Update Sensitive Data Models

There are many reasons why you may need to update a sensitive data model after you discover sensitive columns on your target database. Perhaps changes on the database have occurred or you may need to fine-tune the discovery results. With Data Discovery, you can perform incremental discoveries and make manual changes to your sensitive data model.

You can also manually edit the XML version of a sensitive data model in a text editor. To obtain an XML format of your sensitive data model, you need to generate it first and then download it from the sensitive data model's page. See Download or Upload a Sensitive Data Model in XML Format.

Perform an Incremental Discovery of Sensitive Data on Your Target Database

If columns are added, deleted, or modified on your target database after you run a data discovery job, you can perform an incremental discovery to update your sensitive data model. This operation compares the sensitive columns in your sensitive data model to those on the target database and informs you of the differences. If needed, you can adjust the schemas and sensitive types that Data Discovery uses during the incremental discovery on the target database.

  1. Under Data Safe - Database Security, select Data discovery.
  2. Under Data discovery, select Sensitive data models.
  3. Click the name of the sensitive data model for which you want to perform an incremental discovery of sensitive data.
  4. Click the Incremental discovery tab, then under Actions, select Run discovery now.
  5. Choose between the Incremental discovery options: Run the incremental discovery with the same scope as the initial sensitive data discovery of this sensitive data model, or Adjust the scope for the incremental discovery.

    Note:

    The previously selected tables will be honored for the scope (either all tables or the subset that were selected) if you choose to run with the same scope.

    Note:

    Be aware before proceeding that the results from the previous incremental discovery are not shown after you start this operation.
  6. To change the scope before running the incremental discovery job, select Adjust the scope for the incremental discovery, click Submit, and then configure the run on the Run discovery now page:
    1. For Incremental discovery information: Enter a Name for the discovery job, select a Compartment to store the discovery job, and then click Next.

      Note:

      You can optionally add tags by clicking Add tag.
    2. For Discovery on all schemas or on specific schemas only: Select the schemas that you want the incremental discovery to search, and then click Next.
    3. For Select tables for selected schemas: Click the three dots, then Select tables for schema, then Next.

      Note:

      If selected, discovery will be run only on selected tables of the schema. Alternatively, you can skip this step and proceed to the next if you want all tables for the selected schemas to be scanned.
    4. For Select from sensitive type group: Choose to select sensitive types from the common sensitive types or all sensitive types.

      Note:

      Use the Common sensitive types to choose from the 21 most popular sensitive types in the group created by Oracle. By limiting the selection of sensitive types that are likely to be present within your target database, you decrease the time that it will take to create a sensitive date model. You may select additional sensitive types in the All sensitive types section.
    5. For Select discovery options, choose one or both of the following options:
      • Collect, display, and store sample data
      • Discover application-level (non-dictionary) referential relationships
    6. Click Run discovery now.

      Note:

      Be aware before proceeding that the results from the previous incremental discovery are not shown after you start this operation.
  7. (Optional) To view the results, under Actions, select Manage results.
  8. After the discovery job is successfully completed, review the information under the History of incremental discoveries tab.
    1. Click the three dots to either view details of the schemas, view details of the sensitive types, view details, delete, or copy the OCID.
  9. (Optional) To view the work requests, click the Work requests tab.

View the History of Incremental Discovery

Data Discovery maintains a history of each incremental discovery job on a sensitive data model (SDM). For each job, you can view when the incremental discovery was performed, the selected schemas for the incremental discovery, the selected sensitive types, what column changes were approved or rejected, and whether the changes were applied to the SDM.

  1. Under Data Safe - Database Security, select Data discovery.
  2. Under Data discovery, select Sensitive data models.
  3. Select the name of the sensitive data model to which you want to add sensitive columns.
  4. Select the History of incremental discoveries tab.
  5. Select the three dots to either View details of the schemas, View details of sensitive types, View details, Delete, or Copy OCID.
  6. Selecting View details will display the Discovery job results.

    Note:

    The Discovery job results page shows you the details for the incremental discovery in a read-only table. You can view information about each discovered column, including schema, table, column, column status in target database (for example, NEW or DELETED), sensitive type, parent column, data type, estimated row count, planned action, and whether the change was applied to the SDM.
  7. To return to the history of incremental discoveries, click Close.

Add New Sensitive Columns to a Sensitive Data Model

You can add new sensitive columns to an existing sensitive data model on the sensitive data model's page.

  1. Under Data Safe - Database Security, select Data discovery.
  2. Under Data discovery, select Sensitive data models.
  3. Select the name of the sensitive data model to which you want to add sensitive columns.
  4. Select the Sensitive columns tab.
  5. Under the Actions drop-down list, select Add columns.
  6. (Optional) If the schemas on the target database have been updated since the stated time and date, click Refresh Database Schemas.
  7. Find sensitive columns by entering or selecting one or more of the following items, and then click Search:
    • Schema name
    • Table name
    • Column name
    A list of sensitive columns that match your selection criteria are displayed.
  8. Select Select specific columns to select the columns that you want to add to your sensitive data model, and then click Add columns.

    Note:

    To select all the columns, select the check box next to the Schema name column heading or click All columns. The columns are added to the sensitive data model and the sensitive data model is automatically saved.

