabled when you start audit collection.
1. Click the Targets tab. 2. On the left, click Audit Trails. 3. To enable or disable auto purge for an audit trail, in the Auto Purge Trail column, move the slider to the right for ON or to the left for OFF. View an Audit Trail Log
You can view audit trail logs from the Audit Trails page.
1. Click the Targets tab, and then click the Audit Trails tab. The Audit Trails page is displayed.
4-19 Chapter 4 Manage Audit Collection
2. In the Collection State column, click the value (for example, IDLE) . The Trail Log dialog box is displayed. 3. Review the logs, and then click X to close the dialog box. Remove Audit Trails
Audit data collection is stopped when you remove an audit trail from Oracle Data Safe. The audit data already collected is retained per the audit data retention policy.
1. Click the Targets tab. 2. On the left, click Audit Trails. 3. Select the check boxes for the audit trails that you want to remove. To select all of the audit trails, select the check box before the Target Name header. 4. Click Delete. The Delete Audit Trail dialog box prompts you to confirm the removal of the audit trails. 5. Click OK. Configure Audit Data Retention
On the Settings page, you can modify the default audit data retention period and archival period for all target databases and specific target databases.
1. In the upper-right corner, click Settings. The Settings page is displayed. 2. Click Audit Data Retention Settings. 3. Modify the default number of months for the online and archive period. This action applies default values to all target databases that do not explicity override the default values. 4. Modify the online and archive period for a particular target database. This action overrides the default values for the online and archive periods. 5. Scroll down to the bottom of the page. 6. Click Save. At the top of the page, a confirmation message is displayed. If you are increasing the online period, newly collected audit records as well as audit records currently online in Oracle Data Safe are kept online for the increased period. But, audit records already archived are not brought back from the archive. If you decreased the online period, then some data for that target database may be archived depending on the audit collection date. If the archive period is decreased, then some data may be purged depending on the audit collection date.
4-20 Chapter 4 Manage Audit Collection
Collect Audit Data Beyond the Free Limit
On the Settings page, you can set a global preference for specific or all target databases to continue or stop collecting audit data after the allowed free number of audit records is reached. You have to pay to collect audit data beyond the free limit. The default setting is to continue collecting for all target databases.
1. Click the Settings tab. The Settings page is displayed. 2. To set a global preference to collect (or not collect) audit data for all targets after the free limit is reached, select Yes or No at the top of the page. 3. To collect audit data for particular target databases after the free limit is reached, select No at the top of the page, and then select the check boxes for the target databases. 4. Click Save. Retrieve Audit Data for a Target Database from the Archive
You can retrieve audit data for a target database from the archive if archiving is configured for your target database. Data that is retrieved from the archive can be retained for one month only.
1. Click the Targets tab. 2. Click Retrieved Archive Data. The Retrieved Archive Data page is displayed. 3. Click Retrieve Data. The Retrieve Archive Data dialog box is displayed. Previously retrieved archive data is displayed in the table. 4. For Target, select the target database for which you want to retrieve archive data. 5. For Start year/month, select the starting point (year and month) from which you want to retrieve archive data. 6. For End year/month, select the end point (year and month) for retrieving archive data. The number of records to be retrieved from the archive is displayed. This data is for information purposes only and does not affect your billing. 7. Click Submit, and confirm that you wish to continue. Upon confirmation, a job is scheduled to fetch the records from the archive. You can check the status of the retrieval job from the Jobs page. On the Jobs page, look for jobs where the operation name is Retrieval. Retrieval may take approximately an hour to complete. When the retrieval job is completed, the Status column in the Retrieved Archive Data table is set to COMPLETED.
4-21 Chapter 4 Manage Alerts
Return Audit Data to the Archive
Prior to the expiry of retrieved audit data, you can choose to drop the data from the online repository and return it to the archive. This operation results in the retrieved data being no longer available in the reports.
1. Click the Targets tab. 2. Click Retrieved Archive Data. The Retrieved Archive Data page is displayed. 3. In the row that lists the target database for which you want to return audit data, click Return to archive. A job is scheduled and the Status column in the table reads RELEASING. When the job is completed, the row for the target database is removed from the table. Manage Alerts
Alerts notify you when particular events occur on your target databases and collect on the Alerts page in the Oracle Data Safe Console. Oracle Data Safe provides ways that you can investigate, monitor, and report on alerts as well as modify the types of alerts generated. This article has the following topics: • View Alerts • Change the Status of Alerts • Create Alert Reports • Download Alert Reports • Update Alert Policies View Alerts
You can view alerts from the Alerts page.
1. Click the Alerts tab. The Alerts page is displayed and all alerts are listed in table format. 2. To configure which columns are displayed, click the plus sign to the right of the table. In the Select Columns dialog box, select the check boxes for the columns you want to display, and click Apply. The following columns are available: • Alert Id • Alert Status (Open or Closed) • Alert Name • Target Name • User Name (the user who caused the alert) • OS User Name
4-22 Chapter 4 Manage Alerts
• Client Host Name • Client IP • Operation • Operation Status • Object • Object Type • Alert Severity (Critical, High, or Medium) • Operation Time (when the alert was generated) 3. To view an alert summary at the top of the page, do the following: a. Click Summary. Totals are displayed across the top of the page, including the number of targets that have alerts; the number of critical, high, and medium alerts that are present; and the number of open and closed alerts. b. To hide the summary information, click Summary again. 4. To view more detail about a particular alert, do the following: a. Click an alert Id. The Alert Details dialog box displays the following information: • Target Name • Target Type • Target Class • Location • User Name • OS User Name • Client Host Name • Client Program • Terminal • Operation • Operation Status • Event Name • Command text • Command Param • Operation Time • Event Fetch Time • Extension b. To view parameters that have null values, click the Show Fields With No Data check box. c. To close the Alert Details dialog box, click the X in the upper-right corner. 5. To filter the alert list:
4-23 Chapter 4 Manage Alerts
a. At the top of the table, click Filters. b. From the first drop-down list, select the column name by which you want to filter (for example, Target Name). c. From the second drop-down, select an operator (=, !=, like, or Not like). d. Enter the search criteria. e. Click Apply. The table is filtered based on your criteria. 6. To create another filter, click + Filter. A new filter line is added below the existing filters. 7. To remove a filter, click the X to the right of a filter. 8. To navigate from page to page, scroll down to the bottom of the page and click the page numbers or arrow buttons. Change the Status of Alerts
You can change the status of an alert to Open or Closed. Setting the status helps to keep your alerts organized.
1. Click the Alerts tab. The Alerts page is displayed. 2. To change the status of one alert, select Open or Closed in the Alert Status column for the alert. 3. To change the status of multiple alerts at the same time, select the check boxes for the alerts that you want to change. Then, from the Mark As drop-down list at the top of the page, select Open or Closed. Create Alert Reports
You can modify the presentation of the original alert report and save it as a new alert report.
1. Click the Alerts tab. 2. Customize the All Alerts reports as needed, for example, by adding filters and selecting columns to display. 3. Save your report: a. From the Report Definition drop-down menu, select Save As New. b. In the Save As dialog box, enter a report name and description (optional), select a compartment to which you want the report ot belong, and click Save As. The report is listed on the left side of the page under Custom Reports. 4. To save changes to your alert report, from the Report Definition menu, select Save. 5. To delete an alert report:
4-24 Chapter 4 Manage Alerts
a. On the left, click your alert report. b. From the Report Definition menu, select Delete. The Delete Report dialog box is displayed. c. Click OK to confirm the deletion or click Cancel. Download Alert Reports
You can download an alert report as a PDF or XLS file. Before you can download the report, you must first generate the report.
1. Click the Alerts tab. 2. On the left, click All Alerts to list all the alerts that are generated. 3. Click Generate Report. The Generate Report dialog box is displayed. 4. Select PDF or XLS as the report format. 5. (Optional) Enter a row limit. If you do not specify a row limit, 200 rows are generated by default. 6. (Optional) Click the Targets field, and select the targets from the drop-down list. 7. (Optional) Enter a description for your report. 8. (Optional) Click the calendar in the Operation Start Time field and configure an event start time. Click Done. 9. (Optional) Click the calendar in the Operation End Time field and configure an event end time. Click Done. 10. Select a compartment to which you want the report to belong. 11. Click Generate Report. When the report is generated, a message is displayed at the top of the page. 12. Click Download Report to download the report to a desired location. Update Alert Policies
1. Click the Targets tab. 2. On the left, click Audit Policies. The Audit and Alert Policies page is displayed. 3. Click the target database name. The Edit Policies dialog box is displayed. 4. Click the Alert Policies tab. 5. Modify the selection of alert policies, and click Provision.
4-25 5 Data Discovery
This section discusses how to discover sensitive data in target databases by using the Data Discovery feature in Oracle Data Safe. • Data Discovery Overview Data Discovery helps you find sensitive data in your Oracle databases. • Sensitive Types A sensitive type is used to drive sensitive data discovery. It defines regular expressions that help search for data based on column names, data, and comments. Data Discovery searches for sensitive columns in your Oracle databases using the predefined and user- defined sensitive types that you choose. • Referential Relationships In addition to discovering sensitive data by sensitive types, Data Discovery also searches for dictionary-based referential relationships and optionally, non-dictionary referential relationships to discover sensitive data. • Sensitive Data Models A sensitive data model is a collection of sensitive columns and referential relationships generated by a data discovery job. Sensitive data models are used by the Data Masking feature to mask sensitive data. • Data Discovery Reports For every data discovery job, Data Discovery generates a Data Discovery report. You can find all of your Data Discovery reports on the Reports page. • Create Sensitive Types You can create your own sensitive types from the Sensitive Types page in the Library or while working in the Data Discovery wizard. • Create Data Discovery Jobs The Data Discovery wizard generates a sensitive data model when you run a data discovery job. You can perform incremental updates to your sensitive data model while you are creating it in the wizard and after you save it to the Library. • Manage Sensitive Types You can manage sensitive types from the Sensitive Types page in the Library. • Manage Sensitive Data Models You can manage sensitive data models from the Sensitive Data Models page in the Library. Data Discovery Overview
Data Discovery helps you find sensitive data in your Oracle databases. This article has the following topics: • About Data Discovery • Data Discovery Workflow
5-1 Chapter 5 Data Discovery Overview
About Data Discovery
Protecting sensitive data begins with knowing what sensitive data you have, and where it is located. Data Discovery inspects the metadata and actual data in your Oracle databases to discover sensitive data and provides comprehensive results listing the sensitive columns and related information. Data Discovery uses sensitive types that define the kinds of data to look for. Oracle Data Safe provides over 125 predefined sensitive types that you can use to search sensitive data. The sensitive types cover personal data pertaining to identification, biographic, IT, financial, healthcare, employment, and academic information. You can also create your own sensitive types. The predefined sensitive types are organized under categories, making it easy to find and use relevant sensitive types. You tell Data Discovery what to look for, and it finds the sensitive columns that meet your criteria. You can optionally choose to collect sample data from your target databases. Sample data can help you validate the discovered sensitive columns. You should be careful while using this feature, however, as it collects sensitive data. Only authorized people should be able to collect and see the sample data. Data Discovery saves the discovery results as a sensitive data model. A sensitive data model consists of discovered sensitive columns and referential relationships. You can perform incremental updates to a sensitive data model and manually add and remove columns from a sensitive data model. You can use a sensitive data model to implement other security controls, such as data masking. For example, you can define a masking policy using an sensitive data model and use it to mask the sensitive data on target databases. Sensitive data models get stored in the Oracle Data Safe Library, enabling you to reuse an sensitive data model for multiple masking policies. Users can export a sensitive data model and import it into other Oracle Data Safe Libraries for reuse. The verification feature identifies any differences between a sensitive data model and a selected target database. To help you understand your sensitive data and for record keeping, Data Discovery provides a report that lists the sensitive columns and details about those columns. The sensitive columns are categorized based on their sensitive types. The report also includes the total number of sensitive tables, columns, and values discovered. A chart lets you compare the amount of sensitive data at sensitive category and sensitive type levels. You can also download this report from the Oracle Data Safe console. Data Discovery Workflow
The general workflow for Data Discovery involves these main steps:
1. Register the target database on which you want to discover sensitive data. 2. Gather schema statistics on your target database before running the data discovery job to ensure accurate results. To do this, run the dbms_stats.gather_schema_stats procedure. See GATHER_SCHEMA_STATS
5-2 Chapter 5 Sensitive Types
Procedures for information about the parameters that you can include. The following example gathers statistics on the HCM1 schema:
exec dbms_stats.gather_schema_stats(ownname => ©HCM1©);
3. Create a data discovery job using the Data Discovery wizard to discover the sensitive data on the target database and generate a sensitive data model (SDM). In the wizard, you follow these general steps: a. Specify the target database and schemas that you want Data Discovery to search. b. Specify the sensitive types to be used for data discovery. You can select individual sensitive types and/or categories of sensitive types. Optionally, you can instruct Data Discovery to find non-dictionary referential relationships. c. Run the data discovery job. Data Discovery identifies sensitive columns by examining column names, comments, data samples, object relations, and so on, and generates an SDM. d. Review the sensitive columns in the SDM. If needed, you can add and remove sensitive columns. e. (Optional) Before exiting the wizard, click Back, modify the selection of sensitive types, and rerun the data discovery job. Review the generated SDM again. Repeat this step until you feel the SDM is accurate and complete. 4. Analyze your sensitive data in the target database by viewing the Data Discovery report. 5. Manage the SDM: • Verify the SDM against the target databases with which you plan to use the SDM. Verification ensures that the target databases have the schemas and sensitive columns listed in the SDM. • Update the SDM when needed. You can use the Data Discovery wizard to perform incremental updates. You can also manually add and remove sensitive columns. • To use the SDM with other target databases, download and upload the SDM into a different Oracle Data Safe Library. Sensitive Types
A sensitive type is used to drive sensitive data discovery. It defines regular expressions that help search for data based on column names, data, and comments. Data Discovery searches for sensitive columns in your Oracle databases using the predefined and user-defined sensitive types that you choose. This article has the following topics: • Predefined Sensitive Types • User-Defined Sensitive Types • Column Name Pattern • Column Comment Pattern • Column Data Pattern • Search Pattern • Related Content
5-3 Chapter 5 Sensitive Types
Predefined Sensitive Types
In Data Discovery, you can choose from a wide variety of predefined sensitive types and create your own sensitive types. For example, the predefined US Social Security Number (SSN) sensitive type helps you discover columns containing Social Security numbers. You cannot modify or delete predefined sensitive types. Sensitive types are grouped into sensitive categories. The top level categories for predefined sensitive types are as follows: • Identification Information: Includes sensitive types for national, personal, and public identifiers. Examples are US Social Security Number (SSN), Visa Number, and Full Name. • Biographic Information: Includes sensitive types for address, family data, extended PII, and restricted processing data. Examples are Full Address, Mother's Maiden Name, Date of Birth, and Religion. • IT Information: Includes sensitive types for user IT data and device data. Examples are User ID, password, and IP Address. • Financial Information: Includes sensitive types for payment card data and bank account data. Examples are Card Number, Card Security PIN, and Bank Account Number. • Healthcare Information: Includes sensitive types for health insurance data, healthcare provider data, and medical data. Examples include Health Insurance Number, Healthcare Provider, and Blood Type. • Employment Information: Includes sensitive types for employee basic data, organization data, and compensation data. Examples are Job Title, Termination Date, Income, and Stock. • Academic Information: Includes sensitive types for student basic data, institution data, and performance data. Examples are Financial Aid, College Name, Grade, and Disciplinary Record.
Note:
Data Discovery does not discover sensitive columns that are object data types.
User-Defined Sensitive Types
Although Oracle Data Safe provides an extensive set of predefined sensitive types, you might want to create sensitive types to meet your specific requirements. You can also create new sensitive categories and arrange your sensitive types under them. You cannot place a user-defined sensitive type under a predefined sensitive category. For a user-defined sensitive type, you can assign a default masking format, which should be used to mask the columns discovered using this sensitive type. When creating a user-defined sensitive type, you must assign it to a compartment.
5-4 Chapter 5 Sensitive Types
When creating a sensitive type, you can provide one or more column patterns (regular expressions) that should be used to discover sensitive columns. You can also provide a column comment pattern, column data pattern, and a search pattern. Data Discovery performs case-insensitive pattern matching. Column Name Pattern
A column name pattern is a regular expression that is used to match column names during data discovery. For example, to search for columns containing Social Security numbers, you could define the following column name pattern:
(^|[_-])SSN($|[_-])|(SSN|SOC.*SEC.*).?(ID|NO|NUMBERS?|NUM|NBR|#)
The regular expression checks for specific keywords in column names. It matches column names, such as PATIENT_SSN, SSN#, SOCIAL_SECURITY_NUMBER, and EMPLOYEE_SOC_SEC_NO.
