Docs Home
Oracle Cloud Infrastructure v2.30.0 published on Monday, Apr 14, 2025 by Pulumi
oci.DataSafe.MaskingPolicy
Explore with Pulumi AI
This resource provides the Masking Policy resource in Oracle Cloud Infrastructure Data Safe service.
Creates a new masking policy and associates it with a sensitive data model or a target database.
To use a sensitive data model as the source of masking columns, set the columnSource attribute to SENSITIVE_DATA_MODEL and provide the sensitiveDataModelId attribute. After creating a masking policy, you can use the AddMaskingColumnsFromSdm operation to automatically add all the columns from the associated sensitive data model. In this case, the target database associated with the sensitive data model is used for column and masking format validations.
You can also create a masking policy without using a sensitive data model. In this case, you need to associate your masking policy with a target database by setting the columnSource attribute to TARGET and providing the targetId attribute. The specified target database is used for column and masking format validations.
After creating a masking policy, you can use the CreateMaskingColumn or PatchMaskingColumns operation to manually add columns to the policy. You need to add the parent columns only, and it automatically adds the child columns (in referential relationship with the parent columns) from the associated sensitive data model or target database.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testMaskingPolicy = new oci.datasafe.MaskingPolicy("test_masking_policy", {
columnSources: [{
columnSource: maskingPolicyColumnSourceColumnSource,
sensitiveDataModelId: testSensitiveDataModel.id,
targetId: testTarget.id,
}],
compartmentId: compartmentId,
definedTags: {
"Operations.CostCenter": "42",
},
description: maskingPolicyDescription,
displayName: maskingPolicyDisplayName,
freeformTags: {
Department: "Finance",
},
isDropTempTablesEnabled: maskingPolicyIsDropTempTablesEnabled,
isRedoLoggingEnabled: maskingPolicyIsRedoLoggingEnabled,
isRefreshStatsEnabled: maskingPolicyIsRefreshStatsEnabled,
parallelDegree: maskingPolicyParallelDegree,
postMaskingScript: maskingPolicyPostMaskingScript,
preMaskingScript: maskingPolicyPreMaskingScript,
recompile: maskingPolicyRecompile,
});
import pulumi
import pulumi_oci as oci
test_masking_policy = oci.data_safe.MaskingPolicy("test_masking_policy",
column_sources=[{
"column_source": masking_policy_column_source_column_source,
"sensitive_data_model_id": test_sensitive_data_model["id"],
"target_id": test_target["id"],
}],
compartment_id=compartment_id,
defined_tags={
"Operations.CostCenter": "42",
},
description=masking_policy_description,
display_name=masking_policy_display_name,
freeform_tags={
"Department": "Finance",
},
is_drop_temp_tables_enabled=masking_policy_is_drop_temp_tables_enabled,
is_redo_logging_enabled=masking_policy_is_redo_logging_enabled,
is_refresh_stats_enabled=masking_policy_is_refresh_stats_enabled,
parallel_degree=masking_policy_parallel_degree,
post_masking_script=masking_policy_post_masking_script,
pre_masking_script=masking_policy_pre_masking_script,
recompile=masking_policy_recompile)
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/datasafe"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := datasafe.NewMaskingPolicy(ctx, "test_masking_policy", &datasafe.MaskingPolicyArgs{
ColumnSources: datasafe.MaskingPolicyColumnSourceArray{
&datasafe.MaskingPolicyColumnSourceArgs{
ColumnSource: pulumi.Any(maskingPolicyColumnSourceColumnSource),
SensitiveDataModelId: pulumi.Any(testSensitiveDataModel.Id),
TargetId: pulumi.Any(testTarget.Id),
},
},
CompartmentId: pulumi.Any(compartmentId),
DefinedTags: pulumi.StringMap{
"Operations.CostCenter": pulumi.String("42"),
},
Description: pulumi.Any(maskingPolicyDescription),
DisplayName: pulumi.Any(maskingPolicyDisplayName),
FreeformTags: pulumi.StringMap{
"Department": pulumi.String("Finance"),
},
IsDropTempTablesEnabled: pulumi.Any(maskingPolicyIsDropTempTablesEnabled),
IsRedoLoggingEnabled: pulumi.Any(maskingPolicyIsRedoLoggingEnabled),
IsRefreshStatsEnabled: pulumi.Any(maskingPolicyIsRefreshStatsEnabled),
ParallelDegree: pulumi.Any(maskingPolicyParallelDegree),
