DATA MASKING on EBS 12.1.3 with Enterprise Manager 12.1.0.5 DBA
Oracle E-Business Suite Data Masking Pack, Release 12.1.3 with Oracle Enterprise Manager 12.1 (Doc ID 1481916.1) We have followed the above document to perform data masking in EBS 12.1.3 with EM 12c in cloned environment. You should read and understand all content described in document before you begin. EBS version : 12.1.3 DB version : 12.1.0.2 Note : if DB version is 11.2.0.2 then upgrade the database to 11.2.0.3 or higher version. To find exempt user for masking SQL> select fu.user_id, fu.user_name from applsys.fnd_user fu where fu.user_id < 1000 order by fu.user_id; 2 3 4 USER_ID USER_NAME ---------- ------------------------------ -1 ANONYMOUS 0 SYSADMIN 1 AUTOINSTALL 2 INITIAL SETUP 3 FEEDER SYSTEM 4 CONCURRENT MANAGER 5 APPSMGR 6 GUEST 7 WIZARD 8 INDUSTRY DATA 120 ORACLE12.0.0
USER_ID USER_NAME ---------- ------------------------------ 121 ORACLE12.1.0 122 ORACLE12.2.0 123 ORACLE12.3.0 124 ORACLE12.4.0 125 ORACLE12.5.0 126 ORACLE12.6.0 127 ORACLE12.7.0 128 ORACLE12.8.0 129 ORACLE12.9.0 20 rows selected. The Oracle E-Business Suite Template for the Data Masking Pack is delivered as an XML template and some PL/SQL initialization scripts. These files are delivered via a zip file as Oracle E-Business Suite Patch 22868240. SQL> select OWNER from all_tables where TABLE_NAME = 'JE_ES_MODELO_190_ALL'; OWNER ------------------------------ JE Enterprise manager 12.1.0.5 installation You can read the below document before proceeding the EM installation. http://docs.oracle.com/cd/e24628_01/install.121/e22624/install_em_exist_db.htm#embsc166 Before Enterprise manager installation, you should install database 12.1.0.2 software and create the repository database with preconfigured template for EM 12.1.0.5.
http://docs.oracle.com/cd/e24628_01/install.121/e22624/appdx_seed_db_template.htm#embsc24 2
Weblogic pwd : weblogic123 Nodemanager pwd : AceGroup123
URL : https://hrms-10-1-xxx-xx.xxxx-ins.com:7799/em/
Grid Agent Installation Grid Agent installation on the server where in Database to be monitored. Login into Enterprise manager console. Click Add
Click Deploy Agent
Prepare the Database SQL> GRANT INHERIT PRIVILEGES ON USER system TO apps; Grant succeeded. DATA MASKING preparation Pre Generate for Data masking : SQL> select count(*) "ninvalidbefore", to_char(sysdate,'yyyy-mm-dd HH24:MI:SS') "TimeStamp" from DBA_OBJECTS where STATUS = 'INVALID' / 2 3
ninvalidbefore TimeStamp -------------- ------------------- 63 2017-05-25 15:23:45 SQL> exec sys.utl_recomp.recomp_parallel; PL/SQL procedure successfully completed. SQL> select count(*) "ninvalidafter", to_char(sysdate,'yyyy-mm-dd HH24:MI:SS') "TimeStamp" from DBA_OBJECTS where STATUS = 'INVALID' / 2 3 ninvalidafter TimeStamp ------------- ------------------- 63 2017-05-25 15:23:58 Rerun these two SQL statements until the results from the first statement, which selects the count of invalids, remains the same. Unzip the patch 22868240.. [orauat@hrms-10-1-xxx-xx EBSMaskingPack1.1.4]$ pwd /u01/ebsmask/datamasking/patches/ebsmaskingpack1.1.4 [orauat@hrms-10-1-xxx-x EBSMaskingPack1.1.4]$ ls -ltr total 1836 -rw-r--r-- 1 orauat oinstall 1275 Apr 5 2012 fndusmaexcr.sql -rw-r--r-- 1 orauat oinstall 1486 Apr 15 2012 ebs_post_generate.sql -rw-r--r-- 1 orauat oinstall 3822 May 18 2012 fndusmaexpo.sql -rw-r--r-- 1 orauat oinstall 751 Oct 26 2012 ebs_populate_synonyms.sql -rw-r--r-- 1 orauat oinstall 22786 Apr 25 2013 ebs_pre_generate.sql -rw-r--r-- 1 orauat oinstall 401 Mar 25 2014 README.txt -rw-r--r-- 1 orauat oinstall 261105 Mar 2 2016 ADM_EBS12.1.3_JG_V1.1.4_EM_12.1_Template.xml