Tips for creating column name patterns: • Consider when to use .? and .*. Use .? if you want to allow zero or one character, and use .* to allow any number of characters. For example, you could use SOCIAL.? SECURITY.?NUMBER or SOC.*SEC.*NUMBER depending upon how strict you want the regular expression to be. • To get an exact match of a word or a match if the word is part of a column name, use (^| [_-])
BIRTH.?(DT|DATE)|(DT|DATE).*BIRTH
Column Comment Pattern
A column comment pattern is a regular expression that is used to match column comments during data discovery. Sometimes column names are obscure and therefore, metadata is entered as a comment for a database column. Data Discovery can search these comments and potentially find more sensitive data. For example, to search for columns containing Social Security numbers, you could define the following column comment pattern:
\bSSN#?\b|SOCIAL SECURITY (ID|NUM|\bNO\b|NBR)
The regular expression checks for specific keywords in column comments. For example, it matches the column comment Contains social security numbers of employees.
Tips for creating column comment patterns: • Avoid using .* in column comments to reduce false positives.
5-5 Chapter 5 Sensitive Types
• Use \b
A column data pattern is a regular expression that is used to match the actual column data during data discovery. For example, to search for columns containing Social Security numbers, you could define the following column data pattern:
^[0-9]{3}[ -]?[0-9]{2}[ -]?[0-9]{4}$
The regular expression checks for 9-digit numbers. A number can be either numeric or can have three parts separated by hyphens or spaces. It matches numbers like 383368610 and 383-36-8610.
Tips for creating column data patterns: • Ensure that the data pattern is as specific as possible to avoid false positives. • See whether it is logical to have a data pattern. If the data pattern is too broad, it can result in false positives. If it does not add any value, you could decide not to add the data pattern for a sensitive type. • If you want to use a broad data pattern, you could use the And search operator to reduce false positives. Search Pattern
The search pattern indicates how the column name, comment and data patterns of a sensitive type should be used to discover sensitive columns. There are two search options: AND and OR. The AND search option ensures that all the provided patterns of a sensitive type must match for identifying a column as sensitive. For example, if a sensitive type has name, comment, and data patterns, they must match a column's name, comment, and data respectively, for identifying that column as sensitive. The following table covers the various possible combination of the patterns provided for a sensitive type and the corresponding AND search behavior.
Patterns Present in a Sensitive Type Search Behavior Name, Comment, and Data Name AND Comment AND Data Name and Data Name AND Data Name and Comment Name AND Comment Comment and Data Comment AND Data Name Name Comment Comment
5-6 Chapter 5 Referential Relationships
Patterns Present in a Sensitive Type Search Behavior Data Data
The OR search option provides some flexibility to identify a column as sensitive even if only some of the patterns of a sensitive type match. For example, if a sensitive type has name and comment patterns, a column is identified as sensitive even if only the name pattern (or comment pattern) matches the column's name (or comment). If a sensitive type has all three patterns, the data pattern must match along with either the name pattern or the comment pattern (or both). The following table covers the various possible combination of the patterns provided for a sensitive type and the corresponding OR search behavior.
Patterns Present in a Sensitive Type Search Behavior Name, Comment, and Data Data OR (Name AND Data) OR (Comment AND Data) Name and Data Data OR (Name AND Data) Name and Comment Name OR Comment Comment and Data Data OR (Comment AND Data) Name Name Comment Comment Data Data Related Content
For help on writing regular expressions for user-defined sensitive types, see the following resource: • Regular Expressions Referential Relationships
In addition to discovering sensitive data by sensitive types, Data Discovery also searches for dictionary-based referential relationships and optionally, non-dictionary referential relationships to discover sensitive data. This article has the following topics: • Dictionary-Based Referential Relationships • Non-Dictionary Referential Relationships Dictionary-Based Referential Relationships
Data Discovery automatically searches the Oracle data dictionary to find relationships between primary key columns and foreign key columns. It then flags those related columns as sensitive. For example, suppose that you have two tables. The first is called CUSTOMERS, and it stores information like the customer’s first name, last name, and start date. The second table is called LOCATIONS, and it stores information about all of your sales locations. The LOCATION_ID in the CUSTOMERS table is configured as a foreign key and references the primary key, which is
5-7 Chapter 5 Sensitive Data Models
LOCATION_ID in the LOCATIONS table. Data Discovery automatically finds this type of referential relationship. In this example, if there is a sensitive type for location, LOCATION_ID in both tables would be captured as sensitive. Non-Dictionary Referential Relationships
You can choose to discover non-dictionary referential relationships to find sensitive columns. These are relationships between database columns that are defined in applications, but not in the Oracle data dictionary. Data Discovery uses column name patterns and column data patterns from your selected sensitive types to discover potential relationships between columns. For example, suppose that a parent table is called CUSTOMER and a related table is called PAYMENT_METHOD. The sensitive column is CUST_NAME in the parent table and CUST_NM in the related table. If the related table was created without showing a link in the data dictionary to the parent table (that is, no foreign key information was entered into the data dictionary), the relationship between the parent and related table is a “non-dictionary referential relationship.” Sensitive Data Models
A sensitive data model is a collection of sensitive columns and referential relationships generated by a data discovery job. Sensitive data models are used by the Data Masking feature to mask sensitive data. This article has the following topics: • About Sensitive Data Models • Verification Feature • Incremental Update Feature About Sensitive Data Models
Data Discovery identifies sensitive columns and referential relationships and creates an SDM. Data Discovery automatically searches the Oracle data dictionary to find parent-child relationships. It can also discover non-dictionary referential relationships, which are relationships defined in applications, but not in the Oracle data dictionary. The Sensitive Data Models page in the Library lists the SDMs to which you have access. Metadata is also stored in an SDM, such as sample data, column count (the number of sensitive columns in the target database), and estimated data count (the number sensitive values). This information gives you a perspective on the quantity of the different types of sensitive data in your target databases. Verification Feature
Data Discovery provides a verification feature that enables you to verify that a sensitive data model is valid for a target database. Verification checks whether the sensitive columns in the sensitive data model are present on the selected target database. It identifies the sensitive columns that no longer exist in the target database but are present in the sensitive data model. Verification is useful when you mask
5-8 Chapter 5 Data Discovery Reports
sensitive data and need to verify that your sensitive data model works against multiple target databases. To enable you to transfer sensitive data models from one Oracle Data Safe Library to another, you can download and upload file-based sensitive data models (XML files). Incremental Update Feature
Data Discovery has an incremental update feature that lets you incrementally update sensitive data models during and after their creation. Incremental updating reruns the data discovery job and adds new sensitive columns to the sensitive data model. You can also manually add and remove sensitive columns from a sensitive data model at any time. Data Discovery Reports
For every data discovery job, Data Discovery generates a Data Discovery report. You can find all of your Data Discovery reports on the Reports page. Each report includes the following information: • The name of the target database and sensitive data model • The date and time the data discovery job was executed • The total number of columns scanned, values scanned • The total number of discovered sensitive categories, sensitive types, sensitive tables, sensitive columns, and sensitive values • (For each sensitive column) The sensitive category, sensitive type, schema name, table name, and column name • (For each sensitive column) The sensitive value count, whether the column data was matched (Y or N), whether the column name was matched (Y or N), and whether the column comment was matched (Y or N) Create Sensitive Types
You can create your own sensitive types from the Sensitive Types page in the Library or while working in the Data Discovery wizard. To create a sensitive type from the Sensitive Types page in the Library: 1. Click the Library tab. 2. Click Sensitive Types. 3. Click Add. The Create Sensitive Type dialog box is displayed. 4. (Optional) To use a predefined sensitive type as a starting point, select a predefined sensitive type from the Create Like drop-down list. 5. In the Sensitive Type Name field, enter a name for your sensitive type. 6. (Optional) In the Sensitive Type Short Name field, enter a shorter name for your sensitive type. 7. (Optional) In the Sensitive Type Description field, enter an explanation of your sensitive type.
5-9 Chapter 5 Create Data Discovery Jobs
8. Configure one or more of the following fields. • Column Name Pattern — Enter a regular expression that should be used to match column names. • Column Comment Pattern — Enter a regular expression that should be used to match column comments. • Column Data Pattern — Enter a regular expression that should be used to match column data. 9. For Search Pattern Semantics, select Or or And. • The Or operator means that any of the patterns can match for a candidate sensitive column. • The And operator means that all of the patterns must match for a candidate sensitive column.
Note:
If the column doesn't include a comment, the column comment pattern matching is skipped. Similarly, if the column doesn’t contain data, the data pattern matching is also skipped.
10. (Optional) From the Default Masking Format drop-down list, select a default masking format to be used during data masking. When you mask a sensitive column of this sensitive type, the default masking format is auto-populated on the Define Mask Policy page. 11. (Optional) From the Parent Sensitive Category drop-down list, select an existing sensitive category or enter a new one to which you want your sensitive type to belong.
Note:
You can choose a user-defined sensitive category as a parent category, not a category used by the predefined sensitive types. If Oracle Data Safe has just been enabled, this drop-down list is empty.
12. Select the compartment to which you want your sensitive type to belong. 13. Click Save. The sensitive type is listed on the Sensitive Types page. Create Data Discovery Jobs
The Data Discovery wizard generates a sensitive data model when you run a data discovery job. You can perform incremental updates to your sensitive data model while you are creating it in the wizard and after you save it to the Library. To create a data discovery job by using the Data Discovery wizard: 1. To launch the Data Discovery wizard, click the Home tab, and then click Data Discovery.
5-10 Chapter 5 Create Data Discovery Jobs
2. (Optional) If you haven't granted the Data Discovery role on your target database, do the following: a. If your target database is a DB system, click Download Privilege Script, download the datasafe_privileges.sql script to your local computer, and then run the script on your target database. b. If your target database is an Autonomous Database, run the DS_TARGET_UTIL PL/SQL package on your Autonomous Database. 3. Select a target database, and click Continue. If your target database is not listed, click Register and register your target database. 4. On the Select Sensitive Data Model page, do the following: a. Select Create. b. Enter a name for your sensitive data model or leave the default name provided by Data Discovery. c. Choose whether to collect sample data from the target database and show the samples along with the discovery result. d. Select the compartment to which you want the sensitive data model to belong. e. Click Continue. 5. On the Select Schemas for Sensitive Data Discovery page, select the schemas that you want Data Discovery to search, and click Continue. To select all the schemas at once, select the check box to the left of the Schema Name column title. 6. (Optional) Move the Expand All slider to the right to view all categories and sensitive types. You can also expand individual check boxes. 7. Select the categories of sensitive types and/or the individual sensitive types that you want to use to discover sensitive data. 8. (Optional) Create a sensitive type: a. Click Add. b. Fill out the Create Sensitive Type dialog box. c. Click Save 9. (Optional) Select the Use non-dictionary referential relationships for sensitive column discovery check box. 10. When you are ready to start the data discovery job, click Continue. • If you need to temporarily stop the data discovery job, click Suspend. Click Resume to continue. • If you need to terminate the data discovery job, click Abort. When the job is completed successfully, a status of FINISHED is displayed. 11. Click Continue. 12. If you enabled the "non-dictionary referential relationships" option, review the sensitive columns discovered with this option, deselect the columns that you do not want to include in your sensitive data model, and click Continue. 13. On the Sensitive Data Discovery Result page, finalize the sensitive data model (SDM) by doing the following:
5-11 Chapter 5 Manage Sensitive Types
a. Expand all of the results by moving the slider or by expanding certain nodes. b. (Optional) Select Schema View to sort the results by schema and table name. c. Review the sensitive columns and statistics (number of sensitive columns, estimated data counts, and sample data if you chose to collect sample data). If a sensitive column does not have a check box, it means that it has a referential relationship to a discovered sensitive column. d. Deselect any sensitive columns that you do not want to include in your SDM. e. (Optional) Click Add to add new sensitive columns. In the dialog box, select one or more columns from the schemas, select a sensitive type that describes the selected columns, and click Add to Result. f. (Optional) Click Back, modify the selection of sensitive types, and rerun the data discovery job. Review the generated SDM again. Repeat until you feel the SDM is accurate and complete. 14. To view the Sensitive Data Discovery report for the SDM, click Report; otherwise, click Exit. 15. (Optional) If you want to mask the sensitive data using the SDM, perform the following steps: a. Click Continue to mask the data. The Select Target for Data Masking page is displayed. b. Select the target database that you want to mask, and click Continue. The Masking Policy page is displayed. c. Create a masking policy. Manage Sensitive Types
You can manage sensitive types from the Sensitive Types page in the Library. This article has the following topics: • View Sensitive Type Details • Update a User-Defined Sensitive Type • Delete a User-Defined Sensitive Type View Sensitive Type Details
You can view details about a sensitive type that is stored in the Library.
1. Click the Library tab. 2. Click Sensitive Types. By default, all the predefined and user-defined sensitive types are listed. 3. (Optional) To view user-defined sensitive types only, move the Hide Oracle Predefined slider to the right. To view both predefined and user-defined sensitive types, move the Hide Oracle Predefined slider to the left. 4. (Optional) To search for a sensitive type, in the search field, enter part or all of a sensitive type name, and press Enter or click the magnifying glass.
5-12 Chapter 5 Manage Sensitive Data Models
Sensitive types that match your search criteria are listed. 5. To view details for a sensitive type, click its name. The Sensitive Type Details dialog box is displayed and shows you the following information about the sensitive type: • Sensitive type name, short name, and description • Column name pattern, column comment pattern, column data pattern, and search pattern semantics (AND or OR) • Default masking format • Sensitive category to which the sensitive type belongs • Compartment to which the sensitive type belongs 6. Click Close to close the Sensitive Type Details dialog box. Update a User-Defined Sensitive Type
You can update user-defined sensitive types in the Library. You cannot modify predefined sensitive types.
1. Click the Library tab. 2. Click Sensitive Types. 3. (Optional) Move the Hide Oracle Predefined slider to the right to filter the list to show only user-defined sensitive types. 4. (Optional) In the search field, enter part or all of the name of the user-defined sensitive type that you want to update, and press Enter or click the magnifying glass. 5. In the list of sensitive types, click the name of the user-defined sensitive type that you want to update. The Update Sensitive Type dialog box is displayed. 6. Modify the parameters, and then click Save. Delete a User-Defined Sensitive Type
Deleting a user-defined sensitive type is permanent. You cannot delete predefined sensitive types.
1. Click Library. The Library page is displayed. 2. Click Sensitive Types. 3. Select the check box for the user-defined sensitive type you want to delete. 4. Click Delete. 5. Click OK to confirm. Manage Sensitive Data Models
You can manage sensitive data models from the Sensitive Data Models page in the Library.
5-13 Chapter 5 Manage Sensitive Data Models
This article has the following topics: • View a Sensitive Data Model • Verify a Sensitive Data Model • Update a Sensitive Data Model • Manually Add or Remove Sensitive Columns From a Sensitive Data Model • Delete a Sensitive Data Model • Download a Sensitive Data Model • Upload a Sensitive Data Model View a Sensitive Data Model
Sensitive data models are listed on the Sensitive Data Models page in the Library. You can only view the sensitive data models to which you have access.
1. Click the Library tab. 2. Click Sensitive Data Models. The Sensitive Data Models displays a list of sensitive data amodels to which you have access. In the table, you can view when the sensitive data models were created, when they were last updated, and who created them (the owners). 3. Click the name of a sensitive data model to view its sensitive columns. You can also view the column counts for sensitive categories and sensitive types. 4. In the drop-down list, select Category View or Schema View to view the sensitive columns by sensitive category or schema. 5. To view all of the sensitive categories, types, and columns in one step, move the Expand All slider to the right. You can also expand individual nodes. 6. To search for a sensitive category, type, or column, enter the name (or part of the name) in the Search field, and click the magnifying glass. The search item is located and highlighted in the tree. 7. Click Exit. Verify a Sensitive Data Model
Verification helps you to maintain a sensitive data model's accuracy. When you verify a sensitive data model against a target database, Oracle Data Safe reports sensitive columns in your sensitive data model that do not exist in the database. Oracle Data Safe also reports new referential relationships. You can verify a sensitive data model from the Library against any registered target database. The verification feature is available on the Sensitive Data Model page in the Library, in the Data Discovery wizard, and in the Data Masking wizard.
1. Click the Library tab. 2. Click Sensitive Data Models. 3. Select the check box for the sensitive data model that you want to verify. 4. Click Verify Against Target.
