1. Command Line Interface
  2. Verb Reference
  3. EM CLI Verbs
  4. submit_masking_job

submit_masking_job

Submits a masking job and returns the display job ID and execution ID.

Format

emcli submit_masking_job
    -definition_name=<masking_defn_name>
    -target_name=<database_target_name>
    -target_type=<database_target_type>
    -parameters=name1:value1;name2:value2;...
    [-host_pref_creds_name=<preferred_host_credentials_name> 
      OR -host_cred_name=<host_credential_name>]
    [-db_pref_creds_name=<preferred_db_credentials_name> 
      OR -db_cred_name=<db_credential_name>]
    [-encryption_key=<encryption_key_string]
    [-script_file_location=<script_file_location>]
    [-script_file_name=<script_file_name>]
    [-input_file=PWD_FILE_TAG:<credentials_file_name>]
    [-script | -format=[name:<pretty|script|csv>];
         [column_separator:"column_sep_string"];
         [row_separator:"row_sep_string"];
    ]

[ ]  indicates that the parameter is optional

Note:

Unless values for the Host and DB credentials are specified in the -parameters parameter, either the host_pref_creds_name or host_cred_name parameter should be specified. Similarly, either the db_pref_creds_name or the db_cred_name parameter should be specified.

Options

  • definition_name

    Masking definition name.

  • target_name

    Database target name to mask.

  • target_type

    Database target type to mask.

  • parameters

    List of name-value pairs that represent the credentials required to connect to the database instance. The supported parameters are 'db_username', 'db_password', 'db_role', 'db_cred_name', 'host_username', 'host_password', and 'host_cred_name'. If PDP needs to be used, additional parameters to be specified are 'PDP','RUNAS', and 'PROFILE'. The 'PROFILE' option is only applicable for Powerbroker.

  • host_pref_creds_name

    Type of preferred credentials to use to connect to the database host, which can either be HostCredsNormal or HostCredsPriv.

  • host_cred_name

    Credential name to use to connect to the database host.

  • db_pref_creds_name

    Type of preferred credentials to use to connect to the database instance, which can either be DBCredsNormal or DBCredsSYSDBA.

  • db_cred_name

    Credential name to use to connect to the database instance.

  • encryption_key

    Specify an encryption key if the masking definition involves usage of a substitute format.

  • script_file_location

    Location where the SQL script is to be copied and executed. Default values of $ORACLE_HOME/dbs are used if a value is not specified.

  • script_file_name

    Name of the script file to store the masking SQL script. If you do not specify a name, a system-generated file name is used.

  • input_file

    Used in conjunction with the 'parameters' option, this option enables you to store parameter values, such as user name and password, in a separate file. The 'input_file' option specifies a mapping between a tag and a local file path. The tag is specified in lieu of specific parameter values of the 'parameters' option. You can specify multiple -input_file parameters. The result would be a combination of all of the files.

    For more information about the input_file parameter, see -input_file Syntax Guidelines.

  • script

    This option is equivalent to -format="name:script" .

  • format

    Format specification (default is -format="name:pretty").

    • format="name:pretty" prints the output table in a readable format not intended to be parsed by scripts.

    • format="name:script" sets the default column separator to a tab and the default row separator to a newline. The column and row separator strings can be specified to change these defaults.

    • format="name:csv" sets the column separator to a comma and the row separator to a newline.

    • format=column_separator:"column_sep_string" column-separates the verb output by <column_sep_string>. Rows are separated by the newline character.

    • row_separator:"row_sep_string" row-separates the verb output by <row_sep_string>. Rows are separated by the tab character.

Examples

Example 1

This example submits a masking job for the definition name MASKING_DEF and returns the job ID and execution ID.

emcli submit_masking_job -definition_name=MASKING_DEF -target_name=testdb -target_type=oracle_database -parameters="db_username:sys;db_password:password;db_role:SYSDBA;db_cred_name:DBCREDS;host_username:test;host_password:password;host_cred_name:HOSTCREDS"

Example 2

This example takes the credentials from the provided input files host_creds.txt and db_creds.txt.

emcli submit_masking_job -definition_name=MASKING_DEF -target_name=testdb -target_type=oracle_database  -parameters="HOST_CREDS;DB_CREDS" -input_file=HOST_CREDS:host_creds.txt -input_file=DB_CREDS:db_creds.txt

It is also possible to specify both of the credentials in one file and use only one -input_file tag. If PDP must be used, you must provide values in the parameters/input_file as follows:

  • SUDO:

    db_username:sys;db_password:password;db_role:SYSDBA;host_username:user2;host_password:password;PDP:SUDO;RUNAS:user1

  • POWERBROKER:

    db_username:sys;db_password:password;db_role:SYSDBA;host_username:user2;host_password:password;PDP:POWERBROKER;RUNAS:user1;PROFILE:profile