-rw-r--r-- 1 orauat oinstall 261130 Mar 2 2016 ADM_EBS12.1.3_V1.1.4_EM_12.1_Template.xml -rw-r--r-- 1 orauat oinstall 622710 Mar 3 2016 Mask_EBS12.1.3_V1.1.4_EM_12.1_Template.xml -rw-r--r-- 1 orauat oinstall 622733 Mar 3 2016 Mask_EBS12.1.3_JG_V1.1.4_EM_12.1_Template.xml SQL> select count(*) "ninvalidbefore", to_char(sysdate,'yyyy-mm-dd HH24:MI:SS') "TimeStamp" from DBA_OBJECTS where STATUS = 'INVALID' / 2 3 ninvalidbefore TimeStamp -------------- ------------------- 63 2017-05-25 15:23:45 SQL> exec sys.utl_recomp.recomp_parallel; PL/SQL procedure successfully completed. SQL> select count(*) "ninvalidafter", to_char(sysdate,'yyyy-mm-dd HH24:MI:SS') "TimeStamp" from DBA_OBJECTS where STATUS = 'INVALID' / 2 3 ninvalidafter TimeStamp ------------- ------------------- 63 2017-05-25 15:23:58 SQL> show user USER is "SYSTEM" SQL> @fndusmaexcr.sql EBS drop table - FND_USER_MASKING_EXEMPTIONS Table or view does not exist, continuing PL/SQL procedure successfully completed. 20 rows created. Commit complete.
SQL> select user_id,current_name from FND_USER_MASKING_EXEMPTIONS; USER_ID CURRENT_NAME ---------- ------------------------------ -1 ANONYMOUS 5 APPSMGR 1 AUTOINSTALL 4 CONCURRENT MANAGER 3 FEEDER SYSTEM 6 GUEST 8 INDUSTRY DATA 2 INITIAL SETUP 120 ORACLE12.0.0 121 ORACLE12.1.0 122 ORACLE12.2.0 USER_ID CURRENT_NAME ---------- ------------------------------ 123 ORACLE12.3.0 124 ORACLE12.4.0 125 ORACLE12.5.0 126 ORACLE12.6.0 127 ORACLE12.7.0 128 ORACLE12.8.0 129 ORACLE12.9.0 0 SYSADMIN 7 WIZARD 20 rows selected.
SQL> @ebs_pre_generate.sql Procedure created. EBS drop table - map_scl_dk Table or view does not exist, continuing EBS drop table - map_scl_nl_1 Table or view does not exist, continuing EBS drop table - map_scl_nl_2 Table or view does not exist, continuing EBS drop table - map_scl_nl_3 Table or view does not exist, continuing EBS drop table - map_scl_nl_4 Table or view does not exist, continuing EBS drop table - map_scl_nl_5 Table or view does not exist, continuing EBS drop table - map_scl_fi Table or view does not exist, continuing EBS drop table - map_pea_gb Table or view does not exist, continuing EBS drop table - map_pea_za Table or view does not exist, continuing EBS drop table - ni_mask Table or view does not exist, continuing EBS drop table - PER_ALL_PEOPLE_F_BKUP Table or view does not exist, continuing EBS drop table - HR_SOFT_CODING_BKUP Table or view does not exist, continuing EBS drop table - PAY_EXTRAL_ACCOUNTS_BKUP Table or view does not exist, continuing EBS drop table - PER_ADDRESSES_BKUP
Table or view does not exist, continuing EBS drop table - BEN_TRANSACTION_BKUP Table or view does not exist, continuing PL/SQL procedure successfully completed. Index created. Function created. Generate Masking Import XML ADM template. (goto Action tab and import) Template : ADM_EBS12.1.3_V1.1.4_EM_12.1_Template.xml (template file chosen from the patch 22868240)
Make verify ADM with source database Execute from sys user. SQL> grant Create Any Procedure to apps; Grant succeeded. SQL> grant Grant Any Object Privilege to apps; Grant succeeded. SQL> grant Execute Any Procedure to apps; Grant succeeded.