5-14 Chapter 5 Manage Sensitive Data Models
The Select Target for Data Model Verification page is displayed. 5. Select the target database against which you want to verify the sensitive data model, and click Continue. If your target database is not listed, click Register and register your target database. The verification job is started. The FINISHED status is displayed when the job is completed. 6. If the job is successful, click Continue; otherwise, click Back, change your selections, and retry the verification. 7. On the Data Model Verification Result page, review the schema and column differences between the sensitive data model and the target database, if any. 8. Click Continue. 9. Review the sensitive columns in the sensitive data model. 10. (Optional) Add or remove sensitive columns from the sensitive data model. To add sensitive columns to your sensitive data model, click Add. To remove sensitive columns from your sensitive data model, deselect sensitive categories, sensitive types, and individual sensitive columns. 11. (Optional) Click Report to view the report for the sensitive data model. 12. Click Exit to finish the verification process. Update a Sensitive Data Model
Applications under development are always changing. Developers often add and remove columns from application schemas, and introduce additional sensitive data. Oracle Data Safe provides an incremental data discovery feature that discovers new sensitive columns in your target database and then adds them to your sensitive data model. The update feature is available in both the Data Discovery and Data Masking wizards. You can also manually add and remove sensitive columns from a sensitive data model. You cannot change the schemas and sensitive types while updating a sensitive data model.
1. Click the Data Discovery tab. The Select Target for Sensitive Data Discovery page is displayed. 2. Select the target database against which you want to rediscover sensitive columns, and click Continue. The Select Sensitive Data Model page is displayed. 3. To select a sensitive data model from the Library, perform the following steps: a. Select Pick from Library, and click Continue. The Select Sensitive Data Model page is displayed. b. Select the sensitive data model that you want to update. c. At the bottom of the page, leave Update the SDM with the target selected. d. Click Continue. The wizard runs a data discovery job against the selected target database. "Discovery in progress" is displayed.
5-15 Chapter 5 Manage Sensitive Data Models
4. When Sensitive data discovery complete is displayed and the status reads FINISHED, click Continue. 5. Review any newly discovered sensitive columns that did not previously exist in the sensitive data model. To view all the sensitive columns (original sensitive columns in the sensitive data model and newly discovered sensitive columns together), click View all sensitive columns. 6. (Optional) Select Regulatory View to sort the sensitive columns by sensitive type, or select Schema View to sort by schema. 7. To remove a sensitive column from the sensitive data model, deselect the check box for the sensitive column. 8. To add a sensitive column to the sensitive data model, do the following: a. Click Add. The schemas in the sensitive data model are listed. b. Select columns that you want to add. c. Assign the selected columns a sensitive type by selecting a sensitive type from the drop-down list. d. Click Add to Result. The columns are added to the sensitive data model. 9. To select a different sensitive data model, click Back. 10. To view the Data Discovery report, click Report. 11. To finish updating your sensitive data model, click Exit. Manually Add or Remove Sensitive Columns From a Sensitive Data Model
The fastest way to add or remove sensitive columns from a sensitive data model is to modify a sensitive data model from the Library page. You can also use the Data Discovery wizard.
1. Click the Library tab. 2. Click Sensitive Data Models. A list of sensitive data models to which you have access is displayed. 3. Click the name of an sensitive data model. 4. To add a sensitive column to the sensitive data model, do the following: a. Click Add. The Add Sensitive Columns dialog box is displayed and lists the schemas in the sensitive data model. b. Expand the schemas as needed, and select the columns that you want to add. To select all the columns in a schema at one time, select the schema name. c. Assign the selected columns a sensitive type by selecting a sensitive type from the drop-down list.
5-16 Chapter 5 Manage Sensitive Data Models
d. Click Add to Model. The columns are added to the sensitive data model and the sensitive data model is automatically saved. 5. To remove a sensitive column from the sensitive data model, deselect the check box for the sensitive column. 6. If you removed a sensitive column from the sensitive data model, click Save. 7. Click Exit. Delete a Sensitive Data Model
Deleting a sensitive data model is permanent. You can delete multiple sensitive data models at one time.
1. At the top of the page, click Library. 2. Click Sensitive Data Models. A list of sensitive data models to which you have access is displayed. 3. Select the check boxes for the sensitive data models that you want to delete, and click Delete. 4. Click OK to confirm. Download a Sensitive Data Model
You can download a sensitive data model as an XML file. You might do this if you are planning to use it against a target database registered in Oracle Data Safe in another region of your tenancy. Or, you might want to manually edit the file to add and remove sensitive columns from the sensitive data model instead of going through the Oracle Data Safe Console.
1. At the top of the page, click Library. 2. Click Sensitive Data Models. A list of sensitive data models to which you have access is displayed. 3. Select the check box for the sensitive data model that you want to download. An XML file containing the sensitive data model is automatically saved to your default download location. Upload a Sensitive Data Model
You can use the Data Discovery wizard to upload a file-based sensitive data model. The file must be in XML format. When importing, you select a target database against which to verify the sensitive data model.
1. To open the Data Discovery wizard, click the Home tab, and then click Data Discovery. 2. Select the target database on which you want to verify the file-based sensitive data model, and click Continue. 3. On the Select Sensitive Data Model page, do the following:
5-17 Chapter 5 Manage Sensitive Data Models
a. Select Upload. b. Enter a name for your sensitive data model or leave the default name as is. The Data Discovery wizard creates a sensitive data model in the Library under the name you provide. c. Click Choose File, select the XML file that contains your sensitive data model, and then click Open. d. Click Continue. The wizard verifies the sensitive columns and schemas in the target database. 4. Wait for the verification job to finish and then review the status and details. Click Continue. 5. Review the differences, if any, between the target database and the imported sensitive data model. 6. Click Exit.
5-18 6 Data Masking
This section discusses how to mask sensitive data in non-production databases by using the Data Masking feature in Oracle Data Safe. • Data Masking Overview Data masking, also known as static data masking, is the process of permanently replacing sensitive data with fictitious yet realistic looking data. It helps you generate realistic and fully functional data with similar characteristics as the original data to replace sensitive or confidential information. • Masking Formats A masking format defines the logic to mask data in a database column. • Masking Policies When you create a data masking job, you are essentially creating a masking policy for your target database. A masking policy maps sensitive columns to masking formats that should be used to mask the data. It is used to perform data masking on a target database. • Data Masking Reports After completing a data masking job, Data Masking generates a Data Masking report that shows details of your masked data. • Conditional Masking You can use conditional masking when creating masking policies in the Data Masking wizard and when editing masking policies from the library. Conditional masking allows you to arrange masking formats according to different conditions. • Group Masking Group masking, also known as compound masking, enables you to mask related columns together as a group, ensuring that the masked data across the related columns retain the same relationship. You can use the group masking feature when you create data masking jobs. • Create Data Masking Jobs The Data Masking wizard guides you through the process of defining a masking policy for a sensitive data model and then masks the data on the database. • Create Masking Formats You can create your own masking format for a sensitive column from the Library or while you are defining a masking policy in the Data Masking wizard. If you add a masking format to the Library, you can select it when you define a masking policy. • Manage Masking Formats You can view masking formats and manage user-defined masking formats from the Masking Formats page in the Library. • Manage Masking Policies You can manage masking policies from the Masking Policies page in the Library.
6-1 Chapter 6 Data Masking Overview
Data Masking Overview
Data masking, also known as static data masking, is the process of permanently replacing sensitive data with fictitious yet realistic looking data. It helps you generate realistic and fully functional data with similar characteristics as the original data to replace sensitive or confidential information. This article has the following topics: • The Challenge • The Solution • Common Data Masking Requirements • Data Masking in Oracle Data Safe • Data Masking Workflow The Challenge
The amount of data that organizations collect and manage, including sensitive and personal data, is growing every day. The growing security threats have made it necessary to limit exposure of sensitive data. At the same time, different data privacy laws and standards such as EU GDPR, PCI-DSS, and HIPPA mandate you to protect personal data. Live production database environments contain valuable and sensitive data, and to meet security and compliance requirements, you need to protect this data. Usually, organizations implement multiple security controls in their production environments to ensure that access to sensitive data is tightly controlled. You collect data probably to improve your products and services, provide better user experience, and support and grow your business. To best utilize the collected data, you need to share it with different teams, both internal and external, for various use- cases such as development, testing, training, and data analytics. Copying production data for non-production purposes proliferates sensitive data, expands the security and compliance boundary, and increases the likelihood of data breaches. If left unprotected, contractors or offshore workers might access the data and possibly move it across locations. Data privacy standards such as PCI-DSS and EU GDPR also emphasize on protecting sensitive information in non-production environments because these environments are typically not as protected or monitored as production systems. The challenge is to reduce the unnecessary spread and exposure of sensitive data while maintaining its usability for non-production purposes. The Solution
Even in non-production environments, you need protect your sensitive data and stay compliant with data privacy regulations. The recommended solution is to mask your sensitive data before using it in non-production environments. This way, you minimize the sensitive data you have, and thus, reduce the risk and compliance boundary. Data masking, also known as static data masking, is the process of permanently replacing sensitive data with fictitious yet realistic looking data. It helps you generate realistic and fully functional data with similar characteristics as the original data to
6-2 Chapter 6 Data Masking Overview
replace sensitive or confidential information. Data masking limits sensitive data proliferation by anonymizing sensitive data while enabling you to use production-like data. It ensures that malicious actors cannot benefit from the fictitious data even if they gain access to it. Data masking is ideal for virtually any situation when confidential or regulated data needs to be shared with non-production users. These users may include internal users, such as application developers or external business partners, such as offshore testing companies, suppliers, and customers. Data masking contrasts with encryption, which simply hides data, and the original data can be retrieved with the appropriate access or key. With data masking, the original sensitive data cannot be retrieved or accessed. One of the key aspects of data masking is to replace sensitive information with fictitious data, without breaking the semantics and structure of the data. The masked data must be realistic and pass specific checks, such as Luhn validation. For example, a masked credit card number must not only be a valid credit card number, but also a valid Visa, Mastercard, American Express, or Discover card number. Failing to maintain this data integrity may break the corresponding application. The predefined masking formats ensure that the generated data passes common validation checks. Common Data Masking Requirements
Organizations typically mask data using custom scripts or solutions. While these in-house solutions might work for a few columns, they do not work for large applications with distributed databases and thousands of columns. An enterprise data masking solution should be able to fulfill the following data masking requirements: • Locate sensitive data in the midst of numerous applications, databases, and environments. • Correctly mask sensitive data having different shapes and forms such as names, Social Security numbers, email addresses, credit card numbers (Mastercard, Visa, and so on), and blood type. • Ensure that the masked data is irreversible, that is, one should not be able to retrieve the original data from the masked data. • Ensure that the masked data is realistic enough to be useful for non-production purposes such as development and analytics. • Ensure that the applications continue to work with the masked data. Data Masking in Oracle Data Safe
The Data Masking component of Oracle Data Safe addresses the common data masking requirements and more. It simplifies the process of masking data in your non-production databases by providing an automated, flexible, and easy-to-use solution. It enables you to: • Maximize the business value of your data without exposing the sensitive data • Minimize the compliance boundary by not proliferating the sensitive production data • Mask your Oracle databases • Use various masking techniques to meet your specific business requirements • Preserve data integrity ensuring that the masked data continues to work with applications To mask sensitive data, you need to understand what sensitive data you have and where it is located. Data Discovery helps you automatically discover sensitive data and referential
6-3 Chapter 6 Data Masking Overview
(parent-child) relationships, and creates a sensitive data model containing all the necessary information. The Data Masking wizard enables you to use a sensitive data model to create a masking policy defining how the data should be masked. A masking policy associates sensitive columns with masking formats, which define the logic to mask the associated sensitive column. Masking policies are used to mask data on your target database. Data masking ensures referential integrity by masking related columns consistently. Oracle Data Safe provides a comprehensive set of masking formats to help you mask common sensitive and personal data such as names, national identifiers, credit card numbers, phone numbers, and religion. You also have masking options such as shuffling, encryption, and replacing with random numbers, strings, and dates. Oracle Data Safe provides you the capability to easily create new masking formats, without requiring any technical skills. You can store these user-defined masking formats in Oracle Data Safe Library for future use. Similarly, you can create masking policies and store them in the Oracle Data Safe Library. You can use an existing masking policy to mask different target databases. You can also download a masking policy as an XML file, edit it, and upload it to the same or a different Oracle Data Safe Library. Data Masking generates a masking report that summarizes what was masked in the database. For example, the report tells you the names of the sensitive columns masked, the masking formats used, and the total number of tables, columns and values masked. Data Masking Workflow
The general process for masking sensitive data with the Data Masking feature is as follows:
1. Important: Create a backup of your production database. For example, you can use Recovery Manager (RMAN) and Oracle Cloud Storage service (or any other backup location) to create and store your production backups. You never want to mask the actual production database. 2. Clone the backup of your production database to create a stage database. Do not expose the stage database to users. Create the stage database on the Oracle Cloud with supported services. 3. Register your stage database with Oracle Data Safe. 4. Use the Data Discovery wizard to discover sensitive data on the stage database and generate a sensitive data model. 5. Create new masking formats in the Library if you require masking formats other than the predefined ones. 6. Use the Data Masking wizard to create a masking policy and submit a data masking job. You can select your existing sensitive data model to create a masking policy. The Data Masking wizard can also discover and mask data in one flow. The job uses the masking policy to mask data on the target database. Oracle Data Safe also generates a data masking report that shows you the results of your data masking job. 7. Verify the masked data by reviewing the Data Masking report and validating data in the masked columns.
6-4 Chapter 6 Masking Formats
8. Clone the stage database to create a test database. Or, export the masked data from the stage database, create a test database, and then import the masked data into the test database. Oracle strongly recommends creating a test database instead of giving your test and developer users access to your stage database. 9. Grant your test and developer users access to your test database. Masking Formats
A masking format defines the logic to mask data in a database column. This article has the following topics: • About Masking Formats • Combinable • Uniqueness • Reversible • Deterministic • Related Content About Masking Formats
Oracle Data Safe provides a comprehensive set of predefined masking formats that enable you to mask common sensitive and personal data, such as names, national identifiers, credit card numbers, phone numbers, and religion. For example, the Email Address masking format replaces values with random email addresses. To meet your specific requirements, you can easily create new masking formats by using basic masking formats, without requiring any technical skills. For example, the Shuffle masking format randomly shuffles values in a column. You can store your user-defined masking formats in the Oracle Data Safe Library for future use. One of the key aspects of data masking is to replace the sensitive information with fictitious data, without breaking the semantics and structure of the data. The masked data must be realistic and pass specific checks, such as Luhn validation. For example, a masked credit card number must not only be a valid credit card number, but also a valid Visa, Mastercard, American Express, or Discover card number. Failing to maintain this data integrity may break the corresponding application. The predefined masking formats ensure that the generated data passes common validation checks. Data masking formats have characteristics. Some common characteristics include combinable, uniqueness, reversible, and deterministic. Combinable
A masking format is considered combinable when it can be combined with other basic masking formats or predefined masking formats though the use of conditions. For example, assume that you want to mask a column containing data in format 999-999, where 9 signifies a digit. You want to replace the first three digits with a fixed three-digit number, preserve the hyphen, and replace the last three digits with some random digits. To generate the expected data, you could combine three basic masking formats: Fixed Number,
6-5 Chapter 6 Masking Formats
Fixed String, and Random Number, as shown in the following example. The outputs of these three masking formats are concatenated to generate the masked values, for example, 678-333, 678-110, 678-656, and 678-999.
FIXED NUMBER 678 FIXED STRING "-" RANDOM NUMBER [START:100 END: 999]
Another example uses a basic masking format with a predefined masking format. Suppose you want to mask a social security number. The logic is: If a social security number exists, replace it with a predefined social security number. Otherwise, replace it with a random number. Uniqueness
A masking format is characterized as having uniqueness if it ensures uniqueness of the generated masked data. These types of masking formats are useful for masking columns with uniqueness constraints. For example, you may want to mask a column of EMPLOYEE IDs with unique ID masked values. No two rows can have the same ID. Reversible
A masking format that is characterized as reversible can retrieve original column data from masked data. Data masking usually means permanently replacing the data and ensuring that no one can retrieve the original data. But, sometimes you might want to see the original data. Reversible masking is helpful when businesses need to mask and send their data to a third party for analysis, reporting, or any other business processing purpose. After the processed data is received from the third party, the original data can be recovered. The Deterministic Encryption masking format supports reversible masking. Deterministic
One of the key requirements for masking data in large databases or multiple database environments is to mask some data consistently. That is, for a given input, the output should always be the same. At the same time, the masked output should not be predictable. A deterministic masking format generates consistent output for a given input across databases and data masking jobs. Deterministic masking helps to maintain data integrity across multiple applications and preserve system integrity in a single sign-on environment. For example, consider three applications: a human capital management application, a customer relationship management application, and a sales data warehouse. These three applications may have key common fields such as EMPLOYEE_ID that must be masked consistently across these applications. Deterministic masking techniques can be used here to ensure consistency. Let's consider another example. Suppose that two values, Joe and Tom, are masked to Henry and Peter by using a deterministic masking technique. When you repeat the technique on another database, Bob and Tom (if they exist), might be replaced with Louise and Peter. Notice that even though the two runs have different data, Tom is always replaced with Peter.
