Update Sensitive Data Models

There are many reasons why you may need to update a sensitive data model after you discover sensitive columns on your target database. Perhaps changes on the database have occurred or you may need to fine-tune the discovery results. With Data Discovery, you can perform incremental discoveries and make manual changes to your sensitive data model.

You can also manually edit the XML version of a sensitive data model in a text editor. To obtain an XML format of your sensitive data model, you need to generate it first and then download it from the sensitive data model's page. See Download or Upload a Sensitive Data Model in XML Format.

Perform an Incremental Discovery of Sensitive Data on Your Target Database

If columns are added, deleted, or modified on your target database after you run a data discovery job, you can perform an incremental discovery to update your sensitive data model. This operation compares the sensitive columns in your sensitive data model to those on the target database and informs you of the differences. If needed, you can adjust the schemas and sensitive types that Data Discovery uses during the incremental discovery on the target database.

1. Under Security Center, click Data Discovery.
2. Under Related Resources, click Sensitive Data Models.
3. Click the name of the sensitive data model for which you want to perform an incremental discovery of sensitive data.
4. Under Resources, click Latest Incremental Discovery.
   The Incremental Discovery section is displayed.
5. Click Run Discovery Now.
   The Run Discovery Now dialog box is displayed.
6. To run the incremental discovery with the same scope as the intial discovery job, select Run the incremental discovery with the same scope as the initial sensitive data discovery of this sensitive data model, and click Submit.
   Be aware before proceeding that the results from the previous incremental discovery are not shown after you start this operation.
   The incremental discovery job is started and the job status is set to CREATING.
7. To change the scope before running the incremental discovery job, select Adjust the scope for the incremental discovery, click Submit, and then configure the Options for Incremental Discovery page:
   1. For Provide Basic Information: Enter a name for the discovery job, select a compartment to store the discovery job, and then click Next.
   2. For Select Schemas: Select the schemas that you want the incremental discovery to search, and then click Next.
      • To select all schemas, select All schemas or select the check box to the left of the Schema Name column title.
      • To search for a schema, enter part or all of your schema's name in the search box in the upper-right corner, and then click Search. The name is case-sensitive.
      • To navigate the pages, click the left and right arrow buttons at the bottom of the page.
   3. For Select Sensitive Types: Select categories of sensitive types and/or individual sensitive types, and then click Next.
      • To view all categories and sensitive types, click Expand All so that the slider is on the right.
      • To view sensitive types within a sensitive category, expand the check boxes in the Sensitive Type Name column by clicking >. The Selected Sensitive Types Count column shows how many sensitive types out of all the sensitive types within the sensitive category are selected.
      • To search for a sensitive type, enter part or all of the sensitive type's name in the search box in the upper-right corner, and then click Search. The name is case-sensitive.
   4. For Select Discovery Options: Optionally select the following options:
      • Collect, display, and store sample data
      • Discover application-level (non-dictionary) referential relationships
   5. Click Run Discovery Now.
      Be aware before proceeding that the results from the previous incremental discovery are not shown after you start this operation.
   The incremental discovery job is started and the status of the job is set to CREATING.
8. (Optional) To view the work request details, click the View Details link.
   The Work Request page shows you the progress of the incremental discovery job. You can suspend or abort the job at this time.
9. After the discovery job is successfully completed, review the information in the Incremental Discovery section to learn about the changes on your target database:
   • Status of the discovery job
   • Last incremental discovery date
   • Selected schemas for incremental discovery
   • Selected sensitive types for incremental discovery
   • Total number of new columns
   • Total number of deleted columns
   • Total number of modified columns
   • Details about each discovered column, including schema, table, column, column status in target database (for example, NEW or DELETED), sensitive type, parent column, data type, planned action, sample data, and estimated row count
10. For each column listed in the incremental discovery table, select its check box and click Approve or Reject.
    • If you click Approve, the Approve Discovery Results dialog box is displayed asking if you want to approve the selected column. Click Approve if you are sure; otherwise, click Cancel. Approving the selected columns marks the discovery results to add new columns, remove deleted columns, or update modified columns. This action does not update the sensitive data model automatically. The Planned Action column shows Approved after you click Approve. You can always change to Reject, if needed.
    • If you click Reject, the Reject Discovery Results dialog box is displayed asking if you are sure you want to reject the selected discovery results. Click Reject if you are sure; otherwise, click Cancel.
11. After you have approved and/or rejected each discovered incremental changes, click Apply to SDM.
    The Apply To Sensitive Data Model dialog box is displayed asking if you want to apply the results to the sensitive data model.
12. Click Submit.
    This operation updates the sensitive data model with all the sensitive columns you approved. A message states Sensitive Data Model Updated Successfully. If you run another incremental discovery job, your results will be overwritten.

View the History of Incremental Discovery

Data Discovery maintains a history of each incremental discovery job on a sensitive data model (SDM). For each job, you can view when the incremental discovery was performed, the selected schemas for the incremental discovery, the selected sensitive types, what column changes were approved or rejected, and whether the changes were applied to the SDM.

1. Under Security Center, click Data Discovery.
2. Under Related Resources, click Sensitive Data Models.
   A list of sensitive data models to which you have access is displayed.
3. Click the name of the sensitive data model for which you want to view the history of incremental discovery.
4. Under Resources, click History of Incremental Discoveries.
   Sensitive data model details are displayed and past incremental discovery jobs are listed.
5. Select the incremental discovery job that you want to view.
   The Discovery Job Results page shows you the details for the incremental discovery in a read-only table. You can view information about each discovered column, including schema, table, column, column status in target database (for example, NEW or DELETED), sensitive type, parent column, data type, estimated row count, planned action, and whether the change was applied to the SDM.
6. To return to the history of incremental discoveries, click Close.