Import xml masking template. (template file chosen from the patch 22868240) Template : Mask_EBS12.1.3_V1.1.4_EM_12.1_Template.xml
Generate the script as system user. It may take few hours to complete generation script. Once finish verify the log and save the masking script. (Action save script) Using the Data Masking Template (Not mandatory, Advised by Oracle support) Oracle recommends to change the credentials in the cloned database. Here I have not changed credentials because if require we can change later on. Appendix C of the "Secure Configuration Guide for Oracle E-Business Suite Release 12", Document 403537.1.
Execute Masking - Ensure system and temp tablespace having sufficient space. - Installing dm_fmtlib package as system user. Refer the below link. https://docs.oracle.com/database/121/ratug/guid-49abff59-1776-4798-a866- CA73D5103045.htm - Run the fndusmaexcr.sql script as the SYSTEM user. SQL> show user USER is "SYSTEM" SQL> @fndusmaexcr.sql EBS drop table - FND_USER_MASKING_EXEMPTIONS PL/SQL procedure successfully completed. 20 rows created. Commit complete. SQL> select count(1) from FND_USER_MASKING_EXEMPTIONS; COUNT(1) 20 - Execute below from sys user. SQL> grant execute on DBMS_CRYPTO to SYSTEM; Grant succeeded. Shutdown the Application. Within the data masking console in Oracle Enterprise Manager, run the mask for the script generated above using the SYSTEM user. Check "The selected target is not a production database" option on the schedule masking job page. ( correction : host user with normal and not with sudo privileges)
Compile the objects. select count(*) "ninvalidbefore", to_char(sysdate,'yyyy-mm-dd HH24:MI:SS') "TimeStamp" from DBA_OBJECTS where STATUS = 'INVALID' / exec sys.utl_recomp.recomp_parallel; select count(*) "ninvalidafter", to_char(sysdate,'yyyy-mm-dd HH24:MI:SS') "TimeStamp" from DBA_OBJECTS where STATUS = 'INVALID' /
Start the Applications. The data is changed after data masking over. SQL> select user_name,email_address from fnd_user; USER_NAME EMAIL_ADDRESS ------------------------------ ------------------------------------------------------------ NZMBWDVQAK EEMXBAWEIS AWCMBCRXBQ MKDLKZJAKT WNEDLOSWDS MTGZXNDQGU PIWOYGGKRW JSFKVWAPCR OJSHDVVGIU MKVWJLFLCE aaauxehuii.aaaaaahayd@example.com aaaaaaaaat.aaaaaaeabe@example.com aaaaaaaads.aaaartkayf@example.com aaaaaaaaaz.aaaxigsamg@example.com aaaaaaaxyf.aaaaykmabh@example.com aaydwwtjko.aczgilnaih@example.com alipzjtogj.aaaggdmabi@example.com aaaalmwakz.aaaaaasani@example.com aaaaaaaaaz.aaaaaalagj@example.com aaaaaaaanj.aaaaoosawn@example.com RGWRPRPCJD USER_NAME EMAIL_ADDRESS ------------------------------ ------------------------------------------------------------ AMPGTKJALR OFUXGKEZAE aaaazmlajc.atqlqblafj@example.com aaaaaaaqmr.aaatssfarv@example.com GJWNCLZAHN
WTTGLKCBEV PRNCRLUROM YONBAIXPEW VSXEYWFLVG aaaaaaazej.axrgizinec@example.com aaaaaaaami.aaaaapbtfc@example.com aaaaaawgny.aaajlqgvfc@example.com aakyzsgdtu.aaaaaofwfc@example.com