Add Previously Removed Columns to a Sensitive Data Model

You can view the list of previously removed columns from a sensitive data model (SDM) and add those columns back to the SDM as needed.

  1. Under Data Safe - Database Security, select Data discovery.
  2. Under Data discovery, select Sensitive data models.
  3. Click the name of the sensitive data model to which you want to add columns.
  4. Select the Sensitive columns tab.
  5. Under the Actions drop-down list, select View/Add previously removed columns.
  6. If you wish to add one or more columns back to the sensitive data model, select either:
    • Select specific columns
    • All columns
  7. If you selected Select Specific Columns then choose the columns to add back from the list.
  8. Click Add columns to sensitive data model.

Remove Sensitive Columns from a Sensitive Data Model

Sometimes Data Discovery returns columns that you do not want to include in your sensitive data model. You can remove them from the sensitive data model on the sensitive data model's page.

  1. Under Data Safe - Database Security, select Data discovery.
  2. Under Data discovery, select Sensitive data models.
  3. Select the name of the sensitive data model to which you want to add sensitive columns.
  4. Select the Sensitive columns tab.
  5. Under the Actions drop-down list, select Remove columns.
  6. (Optional) Select a Sensitive type that best describes the sensitive columns that you want to remove.
  7. Enter or select one or more of the following items, and then click Search:
    • Schema
    • Table
    • Column
    • Data presence
    A list of sensitive columns that match your selection criteria are displayed.
  8. Select the columns that you want to remove from your sensitive data model, and then click Remove columns.

    Note:

    To select all the columns, select the check box next to the Schema column heading. The columns are removed from the sensitive data model and the sensitive data model is automatically saved.

Update Sensitive Type for a Sensitive Column

Learn how to change the sensitive type of a sensitive column directly from the sensitive data model.

  1. Under Data Safe - Database Security, select Data discovery.
  2. Under Data discovery, select Sensitive data models.
  3. Select the name of the sensitive data model from which you want to update the sensitive type.
  4. Select the Sensitive columns tab.
  5. Under the Actions drop-down list, select Add columns.
  6. (Optional) If the schemas on the target database have been updated since the stated time and date, click Refresh Database Schemas.
  7. Find sensitive columns by entering or selecting one or more of the following items, and then click Search:
    • Schema name
    • Table name
    • Column name
    A list of sensitive columns that match your selection criteria are displayed.
  8. Select Select specific columns to select the columns that you want to add to your sensitive data model.

    Note:

    To select all the columns, select the check box next to the Schema name column heading or click All columns. The columns are added to the sensitive data model and the sensitive data model is automatically saved.
  9. To update the sensitive type of a sensitive column, select the new Sensitive type from the drop-down list.
  10. Select Add columns.

Add or Remove a Referential Relationship from a Sensitive Data Model

You can add or remove a referential relationship between database columns in your sensitive data model.

Referential relationships are leveraged in operations, such as data masking. During data masking, the relationship helps ensure the integrity and consistency of the masking format applied. Relationships can also potentially be leveraged during incremental discovery using the sensitive data model (or manual column addition to the sensitive data model) to pull in other related columns.

You can manually enter referential relations, or they can be discovered through incremental discovery. See Perform an Incremental Discovery of Sensitive Data on Your Target Database for more information.

Note:

If you manually enter a database-level relation, then its existence will be checked against the database.

You can delete application-level referential relationships, not database-defined referential relationships. You can only select one relationship to delete at a time.

To add a referential relationship:

  1. Navigate to the Data discovery landing page.
  2. On the left under Data discovery, select Sensitive data models. A list of sensitive data models to which you have access is displayed.
  3. Select the name of the sensitive data model for which you want to manage referential relationships.
  4. Select the Referential relationships tab.
  5. Select Add referential relationship.
  6. Select Application-level (non-dictionary) relation or Database-level (dictionary-defined) relation.
  7. Select a parent schema name and a child schema name.
  8. Select a parent table name and a child table name.
  9. Select a parent column name and child column name.
  10. (Optional) To add another column to the parent and child columns list, select Add.
    • Adding columns creates a composite relationship mapping in Oracle Data Safe and new masking format will be created following a naming convention of schema.parenttable.datetime. This schema.parenttable.datetime masking format will automatically apply group masking with shuffle format when a masking job is initiated. See Group Masking Example Using Shuffle for more information.
  11. At Add columns to sensitive data model, switch the toggle to on if you want to add the columns to the sensitive data model; otherwise, only referential relationships get created.
  12. (Optional) Select a sensitive type for each column.
    • Selecting a sensitive type is available only if you are adding the referential relationship to the sensitive data model.
    • Selecting a sensitive type ensures that the parent and child column get masked using the same masking format as both columns will be added to the sensitive data model with as the same sensitive type. If no sensitive type is selected, then the sensitive type of the parent column will be used in the child column as well.
  13. Select Add relationship.

To delete a referential relationship:

  1. Navigate to the Data discovery landing page.
  2. On the left under Data discovery, select Sensitive data models. A list of sensitive data models to which you have access is displayed.
  3. Select the name of the sensitive data model for which you want to manage referential relationships.
  4. Select the Referential relationships tab.
  5. Locate an application level referential relationship to delete in the table, select the three dots at the end of its row, and then select Delete referential relationship.