Date post: | 06-Jul-2018 |
Category: |
Documents |
Upload: | nguyendieu |
View: | 224 times |
Download: | 0 times |
Mohamed Azar http://mohamedazar.com
DATA MASKING on EBS 12.1.3 with Enterprise Manager 12.1.0.5
Mohamed Azar
DBA
Mohamed Azar http://mohamedazar.com
Oracle E-Business Suite Data Masking Pack, Release 12.1.3 with Oracle Enterprise
Manager 12.1 (Doc ID 1481916.1)
We have followed the above document to perform data masking in EBS 12.1.3 with EM 12c in
cloned environment.
You should read and understand all content described in document before you begin.
EBS version : 12.1.3
DB version : 12.1.0.2
Note : if DB version is 11.2.0.2 then upgrade the database to 11.2.0.3 or higher version.
To find exempt user for masking
SQL> select fu.user_id, fu.user_name
from applsys.fnd_user fu
where fu.user_id < 1000
order by fu.user_id; 2 3 4
USER_ID USER_NAME
---------- ------------------------------
-1 ANONYMOUS
0 SYSADMIN
1 AUTOINSTALL
2 INITIAL SETUP
3 FEEDER SYSTEM
4 CONCURRENT MANAGER
5 APPSMGR
6 GUEST
7 WIZARD
8 INDUSTRY DATA
120 ORACLE12.0.0
Mohamed Azar http://mohamedazar.com
USER_ID USER_NAME
---------- ------------------------------
121 ORACLE12.1.0
122 ORACLE12.2.0
123 ORACLE12.3.0
124 ORACLE12.4.0
125 ORACLE12.5.0
126 ORACLE12.6.0
127 ORACLE12.7.0
128 ORACLE12.8.0
129 ORACLE12.9.0
20 rows selected.
The Oracle E-Business Suite Template for the Data Masking Pack is delivered as an XML
template and some PL/SQL initialization scripts. These files are delivered via a zip file as
Oracle E-Business Suite Patch 22868240.
SQL> select OWNER from all_tables where TABLE_NAME = 'JE_ES_MODELO_190_ALL';
OWNER
------------------------------
JE
Enterprise manager 12.1.0.5 installation
You can read the below document before proceeding the EM installation.
http://docs.oracle.com/cd/E24628_01/install.121/e22624/install_em_exist_db.htm#EMBSC166
Before Enterprise manager installation, you should install database 12.1.0.2 software and create the
repository database with preconfigured template for EM 12.1.0.5.
Mohamed Azar http://mohamedazar.com
http://docs.oracle.com/cd/E24628_01/install.121/e22624/appdx_seed_db_template.htm#EMBSC24
2
Mohamed Azar http://mohamedazar.com
URL : https://hrms-10-1-xxx-xx.xxxx-ins.com:7799/em/
Mohamed Azar http://mohamedazar.com
Grid Agent Installation
Grid Agent installation on the server where in Database to be monitored.
Login into Enterprise manager console.
Click Add
Mohamed Azar http://mohamedazar.com
Prepare the Database
SQL> GRANT INHERIT PRIVILEGES ON USER system TO apps;
Grant succeeded.
DATA MASKING preparation
Pre Generate for Data masking :
SQL> select count(*) "nInvalidBefore", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"
from DBA_OBJECTS where STATUS = 'INVALID'
/ 2 3
Mohamed Azar http://mohamedazar.com
nInvalidBefore TimeStamp
-------------- -------------------
63 2017-05-25 15:23:45
SQL> exec sys.utl_recomp.recomp_parallel;
PL/SQL procedure successfully completed.
SQL> select count(*) "nInvalidAfter", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"
from DBA_OBJECTS where STATUS = 'INVALID'
/ 2 3
nInvalidAfter TimeStamp
------------- -------------------
63 2017-05-25 15:23:58
Rerun these two SQL statements until the results from the first statement, which selects the
count of invalids, remains the same.
Unzip the patch 22868240..