PostMaskingScript: pulumi.Any(maskingPolicyPostMaskingScript),
PreMaskingScript: pulumi.Any(maskingPolicyPreMaskingScript),
Recompile: pulumi.Any(maskingPolicyRecompile),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testMaskingPolicy = new Oci.DataSafe.MaskingPolicy("test_masking_policy", new()
{
ColumnSources = new[]
{
new Oci.DataSafe.Inputs.MaskingPolicyColumnSourceArgs
{
ColumnSource = maskingPolicyColumnSourceColumnSource,
SensitiveDataModelId = testSensitiveDataModel.Id,
TargetId = testTarget.Id,
},
},
CompartmentId = compartmentId,
DefinedTags =
{
{ "Operations.CostCenter", "42" },
},
Description = maskingPolicyDescription,
DisplayName = maskingPolicyDisplayName,
FreeformTags =
{
{ "Department", "Finance" },
},
IsDropTempTablesEnabled = maskingPolicyIsDropTempTablesEnabled,
IsRedoLoggingEnabled = maskingPolicyIsRedoLoggingEnabled,
IsRefreshStatsEnabled = maskingPolicyIsRefreshStatsEnabled,
ParallelDegree = maskingPolicyParallelDegree,
PostMaskingScript = maskingPolicyPostMaskingScript,
PreMaskingScript = maskingPolicyPreMaskingScript,
Recompile = maskingPolicyRecompile,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.DataSafe.MaskingPolicy;
import com.pulumi.oci.DataSafe.MaskingPolicyArgs;
import com.pulumi.oci.DataSafe.inputs.MaskingPolicyColumnSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testMaskingPolicy = new MaskingPolicy("testMaskingPolicy", MaskingPolicyArgs.builder()
.columnSources(MaskingPolicyColumnSourceArgs.builder()
.columnSource(maskingPolicyColumnSourceColumnSource)
.sensitiveDataModelId(testSensitiveDataModel.id())
.targetId(testTarget.id())
.build())
.compartmentId(compartmentId)
.definedTags(Map.of("Operations.CostCenter", "42"))
.description(maskingPolicyDescription)
.displayName(maskingPolicyDisplayName)
.freeformTags(Map.of("Department", "Finance"))
.isDropTempTablesEnabled(maskingPolicyIsDropTempTablesEnabled)
.isRedoLoggingEnabled(maskingPolicyIsRedoLoggingEnabled)
.isRefreshStatsEnabled(maskingPolicyIsRefreshStatsEnabled)
.parallelDegree(maskingPolicyParallelDegree)
.postMaskingScript(maskingPolicyPostMaskingScript)
.preMaskingScript(maskingPolicyPreMaskingScript)
.recompile(maskingPolicyRecompile)
.build());
}
}
resources:
testMaskingPolicy:
type: oci:DataSafe:MaskingPolicy
name: test_masking_policy
properties:
columnSources:
- columnSource: ${maskingPolicyColumnSourceColumnSource}
sensitiveDataModelId: ${testSensitiveDataModel.id}
targetId: ${testTarget.id}
compartmentId: ${compartmentId}
definedTags:
Operations.CostCenter: '42'
description: ${maskingPolicyDescription}
displayName: ${maskingPolicyDisplayName}
freeformTags:
Department: Finance
isDropTempTablesEnabled: ${maskingPolicyIsDropTempTablesEnabled}
isRedoLoggingEnabled: ${maskingPolicyIsRedoLoggingEnabled}
isRefreshStatsEnabled: ${maskingPolicyIsRefreshStatsEnabled}
parallelDegree: ${maskingPolicyParallelDegree}
postMaskingScript: ${maskingPolicyPostMaskingScript}
preMaskingScript: ${maskingPolicyPreMaskingScript}
recompile: ${maskingPolicyRecompile}
Create MaskingPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new MaskingPolicy(name: string, args: MaskingPolicyArgs, opts?: CustomResourceOptions);@overload
def MaskingPolicy(resource_name: str,
args: MaskingPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def MaskingPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
compartment_id: Optional[str] = None,
column_sources: Optional[Sequence[_datasafe.MaskingPolicyColumnSourceArgs]] = None,
freeform_tags: Optional[Mapping[str, str]] = None,
defined_tags: Optional[Mapping[str, str]] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
add_masking_columns_from_sdm_trigger: Optional[int] = None,
generate_health_report_trigger: Optional[int] = None,
is_drop_temp_tables_enabled: Optional[bool] = None,
is_redo_logging_enabled: Optional[bool] = None,
is_refresh_stats_enabled: Optional[bool] = None,
parallel_degree: Optional[str] = None,
post_masking_script: Optional[str] = None,
pre_masking_script: Optional[str] = None,
recompile: Optional[str] = None)func NewMaskingPolicy(ctx *Context, name string, args MaskingPolicyArgs, opts ...ResourceOption) (*MaskingPolicy, error)public MaskingPolicy(string name, MaskingPolicyArgs args, CustomResourceOptions? opts = null)public MaskingPolicy(String name, MaskingPolicyArgs args)