6-6 Chapter 6 Masking Policies
The Deterministic Encryption, Deterministic Substitution, SQL Expression, and User Defined Function masking formats support deterministic masking. Related Content
• Predefined Masking Formats • Basic Masking Formats Masking Policies
When you create a data masking job, you are essentially creating a masking policy for your target database. A masking policy maps sensitive columns to masking formats that should be used to mask the data. It is used to perform data masking on a target database. You can create a masking policy in the Data Masking wizard using a sensitive data model. The Data Masking wizard shows you the sensitive columns from the chosen sensitive data model along with the default masking formats. You can go through the list to ensure that the default masking formats meet your requirement. If you prefer, you can select a different masking format for a sensitive column. You can also manually add more sensitive columns to a masking policy and select masking formats for them. In the Data Masking wizard, you can also upload scripts that should be run on the target before and/or after data masking. For example, you can upload a pre-masking script to create a column on the target database that should be used for the Deterministic Substitution masking format. And, you can upload a post-masking script to remove this column after data masking completes. The created masking policies get stored in the Library. You can use an existing masking policy to mask target databases. Masking policies contain the following metadata: • Policy name • Policy description • Sensitive data model name • Data and time the policy was last updated • Policy owner From the Library, you can mask target databases using existing masking policies, delete masking policies, and download masking policies in XML format. You can update a masking policy by directly modifying the downloaded XML file and upload it to the same or a different Oracle Data Safe Library. Data Masking Reports
After completing a data masking job, Data Masking generates a Data Masking report that shows details of your masked data. The report includes the following information: • The name of the target database that was masked • The masking policy that was used to perform masking • The total number of masked schemas, tables, columns, and values
6-7 Chapter 6 Conditional Masking
• The total count of sensitive types • The date and time the data was masked Conditional Masking
You can use conditional masking when creating masking policies in the Data Masking wizard and when editing masking policies from the library. Conditional masking allows you to arrange masking formats according to different conditions. For example, consider masking a column containing unique person identifiers. Identifiers that belong to country USA can be masked using Social Security Number format and that belong to country UK can be masked using National Insurance Number format. You can do conditional masking in the Data Masking wizard. Let's consider another example. Suppose that you have the following table, which consists of employee names, job categories, and salary information. You can use conditional masking to mask the salary data based on the following conditions: • If job category is Manager, replace salary with a random number from 100000 through 150000. • If job category is Worker, set salary to a fixed number (75000). • Default is to preserve the existing value.
Employee Job Category Salary Conditional Result Alice Manager 90000 100200 Bill Manager 88000 132000 Carol Worker 72000 75000 Denise Worker 57000 75000 Eddie Worker 70000 75000 Frank Worker 45000 75000 George Assistant 45000 45000 Group Masking
Group masking, also known as compound masking, enables you to mask related columns together as a group, ensuring that the masked data across the related columns retain the same relationship. You can use the group masking feature when you create data masking jobs. This article has the following topics: • About Group Masking • Group Masking Example Using Shuffle • Group Masking Example Using Deterministic Substitution About Group Masking
In Oracle Data Safe, the columns being masked as a group must belong to the same table. You can use the Shuffle, User Defined Function, Deterministic Substitution, and
6-8 Chapter 6 Group Masking
Random Substitution masking formats for group masking. The Deterministic Substitution and Random Substitution masking formats use data from another table to mask your sensitive data. Group Masking Example Using Shuffle
The following is an example of group masking using the Shuffle masking format. Suppose that you have customers from across the world. You have their details stored in a table, as shown below.
CUST_ID CUST_NAME CITY STATE COUNTRY 678123 Michael Lee Denpasar Bali Indonesia 678124 Sophia Lopes Rio de Janeiro Rio de Janeiro Brazil 678125 Richard Williams Santa Clara California United States 678126 Aaryan Mumbai Maharashtra India
You don't want your developers to know the location of your customers. So, you want to mask the CITY, STATE and COUNTRY columns before sharing this data with the development team. But you want to have realistic masked data. For example, Richard lives in Santa Clara, California in the United States. After masking, if the city and state are Atlanta and Georgia respectively, India as the country is not valid. In this case, you want to ensure that the country remains the United States. You can group these columns and use the Shuffle masking format to shuffle them together. After shuffling, your masked data might look like the data shown below.
CUST_ID CUST_NAME CITY STATE COUNTRY 678123 Michael Lee Mumbai Maharashtra India 678124 Sophia Lopes Denpasar Bali Indonesia 678125 Richard Williams Rio de Janeiro Rio de Janeiro Brazil 678126 Aaryan Santa Clara California United States Group Masking Example Using Deterministic Substitution
This example shows you how to use the Deterministic Substitution masking format with group masking to mask sensitive data with data from another table. Suppose that you have customers from across the world. You have their details stored in a table, as shown below.
CUST_ID CUST_NAME CITY STATE COUNTRY 678123 Michael Lee Denpasar Bali Indonesia 678124 Sophia Lopes Rio de Janeiro Rio de Janeiro Brazil 678125 Richard Williams Santa Clara California United States 678126 Aaryan Mumbai Maharashtra India
Let's assume that you want to use the data from the following table for group masking:
6-9 Chapter 6 Create Data Masking Jobs
SUB_CITY SUB_STATE SUB_COUNTRY New York New York United States Noida Uttar Pradesh India Toronto Ontario Canada Cape Town Western Cape South Africa
After masking these columns using the group masking option with the Deterministic Substitution masking format, your masked data might look like the data shown below.
CUST_ID CUST_NAME CITY STATE COUNTRY 678123 Michael Lee Cape Town Western Cape South Africa 678124 Sophia Lopes Toronto Ontario Canada 678125 Richard Williams New York New York United States 678126 Aaryan Noida Uttar Pradesh India Create Data Masking Jobs
The Data Masking wizard guides you through the process of defining a masking policy for a sensitive data model and then masks the data on the database. This task is divided into the following parts: • Part 1: Select a Target Database • Part 2: Define the Masking Policy and Sensitive Data Model • Part 3: Review the Sensitive Data Model • Part 4: Configure the Masking Formats • Part 5: Schedule the Job Part 1: Select a Target Database
This part gets you started by accessing the Data Masking wizard and selecting the target database that you want to mask.
1. In the left pane, click Data Masking to launch the Data Masking wizard. 2. (Optional) If you haven't granted the Data Masking role on your target database, do the following: a. If your target database is a DB system, click Download Privilege Script, download the datasafe_privileges.sql script to your local computer, and then run the script on your target database. b. If your target database is an Autonomous Database, run the DS_TARGET_UTIL PL/SQL package on your Autonomous Database. 3. On the Select Target for Data Masking page, select the target database that you want to mask, and click Continue. You can select only one target database.
6-10 Chapter 6 Create Data Masking Jobs
4. If your target database is not listed, click Register and follow the steps to register a target database. The Select Masking Policy page is displayed. Part 2: Define the Masking Policy and Sensitive Data Model
This part walks you through how to configure the Select Masking Policy page. This page provides options to create, upload, and reuse masking policies and sensitive data models. Decide on one of the following options. Option 1: Create a Masking Policy and Sensitive Data Model
This option is an all-in-one workflow where you configure a data discovery job and a data masking job.
1. Make sure you are on the Select Masking Policy page. 2. For Masking Policy, leave Create selected. 3. Leave the default masking policy name as is or enter your own. 4. For Sensitive Data Model, leave Create selected. 5. Leave the default sensitive data model name as is or enter your own. 6. If you want to retrieve sample data for sensitive columns during data discovery, move the Show and save sample data slider to the right. 7. Select the compartment to which you want the new masking policy and new sensitive data model to belong. 8. Click Continue. The Select Target for Sensitive Data Discovery page is displayed. 9. Select the target database on which you want to discover sensitive data, and click Continue. The Select Schemas for Sensitive Data Discovery page is displayed. 10. Select one or more schemas, and click Continue. The Select Sensitive Types for Sensitive Data Discovery page is displayed. 11. Select the sensitive types and/or sensitive categories that you want to discover. 12. (Optional) Select Use non-dictionary referential relationships for sensitive column discovery. 13. Click Continue to run the data discovery job. 14. When the job is completed and the status reads FINISHED, click Continue. 15. If you opted to search for non-dictionary referential relationships, the Non-Dictionary Referential Relationships page is displayed. Review the sensitive columns, deselect the columns that you do not want to include in the sensitive data model, and click Save and Continue. The Sensitive Data Discovery Result page is displayed. 16. Continue to Part 3.
6-11 Chapter 6 Create Data Masking Jobs
Option 2: Create a Masking Policy with a Sensitive Data Model from the Library
You can create a masking policy that reuses an existing sensitive data model from the Library. Use this approach if you have already discovered sensitive data on your target database.
1. Make sure you are on the Select Masking Policy page. 2. For Masking Policy, leave Create selected. 3. Leave the default masking policy name as is, or enter your own. 4. For Sensitive Data Model, select Pick from Library. 5. Select the compartment to which you want the new masking policy to belong. 6. Click Continue. 7. On the Select Sensitive Data Model page, do the following: a. Select a sensitive data model. b. Select Update the SDM with the target, Verify if SDM is compatible with the target, or View SDM without update/verification. c. Click Continue. 8. If you chose to verify your sensitive data model: a. When the job is completed, verify that the Detail column reads Data model verification job finished successfully, and click Continue. b. On the Data Model Verification Result page, review the differences between your sensitive data model and the target database that you want to mask. c. If there are differences, make note of them, and then either exit the wizard or click Back and choose to update the sensitive data model instead. d. If there are no differences between your sensitive data model and the target database that you want to mask, click Continue. 9. If you chose to update your Library sensitive data model: a. Wait for the sensitive data model to update. b. When the Status reads FINISHED, click Continue. 10. If you chose to view the SDM without updating or verifying it, continue to Part 3. Option 3: Create a Masking Policy with an Uploaded Sensitive Data Model
Use this option if the sensitive data model that you want to use for your masking policy is in XML file format. The following steps include uploading the sensitive data model into the Library.
1. For Masking Policy, leave Create selected. 2. Leave the default masking policy name as is, or enter your own. 3. For Sensitive Data Model, click Upload. 4. Leave the default sensitive data model name as is or enter your own name. 5. Click Choose File, select your sensitive data model file, and click Open. 6. Select the compartment to which you want the new masking policy to belong.
6-12 Chapter 6 Create Data Masking Jobs
7. Click Continue. The sensitive data model is uploaded into the Library and automatically verified against the selected target database. 8. Click Continue. 9. Continue to Part 3. Option 4: Reuse a Masking Policy from the Library
Use this option if you already have a masking policy in the Library that you want to reuse for the selected target database.
1. On the Select Masking Policy page, for Masking Policy, select Pick from Library. 2. Click Continue. The Select Masking Policy page is displayed. 3. Select a masking policy and click Save and Continue. The Masking Policy page is displayed. 4. Continue to Part 4. Option 5: Upload a Masking Policy and Sensitive Data Model
You can reuse an existing file-based sensitive data model and/or masking policy. This approach uploads your file(s) into the Library. To avoid waiting for large files to upload, Oracle recommends that you upload your files separately, beginning with the sensitive data model file. You can use the Data Discovery wizard or the Data Masking wizard to upload a sensitive data model file. During the upload, you can exit either wizard to continue with other work. From the Jobs page, you can verify that the upload has completed. TIP: If you use the Data Masking wizard to upload your sensitive data model file, you need to choose the Upload (separate files for Masking Policy and SDM) option on the Select Masking Policy page. Select both your sensitive data model file and your masking policy file; however, during the upload, exit the wizard and only your sensitive data model will upload. After your sensitive data model has uploaded, return to the Data Masking wizard and select the Upload (file does not include SDM) option to upload your masking policy file. Also select the sensitive data model that you just imported into the Library. During the masking policy upload, you can exit the wizard and return to it later after the upload has completed. With your sensitive data model and masking policy now uploaded into the Library, start a new data masking job and select your masking policy from the Library.
1. On the Select Masking Policy page, for Masking Policy, select Upload (file includes an SDM) or Upload (separate files for Masking Policy and SDM). 2. Click Browse for the masking policy file and sensitive data model file (if needed), select your files, and click Open. 3. Leave the default masking policy name and sensitive data model name as is or enter new names. 4. Select the compartment to which you want the new masking policy and sensitive data model to belong. 5. Click Continue.
6-13 Chapter 6 Create Data Masking Jobs
The masking policy and sensitive data model are uploaded into the Library and the sensitive data model is verified against the target database that you want to mask. The Data Model Verification Result page is displayed. 6. If there are differences between the sensitive data model and the target database that you want to mask, exit the wizard and update the sensitive data model. Otherwise, click Continue. The Sensitive Data Model page is displayed. 7. Continue to Part 3. Option 6: Upload a Masking Policy and Select a Sensitive Data Model from the Library
With this option, you can upload a file-based masking policy and select a sensitive data model from the Libary.
1. On the Select Masking Policy page, for Masking Policy, select Upload (file does not include SDM). 2. Click Browse for the masking policy file, select your file, and then click Open. 3. Leave the default masking policy name as is or enter a new name. 4. Select the compartment to which you want the new masking policy to belong. 5. Notice that for Sensitive Data Model, Pick from Library is automatically selected. 6. Click Continue. 7. On the Select Sensitive Data Model page, select a sensitive data model, and then click Continue. The Sensitive Data Model page is displayed. 8. Continue to Part 3. Part 3: Review the Sensitive Data Model
This part walks you through the Sensitive Data Model page (or Sensitive Data Discovery Result page), where you can review the sensitive data model and add and remove sensitive columns as needed.
1. On the Sensitive Data Model page (or Sensitive Data Discovery Result page), move the Expand All slider to the right to review the list of sensitive columns. 2. (Optional) In the drop-down list, select Category View or Schema View. 3. (Optional) Deselect the sensitive categories, sensitive types, and/or sensitive columns that you do not want to include in your sensitive data model. 4. (Optional) Add sensitive columns: a. Click Add to add new sensitive columns. The Add Sensitive Columns dialog box is displayed. b. In the dialog box, select one or more columns from the schemas. c. Select a sensitive type that describes the selected columns.
6-14 Chapter 6 Create Data Masking Jobs
d. Click Add to Result. 5. To continue to data masking, click Save and Continue. The Masking Policy page is displayed. 6. To save and view the Data Discovery report before continuing to data masking, do the following: a. Click Save and View Report. b. Review the report. c. Click Continue. The Masking Policy page is displayed. 7. Continue to Part 4. Part 4: Configure the Masking Formats
This part walks you through the Masking Policy page where you configure a masking format for the sensitive columns in your sensitive data model.
1. (Optional) On the Masking Policy page, move the Expand All slider to the right to show all the sensitive columns and their masking formats. 2. Review the default masking formats configured for each sensitive column. 3. If you do not want to mask a sensitive column, deselect it. 4. To add sensitive columns to the sensitive data model, click Add, select columns, and click Add To Policy. 5. To edit a masking format for a sensitive column, perform the following steps: a. Select a different masking format from the drop-down list or click the pencil icon. The Edit Format dialog box is displayed. b. To add a condition, move the Conditional Masking slider to the right, and then configure the condition. In the first field, enter the name of the column that you are masking or another column from the same table. In the drop-down list, select an operator. In the second field, enter a value. Below the condition, configure a masking format. c. To remove a condition, click Delete Condition. d. If your condition requires multiple masking formats, you can add another masking format by clicking Add Format. A new masking format template is added below the existing masking formats. Select a masking format from the drop-down list and configure its parameter values. e. To remove a masking format, click Delete Format next to the masking format that you want to remove. The masking format is immediately removed. f. Click Save. 6. To configure group masking: a. Select Group Masking from the drop-down list for one of the sensitive columns that is part of the group.
6-15 Chapter 6 Create Data Masking Jobs
The Edit Format dialog box is displayed. By default, the Group Name field, Masking Format drop-down list, and the sensitive column is displayed. You can add and remove sensitive columns from the group. b. In the Group Name field, enter a new group name if this is the beginning of a group masking configuration. Or, select an existing group name if you want to add the sensitive column to an existing group masking configuration. c. From the Masking Format drop-down list, select the masking format that you want to apply to the sensitive columns in the group. You can select Shuffle, User Defined Function, Deterministic Substitution, or Random Substitution. d. If you selected Shuffle as the masking format in step 3, you can optionally enter "group by" column names. e. If you selected User Defined Function as the masking format in step 3, enter the name of the schema and function for each column listed. Optionally, you can also enter a package name. f. If you selected Deterministic Substitution as the masking format in step 3, enter the name of the substitution schema and table. Also, for each column listed, enter the name of the substitution column. Before you can submit the data masking job, you need to enter a seed value because you are configuring deterministic substitution. g. If you selected Random Substitution as the masking format in step 3, enter the name of the substitution schema and table. Also, for each column listed, enter the name of the substitution column. You do not need to enter a seed value before you submit the data masking job. h. To add another sensitive column to the group, click Add Column. You can repeat this step until all columns in the table are listed, after which point the Add Column button becomes unavailable. Make sure that the column you initially selected to configure in step 1 is listed. i. To remove a sensitive column from the group, select the check box for the sensitive column, and then click Remove Column. j. Click Save. 7. If you have existing pre-masking or post-masking scripts that you want to upload, click Upload Pre/Post Masking Scripts. 8. Click Confirm Policy to create the masking policy. 9. Continue to Part 5. Part 5: Schedule the Job
This part walks you through the Schedule the Masking Job page where you can choose to run the job immediately or schedule it for later.
