data masking on ebs 12.1.3 with enterprise manager … · we have followed the above document to...

Mohamed Azar http://mohamedazar.com

DATA MASKING on EBS 12.1.3 with Enterprise Manager 12.1.0.5

Mohamed Azar

DBA


Oracle E-Business Suite Data Masking Pack, Release 12.1.3 with Oracle Enterprise

Manager 12.1 (Doc ID 1481916.1)

We have followed the above document to perform data masking in EBS 12.1.3 with EM 12c in

cloned environment.

You should read and understand all content described in document before you begin.

EBS version : 12.1.3

DB version : 12.1.0.2

Note : if DB version is 11.2.0.2 then upgrade the database to 11.2.0.3 or higher version.

To find exempt user for masking

SQL> select fu.user_id, fu.user_name

from applsys.fnd_user fu

where fu.user_id < 1000

order by fu.user_id; 2 3 4

USER_ID USER_NAME

---------- ------------------------------

-1 ANONYMOUS

0 SYSADMIN

1 AUTOINSTALL

2 INITIAL SETUP

3 FEEDER SYSTEM

4 CONCURRENT MANAGER

5 APPSMGR

6 GUEST

7 WIZARD

8 INDUSTRY DATA

120 ORACLE12.0.0


USER_ID USER_NAME

---------- ------------------------------

121 ORACLE12.1.0

122 ORACLE12.2.0

123 ORACLE12.3.0

124 ORACLE12.4.0

125 ORACLE12.5.0

126 ORACLE12.6.0

127 ORACLE12.7.0

128 ORACLE12.8.0

129 ORACLE12.9.0

20 rows selected.

The Oracle E-Business Suite Template for the Data Masking Pack is delivered as an XML

template and some PL/SQL initialization scripts. These files are delivered via a zip file as

Oracle E-Business Suite Patch 22868240.

SQL> select OWNER from all_tables where TABLE_NAME = 'JE_ES_MODELO_190_ALL';

OWNER

------------------------------

JE

Enterprise manager 12.1.0.5 installation

You can read the below document before proceeding the EM installation.

http://docs.oracle.com/cd/E24628_01/install.121/e22624/install_em_exist_db.htm#EMBSC166

Before Enterprise manager installation, you should install database 12.1.0.2 software and create the

repository database with preconfigured template for EM 12.1.0.5.

https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?parent=DOCUMENT&sourceId=1481916.1&patchId=22868240

http://docs.oracle.com/cd/E24628_01/install.121/e22624/install_em_exist_db.htm#EMBSC166


http://docs.oracle.com/cd/E24628_01/install.121/e22624/appdx_seed_db_template.htm#EMBSC24

2




Weblogic pwd : weblogic123

Nodemanager pwd : AceGroup123


URL : https://hrms-10-1-xxx-xx.xxxx-ins.com:7799/em/

https://hrms-10-1-xxx-xx.xxxx-ins.com:7799/em/


Grid Agent Installation

Grid Agent installation on the server where in Database to be monitored.

Login into Enterprise manager console.

Click Add


Click Deploy Agent


Prepare the Database

SQL> GRANT INHERIT PRIVILEGES ON USER system TO apps;

Grant succeeded.

DATA MASKING preparation

Pre Generate for Data masking :

SQL> select count(*) "nInvalidBefore", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"

from DBA_OBJECTS where STATUS = 'INVALID'

/ 2 3


nInvalidBefore TimeStamp

-------------- -------------------

63 2017-05-25 15:23:45

SQL> exec sys.utl_recomp.recomp_parallel;

PL/SQL procedure successfully completed.

SQL> select count(*) "nInvalidAfter", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"


/ 2 3

nInvalidAfter TimeStamp

------------- -------------------

63 2017-05-25 15:23:58

Rerun these two SQL statements until the results from the first statement, which selects the

count of invalids, remains the same.

Unzip the patch 22868240..

[orauat@hrms-10-1-xxx-xx EBSMaskingPack1.1.4]$ pwd

/u01/EBSMASK/datamasking/patches/EBSMaskingPack1.1.4

[orauat@hrms-10-1-xxx-x EBSMaskingPack1.1.4]$ ls -ltr

total 1836

-rw-r--r-- 1 orauat oinstall 1275 Apr 5 2012 fndusmaexcr.sql

-rw-r--r-- 1 orauat oinstall 1486 Apr 15 2012 ebs_post_generate.sql

-rw-r--r-- 1 orauat oinstall 3822 May 18 2012 fndusmaexpo.sql

-rw-r--r-- 1 orauat oinstall 751 Oct 26 2012 ebs_populate_synonyms.sql

-rw-r--r-- 1 orauat oinstall 22786 Apr 25 2013 ebs_pre_generate.sql

-rw-r--r-- 1 orauat oinstall 401 Mar 25 2014 README.txt

-rw-r--r-- 1 orauat oinstall 261105 Mar 2 2016 ADM_EBS12.1.3_JG_V1.1.4_EM_12.1_Template.xml


-rw-r--r-- 1 orauat oinstall 261130 Mar 2 2016 ADM_EBS12.1.3_V1.1.4_EM_12.1_Template.xml

-rw-r--r-- 1 orauat oinstall 622710 Mar 3 2016 Mask_EBS12.1.3_V1.1.4_EM_12.1_Template.xml

-rw-r--r-- 1 orauat oinstall 622733 Mar 3 2016 Mask_EBS12.1.3_JG_V1.1.4_EM_12.1_Template.xml

SQL> select count(*) "nInvalidBefore", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"


/ 2 3

nInvalidBefore TimeStamp

-------------- -------------------

63 2017-05-25 15:23:45

SQL> exec sys.utl_recomp.recomp_parallel;


SQL> select count(*) "nInvalidAfter", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"


/ 2 3

nInvalidAfter TimeStamp

------------- -------------------

63 2017-05-25 15:23:58

SQL> show user

USER is "SYSTEM"

SQL> @fndusmaexcr.sql

EBS drop table - FND_USER_MASKING_EXEMPTIONS

Table or view does not exist, continuing


Table created.