Add New Sensitive Columns to a Sensitive Data Model

You can add new sensitive columns to an existing sensitive data model on the sensitive data model's page.

1. Under Security Center, click Data Discovery.
2. Under Related Resources, click Sensitive Data Models.
   A list of sensitive data models to which you have access is displayed.
3. Click the name of the sensitive data model to which you want to add sensitive columns.
4. Scroll down to the Sensitive Columns list and click Add Columns.
   The Add Columns window is displayed.
5. (Optional) If the schemas on the target database have been updated since the stated time and date, click Refresh Database Schemas.
6. Select the sensitive type that best describes the sensitive columns that you want to add to your sensitive data model.
7. Find sensitive columns by entering or selecting one or more of the following items, and then click Search:
   • Schema name
   • Table name
   • Column name

   A list of sensitive columns that match your selection criteria are displayed.

8. Optional: Change the sensitive type of a column by selecting a new sensitive type from the Sensitive Type column.
9. Select the columns that you want to add to your sensitive data model, and then click Add Columns.
   To select all the columns, select the check box next to the Schema column heading. The columns are added to the sensitive data model and the sensitive data model is automatically saved.

Add Previously Removed Columns to a Sensitive Data Model

You can view the list of previously removed columns from a sensitive data model (SDM) and add those columns back to the SDM as needed.

1. Under Security Center, click Data Discovery.
2. Under Related Resources, click Sensitive Data Models.
   A list of sensitive data models to which you have access is displayed.
3. Click the name of the sensitive data model to which you want to add columns.
4. Scroll down to the Sensitive Columns list and click View/Add Previously Removed Columns.
   The Add Previously Removed Columns window is displayed. It shows a list of the schema, table, column, and data type for each previously removed column.
5. If you wish to add one or more columns back to the sensitive data model, select either
   • Select specific columns or
   • All columns
6. If you selected Select Specific Columns then choose the columns to add back from the list.
7. Click Add Columns to Sensitive Data Model.

Remove Sensitive Columns from a Sensitive Data Model

Sometimes Data Discovery returns columns that you do not want to include in your sensitive data model. You can remove them from the sensitive data model on the sensitive data model's page.

1. Under Security Center, click Data Discovery.
2. Under Related Resources, click Sensitive Data Models.
   A list of sensitive data models to which you have access is displayed.
3. Click the name of the sensitive data model from which you want to remove sensitive columns.
4. To remove a singular column, click the ⋮ symbol to the right of Sensitive Column to be removed in the Sensitive Columns list.
   1. Click the Remove option.
   2. Click Remove Column in the dialog box to confirm the removal of the column.
5. To remove multiple columns, click Remove Columns above the Sensitive Columns list. The Remove Columns window is displayed.
   1. (Optional) Select a sensitive type that best describes the sensitive columns that you want to remove.
   2. Enter or select one or more of the following items, and then click Search:
      • Schema name
      • Table name
      • Column name

      A list of sensitive columns that match your selection criteria are displayed.

   3. Select the columns that you want to remove from your sensitive data model, and then click Remove Columns.
      To select all the columns, select the check box next to the Schema column heading. The columns are removed from the sensitive data model and the sensitive data model is automatically saved.

Update Sensitive Type for a Sensitive Column

Learn how to change the sensitive type of a sensitive column directly from the sensitive data model.

1. Under Security Center, click Data Discovery.
2. Under Related Resources, click Sensitive Data Models.
   A list of sensitive data models to which you have access is displayed.
3. Click the name of the sensitive data model from which you want to remove sensitive columns.
4. To update the sensitive type of a sensitive column, click the ⋮ symbol to the right of Sensitive Column to be removed in the Sensitive Columns list.
5. Click the Change Sensitive Type option.
   The Change Sensitive Type dialog will appear.
6. Select the new Sensitive Type from the list.
   1. (Optional) Change the compartment by clicking Change Compartment and selecting the appropriate compartment. This will allow you to view custom sensitive types from that compartment.
7. Click Change Sensitive Type button at the bottom of the dialog to finish changing the sensitive type of a sensitive column in a sensitive data model.

Add or Remove a Referential Relationship from a Sensitive Data Model

You can add or remove a referential relationship between two database columns in your sensitive data model.

Referential relationships are leveraged in operations such as masking. During masking, the relationship helps ensure the integrity and consistency of the masking format applied. Relationships can also potentially be leveraged during incremental discovery using the sensitive data model (or manual column addition to the sensitive data model) to pull in other related columns.

1. Under Security Center, click Data Discovery.
2. Under Related Resources, click Sensitive Data Models.
   A list of sensitive data models to which you have access is displayed.
3. Click the name of the sensitive data model for which you want to manage referential relationships.
4. Scroll down to the Sensitive Columns list and click Manage Referential Relationship.
   The Manage Referential Relationship window is displayed.
5. In the Choose parent column in sensitive data model section, select the schema name, table name, and column name of the parent column in the relationship.
6. In the Choose child column in sensitive data model section, select the schema name, table name, and column name of the child column in the relationship.
7. To create a referential relationship in the sensitive data model, click Add Relationship.
8. To remove a referential relationship in the sensitive data model, click Remove Relationship.