1. On the Schedule the Masking Job page, click Right Now or Later. If you choose to run the masking job later, specify the date and time at which it must be run. 2. Click Review to verify the masking job details. The Review and Submit page is displayed.
6-16 Chapter 6 Create Masking Formats
3. Click Submit to start the data masking job. You can monitor the status of a job, or suspend or abort the job from the Jobs page. If the data masking job fails, the masked tables are not restored. 4. (Optional) Click Download Masking logs to download the log files for the data masking job. 5. (Optional) Click Report to view the Data Masking report. 6. (Optional) Click Exit to exit the wizard. 7. To ensure that all of the sensitive data is successfully masked, review the masked data on your database. Create Masking Formats
You can create your own masking format for a sensitive column from the Library or while you are defining a masking policy in the Data Masking wizard. If you add a masking format to the Library, you can select it when you define a masking policy. This article has the following topics: • About User-Defined Masking Formats • Create a Masking Format About User-Defined Masking Formats
The basic masking formats enable you to customize the masking logic to meet your specific requirements. However, in the Data Masking wizard, you need to provide input for these masking formats every time you are creating a masking policy. To avoid this repetitive work, Oracle Data Safe provides you the capability to store your customizations in the Oracle Data Safe Library as user-defined masking formats. You can use these masking formats in the future without needing to provide the input values. For example, assume that you want to mask a national identifier that has ten digits. In the Oracle Data Safe Library, you can create a new masking format, say My National Identifier, using the Random Number masking format. Random Number takes two inputs: Start Number and End Number. You can provide 1000000000 as the Start Number and 9999999999 as the End Number, and then save your masking format in the Oracle Data Safe Library. In the future, to mask a column containing that national identifier, you can simply choose the My National Identifier masking format. Input is not required. If you have a sensitive type to discover your national identifier, you can also set My National Identifier as the default masking format for that sensitive type. This way, whenever you discover columns using this sensitive type, Data Masking selects the mapped masking format by default. Create a Masking Format
1. Click the Library tab. The Library page is displayed. 2. Click Masking Formats. The Masking Formats page is displayed. 3. Click Add.
6-17 Chapter 6 Manage Masking Formats
The Create Masking Format dialog box is displayed. 4. Specify the details for the masking format. a. If you want to create a masking format based on an existing masking format, select a predefined masking format from the Create Like drop-down list. Selecting a predefined masking format automatically populates the fields. If needed, you can edit the fields. b. If you would like to create a masking format from scratch, specify a masking format name and description. c. Select the compartment to which you want your masking format to belong. 5. Configure the masking formats.
Note:
You cannot create conditions here. You can create conditions when you modify a masking format in the Data Masking wizard.
a. From the drop-down list, select a masking format and configure its parameters. b. To add another masking format, click Add Format and configure its parameters. The results of the masking formats are concatenated together. c. To delete a masking format, click Delete Format. 6. Click Save. Your new masking format is now displayed on the Masking Formats page. You can select your masking format whenever you create a data masking job. Manage Masking Formats
You can view masking formats and manage user-defined masking formats from the Masking Formats page in the Library. This article has the following topics: • View a Masking Format • Update a User-Defined Masking Format • Delete a User-Defined Masking Format View a Masking Format
1. Click the Library tab. The Library page is displayed. 2. Click Data Masking and then Masking Formats. The Masking Formats page is displayed. 3. (Optional) Move the slider to the right to view only user-defined masking formats.
6-18 Chapter 6 Manage Masking Policies
4. Select the masking format to view its details, including its description and associated sensitive type. Update a User-Defined Masking Format
1. Click the Library tab. The Library page is displayed. 2. Click Masking Formats. The Masking Formats page is displayed. 3. (Optional) Move the Hide Oracle Predefined slider to the right to view only user-defined masking formats. 4. Click the user-defined masking format that you want to update. The Update Masking Format dialog box is displayed. 5. (Optional) Update the name and description of the masking format. 6. (Optional) Edit the existing masking format. 7. (Optional) To add a masking format, click Add Format, and select a masking format from the predefined masking formats drop-down list and specify the required inputs. 8. (Optional) To delete a masking format, click Delete Format next to the masking format that you want to delete. 9. Click Update. Delete a User-Defined Masking Format
You can delete user-defined masking formats. Deletions are permanent.
1. Click the Library tab. 2. Click Masking Formats. The Masking Formats page is displayed. 3. (Optional) Move the Hide Oracle Predefined slider to the right to filter the list to show only user-defined masking formats. 4. (Optional) In the search field, enter part or all of the name of the masking format you want to delete and click the magnifying glass button. 5. Select the check box for the masking format that you want to delete. 6. Click Delete. The Delete Masking Format dialog box is displayed. 7. Click OK to confirm. Manage Masking Policies
You can manage masking policies from the Masking Policies page in the Library. This article has the following topics: • View a Masking Policy
6-19 Chapter 6 Manage Masking Policies
• Update a Masking Policy • Download a Masking Policy • Upload a Masking Policy • Delete a Masking Policy View a Masking Policy
You can view a masking policy that you created to mask sensitive data.
1. Click the Library tab. 2. Click Masking Policies to view the list of masking policies to which you have access. 3. Click a masking policy to review its details. Update a Masking Policy
1. Click the Library tab. 2. Click Masking Policies. A list of masking policies to which you have access is displayed. 3. To display all of the sensitive columns and their masking formats, move the Expand All slider to the right. 4. For each sensitive column that you want to update, do the following: a. Locate the sensitive column that you want to update, and then select a different masking format from the drop-down list or click the pencil icon. The Edit Format dialog box is displayed. b. Modify the masking format, and click Save. 5. Click Save to save the masking policy. Download a Masking Policy
You can download a masking policy as an XML file.
1. Click the Library tab. 2. Click Masking Policies. The Masking Policies page is displayed. 3. Select the check box for the masking policy you want to download, and click Download. The Download Masking Policy dialog box is displayed. 4. Click Yes to include the SDM in the downloaded XML file. Otherwise, click No. The XML file is downloaded to your browser.
6-20 Chapter 6 Manage Masking Policies
Upload a Masking Policy
You can use the Data Discovery wizard to upload a file-based masking policy (XML file).
1. In the left pane, click Data Masking to launch the Data Masking wizard. 2. On the Select Target for Data Masking page, select the target database that you want to mask, and click Continue. You can select only one target database. If your target database is not listed, click Register and follow the steps to register a target database. The Select Masking Policy page is displayed. 3. For Masking Policy, select Upload (file includes an SDM) or Upload (separate files for Masking Policy and SDM). 4. Click Choose File for the masking policy and sensitive data model (if needed), select the necessary XML files, and click Open. 5. Leave the default masking policy and sensitive data model names as they are, or enter new names. These names are displayed in the Library. 6. Select the compartment to which you want the new masking policy and sensitive data model to belong. 7. Click Continue. The masking policy and SDM are uploaded into the library and the SDM is verified against the selected target database. The Data Model Verification Result page is displayed. 8. Review the differences between the sensitive data model and the target database that you selected, and then click Continue. 9. Deselect sensitive columns that you do not want to include in the sensitive data model, and then click Report. 10. Review the report, and then click Continue. The Masking Policy page is displayed. 11. Click Exit. 12. To verify that your masking policy is available in the Library, do the following: a. Click the Library tab. b. Click Masking Policies. A list of masking policies to which you have access is displayed. c. Verify that your masking policy is listed. Delete a Masking Policy
You can delete a masking policy that you previously created. Deleting a masking policy is permanent.
6-21 Chapter 6 Manage Masking Policies
1. Click the Library tab. 2. Click Data Masking and then Masking Policies. The masking policies are displayed. 3. Select the masking policy you want to delete, and click Delete. The Delete Masking Policy dialog box asks you to confirm the deletion. 4. Click OK.
6-22 7 Reports and Jobs
This section discusses how to work with reports and jobs in Oracle Data Safe. • Reports and Jobs Overview This section provides an overview of the reporting and job monitoring functionality in Oracle Data Safe. • Manage Reports You can manage reports from the Reports tab in Oracle Data Safe. • Manage Jobs You can track the status of your jobs and manage jobs from the Jobs page. You can monitor the number of jobs for each target database from the Settings page. Reports and Jobs Overview
This section provides an overview of the reporting and job monitoring functionality in Oracle Data Safe. This article has the following topics: • Report Types • Jobs Report Types
Oracle Data Safe generates Security Assessment, User Assessment, Data Discovery, Data Masking, Activity Auditing, and system audit reports. You can customize the reports as needed. The following table lists the reports available and links you to more information.
Report Type Report Name Activity Auditing Reports · Audit Summary · All Activity · Admin Activity · User/Entitlement Changes · Audit Policy Changes · Login Activity · Data Access · Data Modification · Database Schema Changes · Data Safe Activity · Database Vault Activity Data Discovery Reports · Sensitive Data Discovery Data Masking Reports · Data Masking
7-1 Chapter 7 Manage Reports
Report Type Report Name Security Assessment Reports · Comprehensive Assessment User Assessment Reports · User Assessment Service Activity Report · Service Activity Jobs
Most actions that you perform in Oracle Data Safe start a job, for example, when you discover or mask sensitive data. You can track the status of your jobs and manage jobs from the Jobs page. You can monitor the number of jobs for each target database from the Settings page. Manage Reports
You can manage reports from the Reports tab in Oracle Data Safe. This article has the following topics: • View Reports • Create a Custom Report • Delete a Custom Report • Download a Report View Reports
All reports are listed on the Reports tab in Oracle Data Safe. You can also find links to the last generated report for target databases on the Security Assessment and User Assessment tabs. 1. To access a report from the Reports tab, do the following: a. Click the Reports tab. b. In the table, expand a report type if needed. c. To open a report, click its name. d. To navigate up and down in a report, drag the scroll bar on the right. 2. To access the last generated Security Assessment report or User Assessment report for a target database: a. Click the Security Assessment tab or the User Assessment tab. b. Scroll down to find your target database. c. In the Last Generated Report column, click View Report. The report opens on the Reports tab. 3. (If available) To display summary totals at the top of the report, click Summary. To hide the totals, click Summary again.
7-2 Chapter 7 Manage Reports
4. (If available) To set filters in a report, click Filters at the top of the report, select filter options, and click Apply. To add another filter, + Filter. To remove a filter, click X. 5. (If available) To show more columns in a report, click the Select Columns icon (plus sign). In the Select Columns dialog box, select and deselect columns and click Apply. Restricted-Use Licensing for Oracle Business Intelligence Publisher (BI Publisher) Oracle Data Safe includes a restricted-use license for Oracle Business Intelligence Publisher and is specifically used for generating and/or viewing the reports. Create a Custom Report
You can customize a report by filtering rows based on expressions and by adding, removing, and rearranging columns.
1. Click the Reports tab. 2. Click the report that you want to customize. 3. To filter row data, click Filters and configure an expression; for example, Target Name = Call_Center_Prod. 4. To add or hide columns, to the right of the column headings, click the plus sign. In the Select Columns dialog box, select or deselect column names and click Apply. 5. In the Report Definition drop-down list, select Save As New. The Save As dialog box is displayed. 6. Do the following: a. Enter a report name and an optional description. b. Select the compartment to which you want your report to belong. c. Click Save As. 7. Click the Reports tab. 8. Scroll down and verify that your new report is listed under Custom Reports. 9. To save changes to your custom report, in the Report Definition drop-down list, select Save. Delete a Custom Report
You can delete custom reports, but not predefined reports.
1. Click the Reports tab. 2. Click your report name. 3. In the Report Definition drop-down list, select Delete. The Delete Report dialog box is displayed. 4. Click OK to confirm.
7-3 Chapter 7 Manage Jobs
Download a Report
You can download some of the reports as a PDF or XLS file. Before you can download a report, you must first generate it. When generating a report, consider setting a row limit if there is much data. You can also filter the report by time period. If you add or remove report columns, then you first need to create a custom report. To download the custom report, first open the custom report, generate the report, and then download the report.
1. Click the Reports tab. 2. Open a regular report or a custom report by clicking its name. 3. Click Generate Report. The Generate Report dialog box is displayed. 4. Specify the following parameters for the report: a. Select a report format (PDF or XLS). b. (Optional) Enter a row limit. By default, the row limit is 200. c. (Optional) In the Targets field, click, and then select the target database name to filter the data by target database. You can add multiple targets. d. (Optional) Enter a description for the report. e. (Optional) Enter the operation start time and end time. Click the calendar icons to display a calendar with selectable dates and times. Select the date and time, and click Done. Only rows within this time period are included in the report. f. Select a compartment to which you want the report to belong. User groups that have access to the compartment can access the report. g. Click Generate Report. After the report is generated, a success message is displayed at the top of the page and a Download Report link will appear next to the Generate Report option. 5. To download the report, click Download Report. Manage Jobs
You can track the status of your jobs and manage jobs from the Jobs page. You can monitor the number of jobs for each target database from the Settings page. This article has the following topics: • View Jobs • Suspend or Resume a Job • Abort or Delete a Job
7-4 Chapter 7 Manage Jobs
• Monitor the Number of Jobs Submitted View Jobs
The Jobs tab lists all of your current, past, and scheduled jobs. Scheduled jobs are displayed on a separate tab. Each job is classified based on the type of operation that it performs; for example, entitlement, pdfreport, and dataclassification.
1. At the top of the page, click Jobs. The Current and Past Jobs tab is displayed by default. The jobs are listed in table format. 2. View the status of a job in the Status column. The value indicates whether the job is finished, suspended, aborted, or still running. 3. To view the status history of a job, click the job’s status. The Job Log dialog box displays dates, times, statuses, and task information. 4. To search for a job, in the search box, enter the operation type of the job (for example, audittrail) and click the magnifying glass button. The list is updated based on your search criteria. 5. To view more detail about a particular job, click a job’s instance ID. The Job Details dialog box is displayed and shows you the operation type, the status of the job, the start and end time of the job, and schedule for the job. 6. To navigate the rows and pages, use the scroll bars and page links at the bottom. 7. To view scheduled jobs, click the Scheduled Jobs tab. Suspend or Resume a Job
If there is a problem, you may need to temporarily suspend a job. Suspending a job only pauses it, and the job remains in the system. You can later resume the job when the problem is fixed.
1. Select the check box for the job you want to suspend or resume. 2. To pause a job temporarily, click Suspend. 3. To continue with a suspended job, click Resume. Abort or Delete a Job
You can stop a job permanently and remove it from the job list.
1. Select the check box for the job you want to abort or delete. 2. To stop the job permanently, click Abort. The job is stopped, but remains listed. 3. To remove the job from the list, click Delete.
7-5 Chapter 7 Manage Jobs
Monitor the Number of Jobs Submitted
Oracle Data Safe in a region of your tenancy is allowed a maximum of 1000 jobs per target per month. After which, users have to wait for the next calendar month to submit new jobs. There is no paid option for additional usage. You can monitor the number of jobs on the Settings page.
1. Click the Settings tab. The Settings page is displayed. 2. View the Job Instances column in the table. The Job Instances column displays the number of jobs for each target database for the current month.
7-6 8 Reference
This section contains reference materials. • Predefined Masking Formats To help you mask common sensitive and personal data, such as credit card numbers, phone numbers, and national identifiers, Oracle Data Safe provides predefined masking formats. You can use predefined masking formats as is without providing any input. You cannot edit or delete predefined masking formats. • Basic Masking Formats Oracle Data Safe supports several basic masking formats that you can use as building blocks when creating new masking formats. You can create a masking format in a masking policy while working in the Data Masking wizard, or you can create a masking format in the Library and store it there to use later. • Regular Expressions You can use regular expressions to describe a set of strings based on common characteristics shared by each string in the set. • Introduction to Oracle Data Safe Video Script This is the script for the Introduction to Oracle Data Safe video. • Service Limits Oracle Data Safe has usage and service activation limits. Predefined Masking Formats
To help you mask common sensitive and personal data, such as credit card numbers, phone numbers, and national identifiers, Oracle Data Safe provides predefined masking formats. You can use predefined masking formats as is without providing any input. You cannot edit or delete predefined masking formats. The following table describes the predefined masking formats.