20 rows created.

Commit complete.


SQL> select user_id,current_name from FND_USER_MASKING_EXEMPTIONS;

USER_ID CURRENT_NAME

---------- ------------------------------

-1 ANONYMOUS

5 APPSMGR

1 AUTOINSTALL

4 CONCURRENT MANAGER

3 FEEDER SYSTEM

6 GUEST

8 INDUSTRY DATA

2 INITIAL SETUP

120 ORACLE12.0.0

121 ORACLE12.1.0

122 ORACLE12.2.0

USER_ID CURRENT_NAME

---------- ------------------------------

123 ORACLE12.3.0

124 ORACLE12.4.0

125 ORACLE12.5.0

126 ORACLE12.6.0

127 ORACLE12.7.0

128 ORACLE12.8.0

129 ORACLE12.9.0

0 SYSADMIN

7 WIZARD

20 rows selected.


SQL> @ebs_pre_generate.sql

Procedure created.

EBS drop table - map_scl_dk


EBS drop table - map_scl_nl_1










EBS drop table - map_scl_fi


EBS drop table - map_pea_gb


EBS drop table - map_pea_za


EBS drop table - ni_mask


EBS drop table - PER_ALL_PEOPLE_F_BKUP


EBS drop table - HR_SOFT_CODING_BKUP


EBS drop table - PAY_EXTRAL_ACCOUNTS_BKUP


EBS drop table - PER_ADDRESSES_BKUP



EBS drop table - BEN_TRANSACTION_BKUP



Table created.

Table created.

Table created.

Table created.

Table created.

Table created.

Table created.

Table created.

Table created.

Table created.

Index created.

Table created.

Table created.

Table created.

Table created.

Table created.

Function created.

Generate Masking

Import XML ADM template. (goto Action tab and import)

Template : ADM_EBS12.1.3_V1.1.4_EM_12.1_Template.xml (template file chosen from the patch

22868240)


Make verify ADM with source database

Execute from sys user.

SQL> grant Create Any Procedure to apps;

Grant succeeded.

SQL> grant Grant Any Object Privilege to apps;

Grant succeeded.

SQL> grant Execute Any Procedure to apps;

Grant succeeded.


Import xml masking template. (template file chosen from the patch 22868240)

Template : Mask_EBS12.1.3_V1.1.4_EM_12.1_Template.xml


Generate the script as system user.

It may take few hours to complete generation script. Once finish verify the log and save the masking

script. (Action – save script)

Using the Data Masking Template (Not mandatory , Advised by Oracle support)

Oracle recommends to change the credentials in the cloned database. Here I have not changed credentials because if require we can change later on.

Appendix C of the "Secure Configuration Guide for Oracle E-Business Suite Release 12", Document 403537.1.

https://support.oracle.com/epmos/faces/DocumentDisplay?parent=DOCUMENT&sourceId=1481916.1&id=403537.1


Execute Masking

- Ensure system and temp tablespace having sufficient space.

- Installing dm_fmtlib package as system user. Refer the below link.

https://docs.oracle.com/database/121/RATUG/GUID-49ABFF59-1776-4798-A866-CA73D5103045.htm

- Run the fndusmaexcr.sql script as the SYSTEM user.

SQL> show user

USER is "SYSTEM"

SQL> @fndusmaexcr.sql

EBS drop table - FND_USER_MASKING_EXEMPTIONS


Table created.

20 rows created.

Commit complete.

SQL> select count(1) from FND_USER_MASKING_EXEMPTIONS;

COUNT(1)

20

- Execute below from sys user.

SQL> grant execute on DBMS_CRYPTO to SYSTEM;

Grant succeeded.

Shutdown the Application.

Within the data masking console in Oracle Enterprise Manager, run the mask for the script generated above using the SYSTEM user. Check "The selected target is not a production database" option on the schedule masking job page. ( correction : host user with normal and not with sudo privileges)




Compile the objects.

select count(*) "nInvalidBefore", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"


/

exec sys.utl_recomp.recomp_parallel;

select count(*) "nInvalidAfter", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"


/


Start the Applications.

The data is changed after data masking over.

SQL> select user_name,email_address from fnd_user;

USER_NAME EMAIL_ADDRESS

------------------------------ ------------------------------------------------------------

NZMBWDVQAK [email protected]

EEMXBAWEIS [email protected]

AWCMBCRXBQ [email protected]

MKDLKZJAKT [email protected]

WNEDLOSWDS [email protected]

MTGZXNDQGU [email protected]

PIWOYGGKRW [email protected]

JSFKVWAPCR [email protected]

OJSHDVVGIU [email protected]

MKVWJLFLCE [email protected]

RGWRPRPCJD

USER_NAME EMAIL_ADDRESS

------------------------------ ------------------------------------------------------------

AMPGTKJALR [email protected]

OFUXGKEZAE [email protected]

GJWNCLZAHN


WTTGLKCBEV [email protected]

PRNCRLUROM [email protected]

YONBAIXPEW [email protected]

VSXEYWFLVG [email protected]

data masking on ebs 12.1.3 with enterprise manager … · we have followed the above document to...

Documents