public MaskingPolicy(String name, MaskingPolicyArgs args, CustomResourceOptions options)
type: oci:DataSafe:MaskingPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. MaskingPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. MaskingPolicyArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. MaskingPolicyArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. MaskingPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. MaskingPolicyArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var maskingPolicyResource = new Oci.DataSafe.MaskingPolicy("maskingPolicyResource", new()
{
CompartmentId = "string",
ColumnSources = new[]
{
new Oci.DataSafe.Inputs.MaskingPolicyColumnSourceArgs
{
ColumnSource = "string",
SensitiveDataModelId = "string",
TargetId = "string",
},
},
FreeformTags =
{
{ "string", "string" },
},
DefinedTags =
{
{ "string", "string" },
},
Description = "string",
DisplayName = "string",
AddMaskingColumnsFromSdmTrigger = 0,
GenerateHealthReportTrigger = 0,
IsDropTempTablesEnabled = false,
IsRedoLoggingEnabled = false,
IsRefreshStatsEnabled = false,
ParallelDegree = "string",
PostMaskingScript = "string",
PreMaskingScript = "string",
Recompile = "string",
});
example, err := DataSafe.NewMaskingPolicy(ctx, "maskingPolicyResource", &DataSafe.MaskingPolicyArgs{
CompartmentId: pulumi.String("string"),
ColumnSources: datasafe.MaskingPolicyColumnSourceArray{
&datasafe.MaskingPolicyColumnSourceArgs{
ColumnSource: pulumi.String("string"),
SensitiveDataModelId: pulumi.String("string"),
TargetId: pulumi.String("string"),
},
},
FreeformTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
DefinedTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
AddMaskingColumnsFromSdmTrigger: pulumi.Int(0),
GenerateHealthReportTrigger: pulumi.Int(0),
IsDropTempTablesEnabled: pulumi.Bool(false),
IsRedoLoggingEnabled: pulumi.Bool(false),
IsRefreshStatsEnabled: pulumi.Bool(false),
ParallelDegree: pulumi.String("string"),
PostMaskingScript: pulumi.String("string"),
PreMaskingScript: pulumi.String("string"),
Recompile: pulumi.String("string"),
})
var maskingPolicyResource = new MaskingPolicy("maskingPolicyResource", MaskingPolicyArgs.builder()
.compartmentId("string")
.columnSources(MaskingPolicyColumnSourceArgs.builder()
.columnSource("string")
.sensitiveDataModelId("string")
.targetId("string")
.build())
.freeformTags(Map.of("string", "string"))
.definedTags(Map.of("string", "string"))
.description("string")
.displayName("string")
.addMaskingColumnsFromSdmTrigger(0)
.generateHealthReportTrigger(0)
.isDropTempTablesEnabled(false)
.isRedoLoggingEnabled(false)
.isRefreshStatsEnabled(false)
.parallelDegree("string")
.postMaskingScript("string")
.preMaskingScript("string")
.recompile("string")
.build());
masking_policy_resource = oci.data_safe.MaskingPolicy("maskingPolicyResource",
compartment_id="string",
column_sources=[{
"column_source": "string",
"sensitive_data_model_id": "string",
"target_id": "string",
}],
freeform_tags={
"string": "string",
},
defined_tags={
"string": "string",
},
description="string",
display_name="string",
add_masking_columns_from_sdm_trigger=0,
generate_health_report_trigger=0,
is_drop_temp_tables_enabled=False,
is_redo_logging_enabled=False,
is_refresh_stats_enabled=False,
parallel_degree="string",
post_masking_script="string",
pre_masking_script="string",
recompile="string")
const maskingPolicyResource = new oci.datasafe.MaskingPolicy("maskingPolicyResource", {
compartmentId: "string",
columnSources: [{
columnSource: "string",
sensitiveDataModelId: "string",
targetId: "string",
}],
freeformTags: {
string: "string",
},
definedTags: {
string: "string",
},
description: "string",
displayName: "string",
addMaskingColumnsFromSdmTrigger: 0,
generateHealthReportTrigger: 0,
isDropTempTablesEnabled: false,
isRedoLoggingEnabled: false,
isRefreshStatsEnabled: false,
parallelDegree: "string",
postMaskingScript: "string",
preMaskingScript: "string",
recompile: "string",
});
type: oci:DataSafe:MaskingPolicy
properties:
addMaskingColumnsFromSdmTrigger: 0
columnSources:
- columnSource: string