[orauat@hrms-10-1-xxx-xx EBSMaskingPack1.1.4]$ pwd
/u01/EBSMASK/datamasking/patches/EBSMaskingPack1.1.4
[orauat@hrms-10-1-xxx-x EBSMaskingPack1.1.4]$ ls -ltr
total 1836
-rw-r--r-- 1 orauat oinstall 1275 Apr 5 2012 fndusmaexcr.sql
-rw-r--r-- 1 orauat oinstall 1486 Apr 15 2012 ebs_post_generate.sql
-rw-r--r-- 1 orauat oinstall 3822 May 18 2012 fndusmaexpo.sql
-rw-r--r-- 1 orauat oinstall 751 Oct 26 2012 ebs_populate_synonyms.sql
-rw-r--r-- 1 orauat oinstall 22786 Apr 25 2013 ebs_pre_generate.sql
-rw-r--r-- 1 orauat oinstall 401 Mar 25 2014 README.txt
-rw-r--r-- 1 orauat oinstall 261105 Mar 2 2016 ADM_EBS12.1.3_JG_V1.1.4_EM_12.1_Template.xml
Mohamed Azar http://mohamedazar.com
-rw-r--r-- 1 orauat oinstall 261130 Mar 2 2016 ADM_EBS12.1.3_V1.1.4_EM_12.1_Template.xml
-rw-r--r-- 1 orauat oinstall 622710 Mar 3 2016 Mask_EBS12.1.3_V1.1.4_EM_12.1_Template.xml
-rw-r--r-- 1 orauat oinstall 622733 Mar 3 2016 Mask_EBS12.1.3_JG_V1.1.4_EM_12.1_Template.xml
SQL> select count(*) "nInvalidBefore", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"
from DBA_OBJECTS where STATUS = 'INVALID'
/ 2 3
nInvalidBefore TimeStamp
-------------- -------------------
63 2017-05-25 15:23:45
SQL> exec sys.utl_recomp.recomp_parallel;
PL/SQL procedure successfully completed.
SQL> select count(*) "nInvalidAfter", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"
from DBA_OBJECTS where STATUS = 'INVALID'
/ 2 3
nInvalidAfter TimeStamp
------------- -------------------
63 2017-05-25 15:23:58
SQL> show user
USER is "SYSTEM"
SQL> @fndusmaexcr.sql
EBS drop table - FND_USER_MASKING_EXEMPTIONS
Table or view does not exist, continuing
PL/SQL procedure successfully completed.
Table created.
20 rows created.
Commit complete.
Mohamed Azar http://mohamedazar.com
SQL> select user_id,current_name from FND_USER_MASKING_EXEMPTIONS;
USER_ID CURRENT_NAME
---------- ------------------------------
-1 ANONYMOUS
5 APPSMGR
1 AUTOINSTALL
4 CONCURRENT MANAGER
3 FEEDER SYSTEM
6 GUEST
8 INDUSTRY DATA
2 INITIAL SETUP
120 ORACLE12.0.0
121 ORACLE12.1.0
122 ORACLE12.2.0
USER_ID CURRENT_NAME
---------- ------------------------------
123 ORACLE12.3.0
124 ORACLE12.4.0
125 ORACLE12.5.0
126 ORACLE12.6.0
127 ORACLE12.7.0
128 ORACLE12.8.0
129 ORACLE12.9.0
0 SYSADMIN
7 WIZARD
20 rows selected.
Mohamed Azar http://mohamedazar.com
SQL> @ebs_pre_generate.sql
Procedure created.
EBS drop table - map_scl_dk
Table or view does not exist, continuing
EBS drop table - map_scl_nl_1
Table or view does not exist, continuing
EBS drop table - map_scl_nl_2
Table or view does not exist, continuing
EBS drop table - map_scl_nl_3
Table or view does not exist, continuing
EBS drop table - map_scl_nl_4
Table or view does not exist, continuing
EBS drop table - map_scl_nl_5
Table or view does not exist, continuing
EBS drop table - map_scl_fi
Table or view does not exist, continuing
EBS drop table - map_pea_gb
Table or view does not exist, continuing
EBS drop table - map_pea_za
Table or view does not exist, continuing
EBS drop table - ni_mask
Table or view does not exist, continuing
EBS drop table - PER_ALL_PEOPLE_F_BKUP
Table or view does not exist, continuing
EBS drop table - HR_SOFT_CODING_BKUP
Table or view does not exist, continuing
EBS drop table - PAY_EXTRAL_ACCOUNTS_BKUP
Table or view does not exist, continuing
EBS drop table - PER_ADDRESSES_BKUP
Mohamed Azar http://mohamedazar.com
Table or view does not exist, continuing
EBS drop table - BEN_TRANSACTION_BKUP
Table or view does not exist, continuing
PL/SQL procedure successfully completed.