Masking Format Description Age Replaces values with random numbers from 0 through 110 Examples: · 18 · 75 · 102 Bank Account Number Replaces values with random 9 to 16-digit numbers Examples: · 7411024398 · 392663014671 · 24914700572445
8-1 Chapter 8 Predefined Masking Formats
Masking Format Description Bank Routing Number Replaces values with random bank routing numbers. Ensures that the routing numbers pass the checksum test. Examples: · 121122676 · 322271627 · 061000052 Blood Type Replaces column data with values picked randomly from the following list: · A+ · A- · B+ · B- · AB+ · AB- · O+ · O- Canada Postal Code (Space- Replaces values with random Canada postal codes, which are in A9A Separated) A9A format, where A signifies a letter and 9 signifies a digit Examples: · T7S T3R · J0L G6L · E4B L0V Details: First character: · Randomly picks letters from A to Z except D, F, I, O, Q, U, W, and Z Second character: · Randomly picks digits from 0 to 9 Third character: · Randomly picks letters from A to Z except D, F, I, O, Q, and U Fourth character: · Space Fifth character: · Randomly picks letters from A to Z except D, F, I, O, Q, and U Sixth character: · Randomly picks digits from 0 to 9 Seventh character: · Randomly picks letters from A to Z except D, F, I, O, Q, and U Canada Social Insurance Replaces values with random Canada Social Insurance Numbers. Number Ensures that the numbers pass the Luhn©s validation. Examples: · 688637008 · 346612823 · 734411531
8-2 Chapter 8 Predefined Masking Formats
Masking Format Description Canada Social Insurance Replaces values with random Canada Social Insurance Numbers, Number (Hyphenated) which are in 999-999-999 format, where 9 signifies a digit. Ensures that the numbers pass the Luhn validation. Examples: · 688-637-008 · 346-612-823 · 734-411-531 Credit Card Number Replaces values with random credit card numbers. Generates card numbers of types: American Express, Diners Club, Discover, enRoute, JCB, Mastercard, and Visa. Ensures that the numbers pass the Luhn validation. Examples: · 4485780314771620 · 6011867455059259 · 5253901798047025 Credit Card Number Replaces values with random hyphenated credit card numbers. It (Hyphenated) generates card numbers of type: American Express, Diners Club, Discover, enRoute, JCB, Mastercard, and Visa. Ensures that the numbers pass the Luhn validation. Examples: · 4485-7803-1477-1620 · 6011-8674-5505-9259 · 5253-9017-9804-7025 Credit Card Number- Replaces values with random 15-digit American Express credit card American Express numbers. Ensures that the numbers pass the Luhn validation. Examples: · 377428083214575 · 342545797384840 · 371449635398431 Credit Card Number-Discover Replaces values with random 16-digit Discover credit card numbers. Ensures that the numbers pass the Luhn validation. Examples: · 6011174868103745 · 6011006830091113 · 6011326843007736 Credit Card Number- Replaces values with random 16-digit Mastercard credit card numbers. Mastercard Ensures that the numbers pass the Luhn validation. Examples: · 5233316245315286 · 5171736663215508 · 5479143620815877 Credit Card Number-Visa Replaces values with random 16-digit Visa credit card numbers. Ensures that the numbers pass the Luhn validation. Examples: · 4929680877575125 · 4716403468935369 · 4532622699903274
8-3 Chapter 8 Predefined Masking Formats
Masking Format Description Date-Card Expiration Replaces values with random dates between 2000 and present. Day is always the last day of the month. Examples: · 2008-02-29 · 2014-08-31 · 2018-04-30 Date-Past Replaces values with random dates from 1950 through to the present date Examples: · 1970-01-01 · 2001-08-05 · 2018-10-16 Email Address Replaces values with random email addresses while preserving the number of periods, hyphens, and underscores before the address sign (@). Possible top-level domains are: .com, .org, .net, .edu, .gov, .int, .us, .uk, .eu, .cn, .in , .ru, .jp, and .au. Examples: · [email protected] could become [email protected] · [email protected] could become [email protected] · [email protected] could become [email protected] Finland Personal Identity Replaces values with random Finland Personal Identity Codes Code Examples: · 160811A0142 · 251017A561N · 300399-888Y Details: Day of Birth: · Generates random 2-digit numbers between 01 and 30 Month of Birth: · Generates random 2-digit numbers between 01 and 12 Year of Birth: · Generates random 2-digit numbers between 00 and 99 Century Identification Sign: · Randomly picks characters from +, -, or A Individual Number: · Generates random 3-digit numbers between 000 and 999 Checksum Character: · Randomly picks characters from 0 through 9 or from A through Z, except for G, I, O, Q, and Z Sanity Check: · Uses Post Processing Function to ensure validity of the generated Personal Identity Codes
8-4 Chapter 8 Predefined Masking Formats
Masking Format Description Format Preserving Randomizes values while preserving their length, the position of letters Randomization and digits, the case of letters, and the special characters Examples: · AjHjK123#@ could become SbVbU574#@ · 678-704-7862 could become 281-272-1795 · !@#$ remains !@#$ Gender Replaces column data with values picked randomly from the following list: · Male · Female · Other Height (Centimeter) Replaces values with random numbers from 45 cm through 200 cm. Examples: · 60 · 162 · 176 Identification Number Replaces values with random numbers from 1 through 999,999 Examples: · 166050 · 9887 · 46803 IMEI Number Replaces values with random 15-digit IMEI numbers. Ensures that the numbers pass the Luhn validation. Examples: · 490154203237518 · 357805023984942 · 352066060926230 Income Replaces values with random numbers from 30,000 through 999,999 Examples: · 75001 · 155000 · 700999 Marital Status Replaces column data with values picked randomly from the list: Single, Married, Separated, Divorced, Remarried, and Widowed Race Replaces column data with values picked randomly from the list: White, African American, Asian, American Indian, Alaska Native, Native Hawaiian, and Other Pacific Islander Random Name Replaces values with random letters of random length. Compatible with character type columns only. Examples: · AjHjK123#@ could become Sbvtud · Michael could become Ramzoni · Richard Williams could become Madpalvik Religion Replaces column data with values picked randomly from the list: Christianity, Islam, Nonreligious, Hinduism, Buddhism, Sikhism, Jainism, Judaism, and Other
8-5 Chapter 8 Predefined Masking Formats
Masking Format Description Sexual Orientation Replaces column data with values picked randomly from the list: Heterosexual, Homosexual, Bisexual, and Asexual Stock Replaces values with random numbers from 100 through 9,999 Examples: · 1300 · 5499 · 9990 UK National Insurance Replaces values with random UK National Insurance numbers, which Number (Space-Separated) are in AA 99 99 99 A format, where A signifies a letter and 9 a digit Examples: · AA 69 94 50 A · ZR 50 16 33 A · EE 25 37 53 D Details: First Prefix Letter · Randomly picks letters from A to Z except D, F, I, Q, U, and V Second Prefix Letter · Randomly picks letters from A to Z except D, F, I, Q, U, and V 6 Digits · Generates random 6-digit numbers Suffix Letter · Randomly picks letters from A to D Sanity Check and Formatting · Uses Post Processing Function to format and ensure validity of the generated National Insurance numbers UK Postal Code (Space- Replaces values with random UK postal codes, which are in AA9A 9AA Separated) format, where A signifies a letter and 9 a digit Examples: · SE1P 4SA · EC1A 1BB · SW1A 0AA Details: First Character: · Randomly picks letters from A to Z except Q, V, and X Second Character: · Randomly picks letters from A to Z except I, J, and Z Third Character: · Randomly picks digits from 0 to 9 Fourth Character: · Randomly picks letters from A, B, E, H, M, N, P, R, V, W, X, and Y Fifth Character: · Space Sixth Character: · Randomly picks digits from 0 to 9 Seventh Character: · Randomly picks letters from A to Z except C, I, K, M, O, and V Eighth Character: · Randomly picks letters from A to Z except C, I, K, M, O, and V
8-6 Chapter 8 Predefined Masking Formats
Masking Format Description URL Replaces values with random URLs starting with http or https. Possible top-level domains are: .com, .org, .net, .edu, .gov, .int, .us, .uk, .eu, .cn, .in, . ru, .jp, and .au. Examples: · https://www.hapiden.com · http://www.qazwsx937.gov · https://www.bhatag.in US Phone Number Replaces values with random 10-digit US phone numbers Examples: · 6787047862 · 2025550149 · 5206625256 Details: Area Code: · Randomly picks 3-digit codes from 328 US area codes Remaining 7 Digits: · Generates random 7-digit numbers Sanity Check: · Uses Post Processing Function to ensure validity of the generated phone numbers US Phone Number (With Replaces values with random US phone numbers, which are in +1 Country Code) (999) 999-9999 format, where 9 signifies a digit Examples: · +1 (678) 704-7862 · +1 (202) 555-0149 · +1 (520) 662-5256 Details: Country Code: · +1 Area Code: · Randomly picks 3-digit codes from 328 US area codes Remaining 7 Digits: · Generates random 7-digit numbers Sanity Check and Formatting: · Uses Post Processing Function to format and ensure validity of the generated phone numbers US Social Security Number Replaces values with random US Social Security numbers Examples: · 148923857 · 771182740 · 562998392 US Social Security Number Replaces values with random US Social Security numbers, which are in (Hyphenated) 999-99-9999 format, where 9 signifies a digit Examples: · 148-92-3857 · 771-18-2740 · 562-99-8392
8-7 Chapter 8 Basic Masking Formats
Masking Format Description Weight (Pound) Replaces values with random numbers from 5 through 250. The range covers weight in pounds. Examples: · 45 · 176 · 210 Basic Masking Formats
Oracle Data Safe supports several basic masking formats that you can use as building blocks when creating new masking formats. You can create a masking format in a masking policy while working in the Data Masking wizard, or you can create a masking format in the Library and store it there to use later. • Supported Data Types • Delete Rows • Deterministic Encryption • Deterministic Substitution • Fixed Number • Fixed String • Group Shuffle • Null Value • Post Processing Function • Preserve Original Data • Random Date • Random Decimal Number • Random Digits • Random List • Random Number • Random String • Random Substitution • Regular Expression • Shuffle • SQL Expression • Substring • Truncate Data • User Defined Function
8-8 Chapter 8 Basic Masking Formats
Supported Data Types
The following information applies to basic masking formats only.
Character Data Types The following character types can use Delete Rows, Deterministic Encryption, Deterministic Substitution, Fixed Number, Fixed String, Group Shuffle, Null Value, Post Processing Function, Preserve Original Data, Random Decimal Number, Random Digits, Random List, Random Number, Random String, Random Substitution, Regular Expression, Shuffle, SQL Expression, Substring, Truncate Data, and User Defined Function masking formats: • CHAR • NCHAR • VARCHAR2 • NVARCHAR2
Numeric Data Types The following numeric types can use Delete Rows, Deterministic Encryption, Deterministic Substitution, Fixed Number, Group Shuffle, Null Value, Post Processing Function, Preserve Original Data, Random Decimal Number, Random Digits, Random List, Random Number, Random Substitution, Regular Expression, Shuffle, SQL Expression, Truncate Data, and User Defined Function masking formats: • NUMBER • FLOAT • RAW • BINARY_FLOAT • BINARY_DOUBLE
Date Data Types The following date types can use Delete Rows, Deterministic Encryption, Deterministic Substitution, Group Shuffle, Null Value, Post Processing Function, Preserve Original Data, Random Date, Random List, Random Substitution, Shuffle, SQL Expression, Truncate Data, and User Defined Function masking formats: • DATE • TIMESTAMP
Large Object (LOB) Data Types The following LOB data types can use Fixed Number, Fixed String, Null Value, Regular Expression, and SQL Expression masking formats: • BLOB • CLOB • NCLOB
8-9 Chapter 8 Basic Masking Formats
Unsupported Objects Oracle Data Safe does not support masking for the following: • External tables • Clustered tables • Queue tables • Long columns • XML-type columns • Virtual columns • ROWID columns Delete Rows
Purpose The Delete Rows masking format deletes the rows that meet a user-specified condition. It is useful in conditional masking when you want to delete a subset of values in a column and mask the remaining values using some other masking formats. You should be careful while using this masking format. If no condition is specified, all rows in a table are deleted. If a column is being masked using Delete Rows, there must not be a foreign key constraint or dependent column referring to the table.
See Also:
Conditional Masking
Inputs • No inputs are required.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: No • Deterministic: Does not apply • Reversible: No • Uniqueness: Does not apply
8-10 Chapter 8 Basic Masking Formats
Example Assume that a table has EMPLOYEE_ID and SALARY columns, and you want to delete the salary data for a subset of employee IDs. You can specify a condition on the SALARY column using EMPLOYEE_ID to delete rows matching the condition. You can use some other masking formats to mask the remaining salary values. The logic to mask SALARY might look like the following:
EMPLOYEE_ID < 100 DELETE ROWS EMPLOYEE_ID < 200 RANDOM NUMBER [Start Value:30000 End Value:500000] DEFAULT PRESERVE ORIGINAL DATA
Deterministic Encryption
Purpose The Deterministic Encryption masking format encrypts column data using a cryptographic key and Advanced Encryption Standard (AES 128). The format of the column data after encryption is similar to that of the original values. For example, if you mask nine-digit numbers, the encrypted values also have nine digits. Deterministic Encryption is a deterministic and reversible masking format. It is helpful when businesses need to mask and send their data to a third party for analysis, reporting, or any other business processing purpose. After the processed data is received from the third party, the original data can be recovered (decrypted) using the same seed value that was used to encrypt the data.
Note:
Deterministic Encryption is not supported for Oracle Database 11.2.0.4.
Inputs • Regular Expression: Provide a regular expression to mask a character or numeric column. For data with characters in the ASCII character set, providing a regular expression is optional. However, you need to provide a regular expression if the data contains multi- byte characters. If not provided, an error is returned when a multi-byte character is found. In the case of ASCII characters, if a regular expression is not provided, Deterministic Encryption can encrypt variable-length column values while preserving their original format. If a regular expression is provided, the column values in all the rows must match the regular expression. Deterministic Encryption supports a subset of the regular expression language. It supports encryption of fixed-length strings, and does not support * or + syntax of regular expressions. The encrypted values also match the regular expression,
8-11 Chapter 8 Basic Masking Formats
which helps to ensure that the original format is preserved. If an original value does not match the regular expression, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping. Deterministic Encryption can encrypt column values with up to 27 characters. This limit excludes special characters. Also, the limit can be lower for multi-byte characters.
WARNING:
If you choose to encrypt without using a regular expression, the column values exceeding the length restriction still get masked, but you might not be able to decrypt them back properly. If a regular expression is provided, size estimation is done using the regular expression and an error is returned if the length restriction is exceeded.
• Seed Value: Deterministic Encryption uses a seed value to generate a cryptographic key for encryption and decryption. Provide the seed value at the time of submitting the data masking job. It can be any string containing alphanumeric characters. • Decrypt Option: If your masking policy has a sensitive column using the Deterministic Encryption masking format, you are shown the decrypt option while submitting the data masking job. Choosing this option, you can decrypt the encrypted column values. • For Date types: To mask a date type column, provide a start and end date. You can use the calendar widget to select the dates. The start date must be less than or equal to the end date. The column values in all the rows must be within the specified date range. The encrypted values are also within the specified range. Therefore, to ensure uniqueness, the total number of dates in the range must be greater than or equal to the number of distinct original values in the column. If an original value is not in the specified date range, Deterministic Encryption might not produce a one-to-one mapping. All non-confirming values are mapped to a single encrypted value, thereby producing a many-to-one mapping.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: No • Deterministic: Yes • Reversible: Yes • Uniqueness: Yes. Refer to the Inputs section to see specific conditions.
8-12 Chapter 8 Basic Masking Formats
Example Suppose you want to encrypt US Social Security numbers, such as 333-93-4245. You can simply choose Deterministic Encryption without providing a regular expression. It automatically encrypts the numbers while preserving the format. If you want to restrict the characters in encrypted values, you can provide a regular expression. For example, you can use the regular expression [1-8][0-9]{2}-[0-9] {2}-[0-9]{4} if the first digit in your numbers is between 1 and 8, and you want to ensure the same in the encrypted values.
See Also:
Regular Expressions for help on writing regular expressions.
Deterministic Substitution
Purpose The Deterministic Substitution masking format uses the specified substitution column as the source of masked values. It performs hash-based substitution to replace the original data in a column with values from the substitution column.