sensitiveDataModelId: string
targetId: string
compartmentId: string
definedTags:
string: string
description: string
displayName: string
freeformTags:
string: string
generateHealthReportTrigger: 0
isDropTempTablesEnabled: false
isRedoLoggingEnabled: false
isRefreshStatsEnabled: false
parallelDegree: string
postMaskingScript: string
preMaskingScript: string
recompile: string
MaskingPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The MaskingPolicy resource accepts the following input properties:
- Column
Sources This property is required. List<MaskingPolicy Column Source> - (Updatable) Details to associate a column source with a masking policy.
- Compartment
Id This property is required. string - (Updatable) The OCID of the compartment where the masking policy should be created.
- Add
Masking intColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - Description string
- (Updatable) The description of the masking policy.
- Display
Name string - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - Generate
Health intReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Is
Drop boolTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- Is
Redo boolLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- Is
Refresh boolStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- Parallel
Degree string - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- Post
Masking stringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- Pre
Masking stringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- Recompile string
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- Column
Sources This property is required. []MaskingPolicy Column Source Args - (Updatable) Details to associate a column source with a masking policy.
- Compartment
Id This property is required. string - (Updatable) The OCID of the compartment where the masking policy should be created.
- Add
Masking intColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - Description string
- (Updatable) The description of the masking policy.
- Display
Name string - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - Generate
Health intReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Is
Drop boolTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- Is
Redo boolLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- Is
Refresh boolStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- Parallel
Degree string - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- Post
Masking stringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- Pre
Masking stringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- Recompile string
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- column
Sources This property is required. List<MaskingPolicy Column Source> - (Updatable) Details to associate a column source with a masking policy.
- compartment
Id This property is required. String - (Updatable) The OCID of the compartment where the masking policy should be created.
- add
Masking IntegerColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description String
- (Updatable) The description of the masking policy.
- display
Name String - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate
Health IntegerReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is
Drop BooleanTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is
Redo BooleanLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is
Refresh BooleanStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel
Degree String - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post
Masking StringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre
Masking StringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile String
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- column
Sources This property is required. MaskingPolicy Column Source[] - (Updatable) Details to associate a column source with a masking policy.
- compartment
Id This property is required. string - (Updatable) The OCID of the compartment where the masking policy should be created.
- add
Masking numberColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description string
- (Updatable) The description of the masking policy.
