Adaptive Classification and Redaction (ACR) on Oracle Database Appliance

FAQs on ACR on Oracle Database Appliance.

What type of files does ACR handle?

ACR handles various files in a TFA collection such as trace files, alert logs, AWR, ASH, and ADDM reports, and ExaChk and ORAChk reports and other system generated logs. Also, ACR handles different compressed files such as zip, gzip, tar, tar.gz, bzip2, and tar.xz.

What are the files not redacted by ACR?

ACR skips binaries, shared libraries, compiled files, core dumps, jar files even if they are part of a TFA collection. This ensures that the diagnosability of the issue is not affected.

Does ACR redact literal values in the SQL statements?

Yes, ACR redacts SQL literals in the SQL statements present in AWR, ASH, and ADDM reports.

Are there any additional space requirements to run ACR?

ACR runs in 2 modes: In-place and Out-of-place. For out-of-place redaction, extra space equal to the size of the input files is required because redacted files are created in a different directory. For in-place redaction, extra space equal to the size of biggest file in the collection is required. In this case, each input file is replaced by the redacted file. For multiple ACR processes that are spawned, additional space requirement is the sum of the sizes of N largest files among the input files, where N is the number of parallel ACR processes.

Does ACR redact TFA collections generated on both nodes in a high availability environment?

In a high availability environment, TFA creates separate collections on both the nodes. ACR runs separately on each node on these collections to create two redacted collections. After redaction, redacted collection from the remote node is copied to the local node, that is, the node which initiated the TFA command.

Does ACR generate any trace files?

Yes, ACR generates trace files and logs in the oracle.ahf/ directory present at the location /opt/oracle/dcs/oracle.ahf/. The trace files are as follows:
  • acrctl_*.trc files generated in oracle.ahf/data/HOSTNAME/diag/acr/HOSTNAME/acrctl/trace/ directory These traces files are generated during an ACR run capturing various steps during redaction.
  • acr_info.json file generated in oracle.ahf/common/acr/acr_repo/ directory. This file contains the list of sanitized version of all entity instances identified during an ACR run.
  • acr_stats_*.txt files generated in oracle.ahf/common/acr/acr_repo/ directory. These files capture various statistics during an ACR run such as size of collection being redacted, number of parallel ACR processes, redaction time, and largest file size in collection.
  • acrmap file generated in oracle.ahf/common/acr/acr_repo/ directory. This file contains the mapping from the redacted entity instance to the original instance. It is used to return the original entity instances while running rmap command.

I have specified 'mask' as the redaction mode, but I still see files and directory names getting sanitized. Is this expected?

Yes, this is correct ACR behaviour. Irrespective of redaction mode, ACR sanitizes sensitive entity instances appearing as part of files and directory names. This is done because changing files and directory names to '***' will make the collection unsuitable for navigation.

I have specified 'sanitize' as the redaction mode, but I still see some parts of trace files getting converted to '***'. Is this expected?

Yes, this is expected. Irrespective of the redaction mode, ACR converts sensitive data in trace files as part of block and redo log dumps to '***'.

Does ACR preserve features of entity instances during redaction?

Yes, ACR preserves features of entity instances in following ways:
  • ACR preserves entity word’s shape, that is, capitalisation of letters are preserved, and any trailing numerical characters are preserved.
    HRDB1 => ONVL1 
    hrdb1 => onvl1 
    Hrdb1 => Onvl1 
    HRDB1_host2_svc3 => ONVL1_ygmi2_wrj3 
    myhost007 => ppspao007 
    myhost008 => ppspao008
  • IPv4: Restricts numbers for each octet to less than 255. Does not redact special octets such as 255, 127, and 0.
  • MAC address and IPv6: Restricts numbers to follow hexadecimal number pattern.

Can I redact an existing unredacted TFA collection or any other files not part of a TFA collection?

Create a zip file containing all unredacted files, for example, and run the following command:
odacli redact-acr -i -m sanitize

The command redacts the files. The redacted file is present at ACR_REPO/acr_runs/TIMESTAMP/outdir/

How do I verify whether a TFA collection is redacted?

Any redacted TFA collection has an empty file file TFA.txt. Run the following command on a zipped TFA collection:
zipinfo TFA_COLLECTION | grep "ACR.txt" 

If the above command returns an entry, then the collection is redacted.

When redaction is performed, multiple ACR processes are spawned on my system. Is that expected?

Yes, ACR takes advantage of multiple free cores available on the machine to spawn multiple processes to reduce the overall redaction time.

If there are 10 cores on my system, will ACR use all 10 cores?

Number of parallel processes spawned by ACR never crosses 20% of the total number of cores. So, there will only be 2 parallel ACR processes created in this case.

CPU usage of each ACR process is close to 100%, is that an issue?

No, it is not an issue. Thus is expected behavior because ACR is a CPU intensive task. Whenever an ACR process is scheduled on a CPU, it utilises the CPU fully. But, since ACR does not run at an elevated priority, it does not starve other processes on the system.

How are odaadmcli commands different from odacli ACR commands?

The odaadmcli manage diagcollect command provides functionality to collect diagnostics data as TFA collection. It can be redacted using the following option:
odaadmcli manage diagcollect [–dataMask|–dataSanitize]            
If auto redaction is enabled as follows, the odaadmcli command will always mask or sanitize even if the option is not explicitly specified.
tfactl set redact=[sanitize | mask]
The above command is specific to each node. The command cannot be run on the BUI.
odacli enable-acr
odacli disable-acr 

These commands enable or disable ACR on both nodes in a high-availability environment and can be invoked from the BUI. The odaadmcli manage diagcollect and odacli commands use tfactl command internally to create and redact the collection.

How do I redact bind variables appearing in audit trails?

Bind variables appearing in audit trails can be redacted to '*' by enabling Transparent Sensitive Data Protection (TSDP). To achieve this, sensitive column protection has to be enabled on the column of the table which one considers as sensitive. For more ifnormation, refer to the Oracle Database Security Guide.

How do I set up the staging server for ACR outside of the production environment?

See My Oracle Support Note 2882798.1 at