Inputs • Schema Name: The name of the schema containing the substitution column • Table Name: The name of the table containing the substitution column • Column name: The name of the substitution column containing the data that should be used for masking. The data types of the specified substitution column and column being masked must be the same. The substitution column must be present and accessible on the target database before masking. You can also use a pre-masking script to create this column. • Seed value: Deterministic Substitution uses a seed value to perform hash-based substitution. Provide the seed value at the time of submitting a data masking job. It can be any string containing alphanumeric characters. To perform deterministic masking, you need to use the same seed value across multiple masking runs.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: No • Deterministic: Yes, as long as the values in the substitution column do not change and you provide the same seed value
8-13 Chapter 8 Basic Masking Formats
• Reversible: No • Uniqueness: Yes. The number of distinct values in the substitution column must be greater than or equal to the number of distinct values in the column to be masked.
Example Suppose you discover a sensitive column named EMP_ID that contains employee IDs. Let's assume that you have fake employee ID values stored in another column named SUB_EMP_ID, which resides in the SUB_EMPLOYEES table in the SUB_HR schema. When configuring the masking policy in the Data Masking wizard, you choose the Deterministic Substitution masking format for the EMP_ID column and provide the inputs: SUB_HR, SUB_EMPLOYEES, and SUB_EMP_ID.
You also specify a seed value at job submission time. When the job runs, Data Masking replaces the values in the EMP_ID column with the fake values from the SUB_EMP_ID column. In the future, you can mask this column (or other similar columns) using the same substitution column and seed value to ensure that the employee IDs are masked the same way. Fixed Number
Purpose The Fixed Number masking format replaces column data with a user-specified fixed number.
Inputs • Fixed Number: The number that should be used to replace the column values. It can be any integer or decimal number, including negative numbers. The specified number should be valid for the column size.
Supported Data Types • Character • Numeric • Large Object (LOB)
Characteristics • Combinable: Yes • Deterministic: Yes • Reversible: No • Uniqueness: No
Examples • Suppose you want to replace all the Social Security numbers in a column with 999999999. You can use the Fixed Number masking format and provide this number as input. • Alternatively, you can combine multiple basic masking formats to mask a column value. For example, you can use the Fixed Number masking format to ensure that
8-14 Chapter 8 Basic Masking Formats
the masked value starts with 990. Then, you can use the Random Number masking format to randomly generate the remaining seven digits. Fixed String
Purpose The Fixed String masking format replaces column data with a user-specified fixed string.
Inputs • Fixed String: The string that should be used to replace the column values. It should be valid for the column size.
Supported Data Types • Character • Large Object (LOB)
Characteristics • Combinable: Yes • Deterministic: Yes • Reversible: No • Uniqueness: No
Examples • Suppose you want to replace all the Social Security numbers in a column with ***-**- ****. You can use the Fixed String masking format and provide this string as input. • Alternatively, you can combine multiple basic masking formats to mask a column value. For example, you can use the Fixed String masking format to ensure that the masked value starts with ***-**-. Then, you can use the Random Number masking format to randomly generate the remaining four digits. • Similarly, you can use the Fixed String masking format to ensure that the license plate numbers in a column start with "CA." Group Shuffle
Purpose The Group Shuffle masking format enables you to randomly reorder (shuffle) column data within discrete units, or groups, where there is a relationship among the members of each group.
Inputs • Grouping Columns (Optional): One or more reference columns that should be used to group the values in the column to be masked. The grouping columns and the column to be masked must belong to the same table.
8-15 Chapter 8 Basic Masking Formats
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: No • Deterministic: No • Reversible: No • Uniqueness: Yes, this masking format ensures uniqueness for columns that have unique constraints
Example Suppose you have two groups of employees: managers (M) and workers (W). You want to shuffle all the salaries, but you do not want the salaries of the managers getting mixed into the salaries of the workers. You can use the Group Shuffle masking format to shuffle the SALARY column within each group, which is derived from the unique values in the JOB_CATEGORY column.
The following table illustrates a group shuffle on the SALARY column, where the JOB_CATEGORY column is the grouping column. The rows with JOB_CATEGORY = M belong to one group and the SALARY values belonging to this group are shuffled within the group. Similarly, the rows with JOB_CATEGORY = W belong to another group and the SALARY values belonging to this group are shuffled within the group.
EMPLOYEE JOB_CATEGORY SALARY SHUFFLED_SALARY Alice M 90 88 Bill M 88 90 Carol W 72 70 Denise W 57 45 Eddie W 70 57 Frank W 45 72 Null Value
Purpose The Null Value masking format replaces column data with NULL. The column being masked must be allowed to contain null values.
Inputs • No inputs are required.
Supported Data Types • Character
8-16 Chapter 8 Basic Masking Formats
• Numeric • Date • Large Object (LOB)
Characteristics • Combinable: No • Deterministic: Yes • Reversible: No • Uniqueness: No
Example Suppose you have a column named SALARY that contains salary information and you want to replace those numbers with NULL. You can apply the Null Value masking format to the SALARY column. Post Processing Function
Purpose The Post Processing Function masking format is a special masking option that enables you to use a custom function to further transform column values after they have been masked using some other masking formats. It takes the intermediate masked values as input and returns the final masked values. For example, you can use it for adding checksums or special encodings to the masked values. This masking option requires some level of coding skills.
Inputs • Package Name (Optional): The name of the database package • Function Name: The name of the database function The database function has a fixed signature:
function post_proc_func (rowid varchar2, column_name varchar2, mask_value varchar2) return varchar2;
where: • rowid is the row identifier of the row containing the value to be masked. • column_name is the name of the column to be masked. • mask_value is the value to be masked.
Supported Data Types • Character • Numeric • Date
8-17 Chapter 8 Basic Masking Formats
Characteristics • Combinable: Yes • Deterministic: Does not apply • Reversible: Does not apply • Uniqueness: Does not apply
Example You can use Post Processing Function to add a comma or dollar sign to a value. Suppose that you mask a SALARY column by using the Random Number masking format. You can then apply the Post Processing Function masking format to the masked values to add a currency symbol, such as $.
RANDOM NUMBER [START:25000 END: 100000] POST PROCESSING FUNCTION salary_post_processing
To create the salary_post_processing function, your code might look like the following:
CREATE OR REPLACE FUNCTION salary_post_processing (rowid varchar2, column_name varchar2, mask_value varchar2) RETURN varchar2 IS BEGIN RETURN (©$© || mask_value); END;
Preserve Original Data
Purpose The Preserve Original Data masking format retains the original values in a column. It is useful in conditional masking when you want to preserve a subset of values in a column and mask the remaining values using some other masking formats.
See Also:
Conditional Masking
Inputs • No inputs are required.
Characteristics • Combinable: No • Deterministic: Yes
8-18 Chapter 8 Basic Masking Formats
• Reversible: Does not apply • Uniqueness: If the original values are unique, they will remain unique after masking.
Example Assume that a table has a SALARY column that you want to mask by using the EMPLOYEE ID column in a condition. If the EMPLOYEE ID values are less than 100, you want to keep them. If they are from 100 to 199, you want to use the fixed number 100000. Any EMPLOYEE ID greater than or equal to 200, you want to use a random number between 30000 and 500000. The masking logic for the SALARY column might look like the following:
EMPLOYEE_ID < 100 PRESERVE ORIGINAL DATA EMPLOYEE_ID < 200 FIXED NUMBER 100000 EMPLOYEE_ID >= 200 RANDOM NUMBER [Start Value: 30000 End Value: 500000]
Random Date
Purpose The Random Date masking format generates random dates within a date range to replace the original column values.
Inputs • Start Date: The lower bound of the range within which random dates should be generated • End Date: The upper bound of the range within which random dates should be generated The inputs should be in format YYYY-MM-DD. Start Date should be less than or equal to End Date.
Supported Data Types • Date
Characteristics • Combinable: Yes • Deterministic: No • Reversible: No • Uniqueness: Yes. The total number of distinct values in the specified range must be greater than or equal to the number of values in the column.
Example To generate random dates between January 1, 2016 and December 31, 2019 for the column BIRTH_DATE, you can use the Random Date masking format with the dates entered as the two parameters.
8-19 Chapter 8 Basic Masking Formats
The following table shows the original BIRTH_DATE column and the MASKED_BIRTH_DATE column.
BIRTH_DATE MASKED_BIRTH_DATE 01/01/2010 02/09/2016 05/02/2018 01/02/2018 09/11/2009 08/10/2019 Random Decimal Number
Purpose The Random Decimal Number masking format generates random decimal numbers within a value range to replace the original column values.
Inputs • Start Number: The lower bound of the range within which decimal numbers should be generated • End Number: The upper bound of the range within which decimal numbers should be generated The inputs can be any decimal numbers, including negative numbers. Start Number must be less than or equal to End Number. They should be valid for the column size.
Supported Data Types • Character • Numeric
Characteristics • Combinable: Yes • Deterministic: No • Reversible: No • Uniqueness: Yes. The total number of distinct values in the specified range must be greater than or equal to the number of values in the column.
Example Suppose you have a HEIGHT column and you want to generate random heights from 0.5 through 2.2 meters. You can use the Random Decimals Number masking format to generate decimal numbers from 0.5 through 2.2, including those values. Random Digits
Purpose The Random Digits masking format generates random digits of length within a range. It pads to the appropriate length in a string, but does not pad when used for a number
8-20 Chapter 8 Basic Masking Formats
column. This format is a complementary type of Random Number, which is not padded.
Inputs • Start Length: The minimum number of digits each masked value should have • End Length: The maximum number of digits each masked value should have
Supported Data Types • Character • Numeric
Characteristics • Combinable: Yes • Deterministic: No • Reversible: No • Uniqueness: Yes, however, if you do not specify a sufficient length range, you can run out of unique values within the range.
Example For a random digit with a length of [5,5], an integer from zero through 99999 is randomly generated and left padded with zeros to satisfy the length and uniqueness requirement. Random List
Purpose The Random List masking format randomly selects values from a list of values to replace the original column values.
Inputs • List of Values: A comma-separated list of values that should be used to replace column values. The data type of each value in the list must be compatible with the data type of the column. If using a list of dates, the dates should be in format YYYY-MM-DD. The number of entries in the list cannot be more than 999.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: Yes • Deterministic: No • Reversible: No
8-21 Chapter 8 Basic Masking Formats
• Uniqueness: Yes. The input list must have unique values, and the number of values in the list must be greater than or equal to the number of values in the column to be masked.
Example 1 Suppose you have a column with values 10, 20, 30, 40, 50. You can replace these values with random values from an input list (99, 100, 101, 102, 103) by using the Random List masking format. The following table compares the values in the original column (ORIGINAL) to the values after the first masking job (MASK1) and second masking job (MASK2). Notice that the masked values change each time the masking job runs.
ORIGINAL MASK1 MASK2 10 101 100 20 103 99 30 100 101 40 99 102 50 102 103
Example 2 The following table shows you how a MARITAL_STATUS column, consisting of five distinct values, gets masked with the Random List masking format. The list of values for the masking format is Single, Married, and Divorced.
MARITAL_STATUS MASKED_MARITAL_STATUS Single Divorced Married Single Windowed Divorced Single Married Divorced Married Separated Single Random Number
Purpose The Random Number masking format generates random integers within a specified range to replace column data.
Inputs • Start Number: The lower bound of the range within which the integers should be generated. • End Number: The upper bound of the range within which the integers should be generated. The inputs can be any integers, including negative integers. Start Number must be less than or equal to End Number. They should be valid for the column size.
8-22 Chapter 8 Basic Masking Formats
Supported Data Types • Character • Numeric
Characteristics • Combinable: Yes • Deterministic: No • Reversible: No • Uniqueness: Yes. The number of distinct values in the specified range must be greater than or equal to the number of values in the column.
Example Suppose you have an EMPLOYEE_AGE column and you want to generate random ages from 21 through 65. You can use the Random Number masking format to generate random integers from 21 through 65, including those values. The following table shows the original EMPLOYEE_AGE column and the MASKED_EMPLOYEE_AGE column.
EMPLOYEE_AGE MASKED_EMPLOYEE_AGE 21 59 35 22 51 43 28 38 64 61 75 21 Random String
Purpose The Random String masking format replaces column data with random strings of length within the specified range. The generated strings consist of lowercase letters only.
Inputs • Start Length: The minimum number of characters that the generated strings should have. • End Length: The maximum number of characters that the generated strings should have. The inputs can be any integers greater than zero. Start Length must be less than or equal to End Length. The inputs should be valid for the column size.
Supported Data Types • Character
8-23 Chapter 8 Basic Masking Formats
Characteristics • Combinable: Yes • Deterministic: No • Reversible: No • Uniqueness: Yes. The number of distinct values in the specified range must be greater than or equal to the number of values in the column.
Example Suppose you have a FIRST_NAME column and you want to mask it with random names of length from 5 through 15. You can use the Random String masking format to generate strings of desired length by entering these two values as input parameters. Random Substitution
Purpose The Random Substitution masking format enables you to mask values in a column using data from a substitution column. The values in the user-specified column are randomly ordered before mapping them to the original column values.
Inputs • Schema Name: The name of the schema containing the substitution column • Table Name: The name of the table containing the substitution column • Column Name: The name of the substitution column containing the data that should be used for masking. The data types of the specified substitution column and column to be matched must be the same.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: No • Deterministic: No, because the Random Substitution masking format randomly orders the mask values in the substitution column before replacing the sensitive data (unlike the Deterministic Substitution masking format) • Reversible: No • Uniqueness: Yes. The number of distinct values in the substitution column must be greater than or equal to the number of values in the column to be masked.
Example Suppose you discover a sensitive column named EMP_ID that contains employee IDs. Let's assume that you have fake employee ID values stored in another column named
8-24 Chapter 8 Basic Masking Formats
SUB_EMP_ID, which resides in the SUB_EMPLOYEES table in the SUB_HR schema (as shown in the following table).
SUB_EMP_ID 101 102 103 104 105 106 107
When configuring the masking policy in the Data Masking wizard, you can choose the Random Substitution masking format for the EMP_ID column. Provide the following inputs: SUB_HR, SUB_EMPLOYEES, and SUB_EMP_ID. When the job runs, Data Masking randomly orders the fake values in the SUB_EMP_ID column and uses them to replace the values in the EMP_ID column. The following table compares the values in the original column (EMP_ID) to the values after the first masking job (MASK1) and second masking job (MASK2). Notice that the masked values change each time the masking job runs.
EMP_ID MASK1 MASK2 412 101 104 185 107 105 102 105 102 322 102 101 692 103 106 Regular Expression
Purpose The Regular Expression masking format gives you the flexibility to use regular expressions to search for sensitive data in a column of Large Object data type (LOBs include BLOBs, CLOBs, NCLOBs), and replace the data with a fixed string, fixed number, null value, or SQL expression. You can also use this masking format for columns of VARCHAR2 type to mask parts of strings.
Inputs • Regular Expression: The pattern that should be used to search for sensitive data • Replace With: The value that should be used to replace the data matching the regular expression
Supported Data Types • Character • Numeric
8-25 Chapter 8 Basic Masking Formats
• Large Object (LOB)
Characteristics • Combinable: Yes • Deterministic: No • Reversible: No • Uniqueness: No
Examples • Use the regular expression @abc\.com to search for email addresses containing @abc.com and replace @abc.com with @example.com • Use the regular expression [A-Z]+@[A-Z]+\.[A-Z]{2,4} to mask email addresses by replacing with [email protected] • Use the regular expression [0-9]{3}[ -][0-9]{2}[ -][0-9]{4} to match Social Security numbers and replace with ***-**-**** • Use the regular expression
Purpose The Shuffle masking format randomly shuffles values within a column. Shuffle preserves data distribution. Suppose a column has 100 values, and all values are either 21 or 10, and the value 21 appears 60 times and the value 10 appears 40 times, after shuffling this column, this count remains same.
Inputs • No input values are required.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: No • Deterministic: No • Reversible: No • Uniqueness: Yes, provided the column values are all unique
Example In the following table, the values in the SALARY column are shuffled in the SHUFFLED_SALARY column.
8-26 Chapter 8 Basic Masking Formats
EMPLOYEE JOB_CATEGORY SALARY SHUFFLED_SALARY Alice M 90 70 Bill M 88 57 Carol W 72 88 Denise W 57 45 Eddie W 70 90 Frank W 45 72 SQL Expression
Purpose The SQL Expression masking format lets you use a SQL expression to mask column data. Data Masking uses the specified SQL expression to generate values which are used to replace the original data.
Inputs • SQL Expression: The SQL expression generates the masked values. It can consist of one or more values, operators, and SQL functions that evaluate to a value. It can also contain substitution columns (columns from the same table as the column to be masked). Specify the substitution columns within percent (%) symbols. Use SQL expressions with dbms_lob and other user-defined functions to mask columns of Large Object data type (LOBs include BLOB, CLOB, and NCLOB).