Table created.
Table created.
Table created.
Table created.
Table created.
Table created.
Table created.
Table created.
Table created.
Table created.
Index created.
Table created.
Table created.
Table created.
Table created.
Table created.
Function created.
Generate Masking
Import XML ADM template. (goto Action tab and import)
Template : ADM_EBS12.1.3_V1.1.4_EM_12.1_Template.xml (template file chosen from the patch
22868240)
Mohamed Azar http://mohamedazar.com
Make verify ADM with source database
Execute from sys user.
SQL> grant Create Any Procedure to apps;
Grant succeeded.
SQL> grant Grant Any Object Privilege to apps;
Grant succeeded.
SQL> grant Execute Any Procedure to apps;
Grant succeeded.
Mohamed Azar http://mohamedazar.com
Import xml masking template. (template file chosen from the patch 22868240)
Template : Mask_EBS12.1.3_V1.1.4_EM_12.1_Template.xml
Mohamed Azar http://mohamedazar.com
Generate the script as system user.
It may take few hours to complete generation script. Once finish verify the log and save the masking
script. (Action – save script)
Using the Data Masking Template (Not mandatory , Advised by Oracle support)
Oracle recommends to change the credentials in the cloned database. Here I have not changed credentials because if require we can change later on.
Appendix C of the "Secure Configuration Guide for Oracle E-Business Suite Release 12", Document 403537.1.
Mohamed Azar http://mohamedazar.com
Execute Masking
- Ensure system and temp tablespace having sufficient space.
- Installing dm_fmtlib package as system user. Refer the below link.
https://docs.oracle.com/database/121/RATUG/GUID-49ABFF59-1776-4798-A866-CA73D5103045.htm
- Run the fndusmaexcr.sql script as the SYSTEM user.
SQL> show user
USER is "SYSTEM"
SQL> @fndusmaexcr.sql
EBS drop table - FND_USER_MASKING_EXEMPTIONS
PL/SQL procedure successfully completed.
Table created.
20 rows created.
Commit complete.
SQL> select count(1) from FND_USER_MASKING_EXEMPTIONS;
COUNT(1)
20
- Execute below from sys user.
SQL> grant execute on DBMS_CRYPTO to SYSTEM;
Grant succeeded.
Shutdown the Application.
Within the data masking console in Oracle Enterprise Manager, run the mask for the script generated above using the SYSTEM user. Check "The selected target is not a production database" option on the schedule masking job page. ( correction : host user with normal and not with sudo privileges)
Mohamed Azar http://mohamedazar.com
Compile the objects.
select count(*) "nInvalidBefore", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"
from DBA_OBJECTS where STATUS = 'INVALID'
/
exec sys.utl_recomp.recomp_parallel;
select count(*) "nInvalidAfter", to_char(sysdate,'YYYY-MM-DD HH24:MI:SS') "TimeStamp"
from DBA_OBJECTS where STATUS = 'INVALID'
/
Mohamed Azar http://mohamedazar.com
Start the Applications.
The data is changed after data masking over.
SQL> select user_name,email_address from fnd_user;
USER_NAME EMAIL_ADDRESS
------------------------------ ------------------------------------------------------------
NZMBWDVQAK [email protected]
EEMXBAWEIS [email protected]
AWCMBCRXBQ [email protected]
MKDLKZJAKT [email protected]
WNEDLOSWDS [email protected]
MTGZXNDQGU [email protected]
PIWOYGGKRW [email protected]
JSFKVWAPCR [email protected]
OJSHDVVGIU [email protected]
MKVWJLFLCE [email protected]
RGWRPRPCJD
USER_NAME EMAIL_ADDRESS
------------------------------ ------------------------------------------------------------
AMPGTKJALR [email protected]
OFUXGKEZAE [email protected]
GJWNCLZAHN
Mohamed Azar http://mohamedazar.com
WTTGLKCBEV [email protected]
PRNCRLUROM [email protected]
YONBAIXPEW [email protected]
VSXEYWFLVG [email protected]