- display
Name string - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate
Health numberReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is
Drop booleanTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is
Redo booleanLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is
Refresh booleanStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel
Degree string - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post
Masking stringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre
Masking stringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile string
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- column_
sources This property is required. Sequence[datasafe.Masking Policy Column Source Args] - (Updatable) Details to associate a column source with a masking policy.
- compartment_
id This property is required. str - (Updatable) The OCID of the compartment where the masking policy should be created.
- add_
masking_ intcolumns_ from_ sdm_ trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description str
- (Updatable) The description of the masking policy.
- display_
name str - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate_
health_ intreport_ trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is_
drop_ booltemp_ tables_ enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is_
redo_ boollogging_ enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is_
refresh_ boolstats_ enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel_
degree str - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post_
masking_ strscript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre_
masking_ strscript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile str
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- column
Sources This property is required. List<Property Map> - (Updatable) Details to associate a column source with a masking policy.
- compartment
Id This property is required. String - (Updatable) The OCID of the compartment where the masking policy should be created.
- add
Masking NumberColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description String
- (Updatable) The description of the masking policy.
- display
Name String - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate
Health NumberReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is
Drop BooleanTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is
Redo BooleanLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is
Refresh BooleanStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel
Degree String - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post
Masking StringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre
Masking StringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile String
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
Outputs
All input properties are implicitly available as output properties. Additionally, the MaskingPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- State string
- The current state of the masking policy.
- Time
Created string - The date and time the masking policy was created, in the format defined by RFC3339.
- Time
Updated string - The date and time the masking policy was last updated, in the format defined by RFC3339
- Id string
- The provider-assigned unique ID for this managed resource.
- State string
- The current state of the masking policy.
- Time
Created string - The date and time the masking policy was created, in the format defined by RFC3339.
- Time
Updated string - The date and time the masking policy was last updated, in the format defined by RFC3339
- id String
- The provider-assigned unique ID for this managed resource.
- state String
- The current state of the masking policy.
- time
Created String - The date and time the masking policy was created, in the format defined by RFC3339.
- time
Updated String - The date and time the masking policy was last updated, in the format defined by RFC3339
- id string
- The provider-assigned unique ID for this managed resource.
- state string
- The current state of the masking policy.
- time
Created string - The date and time the masking policy was created, in the format defined by RFC3339.
- time
Updated string - The date and time the masking policy was last updated, in the format defined by RFC3339
- id str
- The provider-assigned unique ID for this managed resource.
- state str
- The current state of the masking policy.
- time_
created str - The date and time the masking policy was created, in the format defined by RFC3339.
- time_
updated str - The date and time the masking policy was last updated, in the format defined by RFC3339
- id String
- The provider-assigned unique ID for this managed resource.
- state String
- The current state of the masking policy.
- time
Created String - The date and time the masking policy was created, in the format defined by RFC3339.
- time
Updated String - The date and time the masking policy was last updated, in the format defined by RFC3339
Look up Existing MaskingPolicy Resource
Get an existing MaskingPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MaskingPolicyState, opts?: CustomResourceOptions): MaskingPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
add_masking_columns_from_sdm_trigger: Optional[int] = None,
column_sources: Optional[Sequence[_datasafe.MaskingPolicyColumnSourceArgs]] = None,
compartment_id: Optional[str] = None,
defined_tags: Optional[Mapping[str, str]] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
freeform_tags: Optional[Mapping[str, str]] = None,
generate_health_report_trigger: Optional[int] = None,
is_drop_temp_tables_enabled: Optional[bool] = None,
is_redo_logging_enabled: Optional[bool] = None,
is_refresh_stats_enabled: Optional[bool] = None,
parallel_degree: Optional[str] = None,
post_masking_script: Optional[str] = None,
pre_masking_script: Optional[str] = None,
recompile: Optional[str] = None,
state: Optional[str] = None,
time_created: Optional[str] = None,
time_updated: Optional[str] = None) -> MaskingPolicyfunc GetMaskingPolicy(ctx *Context, name string, id IDInput, state *MaskingPolicyState, opts ...ResourceOption) (*MaskingPolicy, error)public static MaskingPolicy Get(string name, Input<string> id, MaskingPolicyState? state, CustomResourceOptions? opts = null)public static MaskingPolicy get(String name, Output<String> id, MaskingPolicyState state, CustomResourceOptions options)resources: _: type: oci:DataSafe:MaskingPolicy get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Add
Masking intColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- Column
Sources List<MaskingPolicy Column Source> - (Updatable) Details to associate a column source with a masking policy.