Supported Data Types • Character • Numeric • Date • Large Object (LOB)
Characteristics • Combinable: No • Deterministic: Yes, depending on the SQL expression defined • Reversible: No • Uniqueness: Yes, but the uniqueness is not guaranteed and depends on the SQL expression defined. However, because ORA_HASH uses a 32-bit algorithm, and considering the birthday paradox or pigeonhole principle, there is a 0.5 probability of collision after 232-1 unique values.
Examples • Generate random email addresses.
dbms_random.string(©u©, 8) || ©@example.com©
8-27 Chapter 8 Basic Masking Formats
• Generate email addresses using values from substitution columns, for example, FIRST_NAME and LAST_NAME.
%FIRST_NAME% || ©.© || %LAST_NAME% || ©@example.com©
• Empty a CLOB.
dbms_lob.empty_clob()
• Apply a custom masking function to a CLOB column, for example, CLOB_COL.
custom_mask_clob(%CLOB_COL%)
• Perform conditional masking. For example, the following expression masks PERSON_FULL_NAME with the first and last name if the party type is PERSON. Otherwise, it uses a random string to mask the data.
(case when %PARTY_TYPE%=©PERSON© then %PERSON_FIRST_NAME%|| © © || %PERSON_LAST_NAME% else (select dbms_random.string(©U©, 10) from dual) end)
• Perform substitution masking. For example, the following expression selects 1000 rows in the substitution table, DATA_MASK.DATA_MASK_ADDR. It masks %ZIPCODE% with the MASK_ZIPCODE column in the substitution table. The row selected depends on ora_hash and is deterministic in this case. Selection is random if dbms_random procedures are used.
select MASK_ZIPCODE from DATA_MASK.DATA_MASK_ADDR where ADDR_SEQ = ora_hash( %ZIPCODE% , 1000, 1234)
Substring
Purpose The Substring masking format extracts a portion of the original column value, and uses that to replace the original value. This masking format is similar to the SUBSTR database function.
Inputs • Start Position: The starting position in the original string from where the substring should be extracted. The start position can be either a positive or a negative integer. If the start position is negative, the counting starts from the end of the string. • Length: The number of characters that you want in the substring. It should be an integer and greater than zero.
Supported Data Types • Character
8-28 Chapter 8 Basic Masking Formats
Characteristics • Combinable: Yes • Deterministic: Yes • Reversible: No • Uniqueness: No
Example Suppose an original column value is abcd. A substring with a start position of 2 and length of 3 generates a masked string of bcd. A substring with start position of -2 and length of 3 generates a masked string of cd. Truncate Data
Purpose The Truncate Data masking format drops all the rows in a table. If one of the columns in a table is masked using Truncate Data, the entire table is truncated, so no other masking format can be used for any of the other columns in that table. If a table is being truncated, it cannot be referred to by a foreign key constraint or a dependent column.
Inputs • No inputs are required.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: No • Deterministic: Does not apply • Reversible: Does not apply • Uniqueness: Does not apply
Example Suppose that you want to mask ten tables in a database schema. In one of the tables, all the columns contain highly sensitive data, and therefore, you do not want to share this table. You can use the Truncate Data masking format to drop all the rows in this table.
8-29 Chapter 8 Basic Masking Formats
User Defined Function
Purpose The User Defined Function masking format lets you define your own logic to mask column data. The return value of the user-defined function is used to replace the original values. The user-defined function is a PL/SQL function that can be invoked in a SELECT statement.
Inputs • Package Name: The name of the database package • Function Name: The name of the database function The database function has a fixed signature:
function udf_func (rowid varchar2, column_name varchar2, original_value varchar2) return varchar2;
where: • rowid is the row identifier of the row containing the value to be masked. • column_name is the name of the column to be masked. • original_value is the column value to be masked.
Supported Data Types • Character • Numeric • Date
Characteristics • Combinable: Yes • Deterministic: Yes, depending on the function defined • Reversible: No • Uniqueness: Yes, depending on the function defined
Example Suppose you create a user-defined function to mask string values. To create the user-defined function, you might use the following code to randomize the string values. This example is simple, however you can write more complex code to suit your business use case.
CREATE OR REPLACE FUNCTION change_value (rowid varchar2, column_name varchar2, mask_value varchar2) RETURN varchar2 IS
8-30 Chapter 8 Regular Expressions
BEGIN RETURN DBMS_RANDOM.STRING(©A©,8); END;
Regular Expressions
You can use regular expressions to describe a set of strings based on common characteristics shared by each string in the set. A regular expression is basically a sequence of characters that defines a search pattern, which is used for pattern matching. Regular expressions vary in complexity, but once you understand the basics of how they are constructed, you can decipher or create any regular expression.
String Literals The most basic form of pattern matching is the match of a string literal. For example, if the regular expression is EMP and the input string is EMP, the match succeeds because the strings are identical. This regular expression also matches any string containing EMP, such as EMPLOYEE, TEMP, and TEMPERATURE.
Metacharacters You can also use some special characters that affect the way a pattern is matched. One of the most common ones is the dot (.) symbol, which matches any character. For example, EMPLOYEE.ID matches EMPLOYEE_ID and EMPLOYEE-ID, but not EMPLOYEE_VERIFICATION_ID. Here, the dot is a metacharacter — a character with special meaning interpreted by the matcher. Some other metacharacters are: ^ $ ? + * \ - [ ] ( ) { }.
If you want a metacharacter to be treated literally (as an ordinary character), you can use a backslash (\) to escape it. For example, the regular expression 9\+9 matches 9+9.
Character Classes A character class is a set of characters enclosed within square brackets. It specifies the characters that successfully match a single character from a given input string. The following table describes some common regular expression constructs.
Construct Description [abc] Matches one of the characters mentioned within square brackets. Example: EMPLOYE[ER] matches EMPLOYEE and EMPLOYER. [^abc] Matches any character except the ones mentioned within square brackets. Example: [^BC]AT matches RAT and HAT, but does not match BAT and CAT. [A-Z0-9] Matches any character in the range mentioned within square brackets. To specify a range, simply insert the dash metacharacter "-" between the first and last character to be matched; for example, [1-5] or [A-M]. You can also place different ranges beside each other within the class to further expand the match possibilities. Example: [B-F]AT matches BAT, CAT, DAT, EAT, and FAT, but does not match AAT and GAT.
8-31 Chapter 8 Regular Expressions
Oracle Data Safe also supports predefined character classes.
Capturing Groups You can use capturing groups to treat multiple characters as a single unit. A capturing group is created by placing the characters to be grouped inside a set of parentheses. For example, the regular expression (SSN) creates a single group containing the letters S, S, and N.
Quantifiers You can use quantifiers to specify the number of occurrences to match against. The following table describes some common quantifiers.
Quantifier Description X? Matches zero or one occurrence of the specified character or group of characters. Example: SSN_NUMBERS? matches strings SSN_NUMBER and SSN_NUMBERS. X* Matches zero or more occurrences of the specified character or group of characters. Example: TERM.*DATE matches strings like TERMDATE, TERM_DATE and LAST_TERMINATION_DATE. X+ Matches one or more occurrences of the specified character or group of characters. Example: TERM.+DATE matches strings like TERM_DATE and TERMINATION_DATE, but not TERMDATE. X{n} Matches the specified character or group of characters exactly n times. Example: 9{3} matches 999, but not 99. X{n,} Matches the specified character or group of characters at least n times. Example: 9{3,} matches 999, 9999, and 99999, but not 99. X{n,m} Matches the specified character or group of characters at least n times but not more than m times. Example: 9{3,4} matches 999 and 9999, but not 99.
You can also use quantifiers with character classes and capturing groups. An example of regular expression using character class is SSN[0-9]+, which matches strings like SSN0, SSN1, and SSN12. Here, [0-9] is a character class and is allowed one or more times. The regular expression does not match SSN.
An example of regular expression using capturing group is SSN_NUM(BER)?, which matches SSN_NUM and SSN_NUMBER. (BER) is a capturing group and is allowed zero or one time.
Boundary Matchers You can use boundary matchers to make pattern matching more precise by specifying where in the string the match should take place. For example, you might be interested in finding a particular word, but only if it appears at the beginning or end of an input string. The following table describes common boundary matchers.
8-32 Chapter 8 Introduction to Oracle Data Safe Video Script
Boundary Description Construct ^ Matches the specified character or group of characters at the beginning of a string (starts with search). Example: ^VISA matches strings beginning with VISA. $ Matches the specified character or group of characters at the end of a string (ends with search). Example: NUMBER$ matches strings ending with NUMBER. \b Marks a word boundary. Matches the character or group of characters specified between a pair of \b only if it is a separate word (as opposed to substring within a longer string). Example: \bAGE\b matches strings like EMPLOYEE AGE and PATIENT AGE INFORMATION, but does not match strings like AGEING and EMPLOYEEAGE.
If no boundary matcher is specified, a contains search is performed. For example, ELECTORAL matches strings containing ELECTORAL, such as ELECTORAL_ID, ID_ELECTORAL, and ELECTORALID.
An exact match search can be performed by using ^ and $ together. For example, ^ADDRESS$ searches for the exact string ADDRESS. It matches the string ADDRESS, but does not match strings like PRIMARY_ADDRESS and ADDRESS_HOME.
Logical Operators If you want to match any one of the characters or group of characters separated by pipe, you can use the pipe or vertical bar character (|) . For example, EMPLOY(EE|ER)_ID matches EMPLOYEE_ID and EMPLOYER_ID.
Examples ^JOB.*(TITLE|PROFILE|POSITION)$ matches strings beginning with JOB, followed by zero or more occurrences of any character, and ending with TITLE, PROFILE, or POSITION.
^[A-Z]{3}[0-9]{2}[A-Z0-9]$ matches strings beginning with three letters, followed by two digits, and ending with a letter or digit. BIRTH.?(COUNTRY|PLACE)|(COUNTRY|PLACE).*BIRTH matches strings such as BIRTH COUNTRY, PATIENT_BIRTH_PLACE, PLACE_OF_BIRTH, and EMPLOYEE©S COUNTRY OF BIRTH.
Related Information • Regular Expressions • Boundary Matchers • Quantifiers • Capturing Groups • Predefined Character Classes • Character Classes Introduction to Oracle Data Safe Video Script
This is the script for the Introduction to Oracle Data Safe video.
8-33 Chapter 8 Introduction to Oracle Data Safe Video Script
You can watch the video here: https://www.youtube.com/watch?v=wU-M5BlU0po.
Introduction Organizations rely on databases to manage their most critical asset – the data. But if not well protected, this data could become their biggest liability. According to industry reports, almost one third of the attacks are performed by internal actors, and over half of internal attacks are on databases. Sensitive data, such as personally identifiable information, personal financial information, and personal healthcare information, make databases attractive targets for hackers and even insiders, who are looking to steal data for monetary, strategic, or personal reasons, or just to disrupt business. Furthermore, by law, organizations must comply with Data Protection Regulations, such as the European Union’s General Data Protection Regulation (GDPR), Payment Card Industry's Data Security Standard (PCI DSS), Sarbanes Oxley (SOX), and many such data protection laws across the globe. Hackers try to exploit weaknesses in user credentials, applications, and database configurations in both production and non-production databases. How do you manage against a legion of attackers who have all the infrastructure, the tools, and the time, when you don’t? Oracle provides top-in-class security for the computing infrastructure of its cloud databases, including encryption by default, separation of duty, and proactive security patching. But organizations need to further secure their databases by understanding their own data, their own users, and their configurations. Introducing Oracle Data Safe, a fully integrated cloud service that helps you secure your data and address compliance requirements. With Data Safe, you can assess the security of your database configurations, find your sensitive data, mask that data in development and test environments, discover the risks associated with database users, and monitor database activity - all from a single, easy-to-use management console.
Secure Your Cloud Databases Poor database configurations, such as weak password policies, insufficient control of over-privileged accounts, and lack of activity monitoring, are the most common causes of vulnerabilities. In Oracle Data Safe, Security Assessment analyzes your database configurations, user information, and security controls. It generates a report that helps you understand the potential risks. At a glance, you get an overall picture of your database security status. The report also highlights remediation steps and findings related to GDPR (General Data Protection Regulation), CIS (Center for Internet Security), and STIG (Security Technical Implementation Guide), making it easier for you to identify the required security controls.
Find Your Sensitive Data Protecting sensitive data begins with knowing what sensitive data you have and where it’s located. In Oracle Data Safe, Data Discovery inspects the actual data and the Database Dictionary to find sensitive data. It can show you sample data for your validation. Data Discovery includes a comprehensive and extensible library of sensitive types, which are grouped by identification, biographic, IT, financial, healthcare, employment, and academic information. Data Discovery creates a report that shows you details about your sensitive data. At the top, you can view totals about your sensitive data and drill down into a chart to view breakdowns of sensitive types. The table summarizes the different sensitive types
8-34 Chapter 8 Introduction to Oracle Data Safe Video Script and estimated rows for each sensitive type. You can also view the actual column names and sample data.
Mask Sensitive Data for Development and Test Environments For many applications, organizations may need to create several copies of production data to support development and test activities. If you simply copy your production data as is, your sensitive data becomes exposed to new users, increasing your attack surface. For better security, database copies should have sensitive data replaced with realistic, but fictitious, data so that even if attackers succeed in gaining access to the data, they cannot benefit from the fake masked data. In Oracle Data Safe, Data Masking simplifies the job of masking data with over 50 predefined masking formats. For example, you can shuffle the data in a column, replace data with random dates, and substitute phone numbers with generic ones. You can also create your own masks.
Understand User Risks Many questions need to be answered to understand user risks. Which database accounts have powerful roles, like Database Administrator, Database Vault Administrator, or Audit Administrator? Who all can make changes that seriously impact the system, access sensitive data, and grant access to unauthorized users? Are some user accounts at risk of being taken over by attackers because passwords haven’t been changed in a long time? In Data Safe, User Assessment answers these questions and more to help you identify your high risk users. Administrators can then deploy with appropriate security controls and policies to ensure the ongoing security of the databases.
Monitor Database Activity You entrust your databases to your database administrators, account owners, and end users. However, it’s important to monitor database activity regularly because accounts are always at risk for being hacked or misused. Activity Auditing allows you to provision and enable audit policies on your cloud databases so you can enable pre-configured policies to monitor sensitive database changes, administrator and user activities, activities recommended by the Center for Internet Security, and activities defined by your own organization. As your audit data is generated, Activity Auditing will automatically pull your audit data into the Oracle Data Safe database. Activity Auditing provides a wide range of interactive audit reports, including the All Activity report, which is a comprehensive report that contains every audited activity. Other reports focus on specific areas, such as admin activity, user and entitlement changes, audit policy changes, login activity, data access, data modification, and database schema changes. You can also download a report as a spreadsheet or PDF file, which is very useful for compliance reporting. It’s also important to be alerted on certain database activities as they occur, for example, when database parameters or audit policies change, when an administrative user login fails, when users are created or deleted, or when user entitlements change. The All Alerts report summarizes all the alerts that have been raised, including How severe is the risk? Who did what? On which database? When?
Conclusion Safeguarding your data just got a whole lot easier. With Oracle Data Safe, it’s fast and easy to assess your database configurations, discover sensitive data, mask sensitive data in your non-production databases, assess users, and monitor database activity.
8-35 Chapter 8 Service Limits
Oracle Data Safe. Ensure your critical data assets do not become a liability. To learn more, visit www.oracle.com/database/technologies/security/data-safe.html. Service Limits
Oracle Data Safe has usage and service activation limits.
Usage Limits Usage limits are as follows: • The combined number of security assessment, user assessment, data discovery, data masking, and audit report jobs that you can run is limited to 1000 jobs per month per target database. If you exceed this limit, you cannot run any additional jobs for the remainder of the month. You can, however, still access the Oracle Data Safe Console and view existing reports. • Up to 1 million audit records per month per target database are included in Oracle Data Safe at no additional cost. If you exceed this limit, you may be charged for audit records over the limit. It depends on your settings in the Oracle Data Safe Console. See Collect Audit Data Beyond the Free Limit. • Audit records generated by the Oracle Data Safe service user are not counted towards the monthly quota. • Audit records are retained for up to twelve months after which they are automatically deleted. • You can retrieve up to twelve months of audit data from the archive if archiving is configured for your target database. • You can retrieve audit data from the archive up to six times per month per target database.
Free Trial During a free trial, the following additional limits apply: • You can register up to one paid on-premises Oracle Database or one paid Oracle Database on a compute instance. • You can create up to two Oracle Data Safe private endpoints. • You can create one Oracle Data Safe on-premises connector. For more information about using Oracle Data Safe during a free trial, see Try Oracle Data Safe for Free.
Service Activation If you have a paid Oracle Cloud Infrastructure account or have signed up for a free trial, you may enable Oracle Data Safe within Oracle Cloud Infrastructure.
8-36