- Compartment
Id string - (Updatable) The OCID of the compartment where the masking policy should be created.
- Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - Description string
- (Updatable) The description of the masking policy.
- Display
Name string - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - Generate
Health intReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Is
Drop boolTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- Is
Redo boolLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- Is
Refresh boolStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- Parallel
Degree string - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- Post
Masking stringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- Pre
Masking stringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- Recompile string
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- State string
- The current state of the masking policy.
- Time
Created string - The date and time the masking policy was created, in the format defined by RFC3339.
- Time
Updated string - The date and time the masking policy was last updated, in the format defined by RFC3339
- Add
Masking intColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- Column
Sources []MaskingPolicy Column Source Args - (Updatable) Details to associate a column source with a masking policy.
- Compartment
Id string - (Updatable) The OCID of the compartment where the masking policy should be created.
- map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - Description string
- (Updatable) The description of the masking policy.
- Display
Name string - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - Generate
Health intReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Is
Drop boolTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- Is
Redo boolLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- Is
Refresh boolStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- Parallel
Degree string - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- Post
Masking stringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- Pre
Masking stringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- Recompile string
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- State string
- The current state of the masking policy.
- Time
Created string - The date and time the masking policy was created, in the format defined by RFC3339.
- Time
Updated string - The date and time the masking policy was last updated, in the format defined by RFC3339
- add
Masking IntegerColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- column
Sources List<MaskingPolicy Column Source> - (Updatable) Details to associate a column source with a masking policy.
- compartment
Id String - (Updatable) The OCID of the compartment where the masking policy should be created.
- Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description String
- (Updatable) The description of the masking policy.
- display
Name String - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate
Health IntegerReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is
Drop BooleanTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is
Redo BooleanLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is
Refresh BooleanStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel
Degree String - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post
Masking StringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre
Masking StringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile String
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- state String
- The current state of the masking policy.
- time
Created String - The date and time the masking policy was created, in the format defined by RFC3339.
- time
Updated String - The date and time the masking policy was last updated, in the format defined by RFC3339
- add
Masking numberColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- column
Sources MaskingPolicy Column Source[] - (Updatable) Details to associate a column source with a masking policy.
- compartment
Id string - (Updatable) The OCID of the compartment where the masking policy should be created.
- {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description string
- (Updatable) The description of the masking policy.
- display
Name string - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate
Health numberReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is
Drop booleanTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is
Redo booleanLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is
Refresh booleanStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel
Degree string - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post
Masking stringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre
Masking stringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile string
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- state string
- The current state of the masking policy.
- time
Created string - The date and time the masking policy was created, in the format defined by RFC3339.
- time
Updated string - The date and time the masking policy was last updated, in the format defined by RFC3339
- add_
masking_ intcolumns_ from_ sdm_ trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- column_
sources Sequence[datasafe.Masking Policy Column Source Args] - (Updatable) Details to associate a column source with a masking policy.
- compartment_
id str - (Updatable) The OCID of the compartment where the masking policy should be created.
- Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description str
- (Updatable) The description of the masking policy.
- display_
name str - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate_
health_ intreport_ trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is_
drop_ booltemp_ tables_ enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is_
redo_ boollogging_ enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is_
refresh_ boolstats_ enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel_
degree str - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post_
masking_ strscript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre_
masking_ strscript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile str
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- state str
- The current state of the masking policy.
- time_
created str - The date and time the masking policy was created, in the format defined by RFC3339.
- time_
updated str - The date and time the masking policy was last updated, in the format defined by RFC3339
- add
Masking NumberColumns From Sdm Trigger - (Updatable) An optional property when incremented triggers Add Masking Columns From Sdm. Could be set to any integer value.
- column
Sources List<Property Map> - (Updatable) Details to associate a column source with a masking policy.
- compartment
Id String - (Updatable) The OCID of the compartment where the masking policy should be created.
- Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"} - description String
- (Updatable) The description of the masking policy.
- display
Name String - (Updatable) The display name of the masking policy. The name does not have to be unique, and it's changeable.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"} - generate
Health NumberReport Trigger (Updatable) An optional property when incremented triggers Generate Health Report. Could be set to any integer value.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- is
Drop BooleanTemp Tables Enabled - (Updatable) Indicates if the temporary tables created during a masking operation should be dropped after masking. It's enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.
- is
Redo BooleanLogging Enabled - (Updatable) Indicates if redo logging is enabled during a masking operation. It's disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.
- is
Refresh BooleanStats Enabled - (Updatable) Indicates if statistics gathering is enabled. It's enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.
- parallel
Degree String - (Updatable) Specifies options to enable parallel execution when running data masking. Allowed values are 'NONE' (no parallelism), 'DEFAULT' (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUs and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.
- post
Masking StringScript - (Updatable) A post-masking script, which can contain SQL and PL/SQL statements. It's executed after the core masking script generated using the masking policy. It's usually used to perform additional transformation or cleanup work after masking.
- pre
Masking StringScript - (Updatable) A pre-masking script, which can contain SQL and PL/SQL statements. It's executed before the core masking script generated using the masking policy. It's usually used to perform any preparation or prerequisite work before masking data.
- recompile String
- (Updatable) Specifies how to recompile invalid objects post data masking. Allowed values are 'SERIAL' (recompile in serial), 'PARALLEL' (recompile in parallel), 'NONE' (do not recompile). If it's set to PARALLEL, the value of parallelDegree attribute is used. Use the built-in UTL_RECOMP package to recompile any remaining invalid objects after masking completes.
- state String
- The current state of the masking policy.
- time
Created String - The date and time the masking policy was created, in the format defined by RFC3339.
- time
Updated String - The date and time the masking policy was last updated, in the format defined by RFC3339
Supporting Types
MaskingPolicyColumnSource, MaskingPolicyColumnSourceArgs
, MaskingPolicyColumnSourceArgs
- Column
Source This property is required. string - (Updatable) The source of masking columns.
- Sensitive
Data stringModel Id - (Updatable) The OCID of the sensitive data model to be associated as the column source with the masking policy.
- Target
Id string - (Updatable) The OCID of the target database to be associated as the column source with the masking policy.
- Column
Source This property is required. string - (Updatable) The source of masking columns.
- Sensitive
Data stringModel Id - (Updatable) The OCID of the sensitive data model to be associated as the column source with the masking policy.
- Target
Id string - (Updatable) The OCID of the target database to be associated as the column source with the masking policy.
- column
Source This property is required. String - (Updatable) The source of masking columns.
- sensitive
Data StringModel Id - (Updatable) The OCID of the sensitive data model to be associated as the column source with the masking policy.
- target
Id String - (Updatable) The OCID of the target database to be associated as the column source with the masking policy.
- column
Source This property is required. string - (Updatable) The source of masking columns.
- sensitive
Data stringModel Id - (Updatable) The OCID of the sensitive data model to be associated as the column source with the masking policy.
- target
Id string - (Updatable) The OCID of the target database to be associated as the column source with the masking policy.
- column_
source This property is required. str - (Updatable) The source of masking columns.
- sensitive_
data_ strmodel_ id - (Updatable) The OCID of the sensitive data model to be associated as the column source with the masking policy.
- target_
id str - (Updatable) The OCID of the target database to be associated as the column source with the masking policy.
- column
Source This property is required. String - (Updatable) The source of masking columns.
- sensitive
Data StringModel Id - (Updatable) The OCID of the sensitive data model to be associated as the column source with the masking policy.
- target
Id String - (Updatable) The OCID of the target database to be associated as the column source with the masking policy.
Import
MaskingPolicies can be imported using the id, e.g.
$ pulumi import oci:DataSafe/maskingPolicy:MaskingPolicy test_masking_policy "id"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
ociTerraform Provider.