submit_masking_job
Submits a masking job and returns the display job ID and execution ID.
Format
emcli submit_masking_job -definition_name=<masking_defn_name> -target_name=<database_target_name> -target_type=<database_target_type> -parameters=name1:value1;name2:value2;... [-host_pref_creds_name=<preferred_host_credentials_name> OR -host_cred_name=<host_credential_name>] [-db_pref_creds_name=<preferred_db_credentials_name> OR -db_cred_name=<db_credential_name>] [-encryption_key=<encryption_key_string] [-script_file_location=<script_file_location>] [-script_file_name=<script_file_name>] [-input_file=PWD_FILE_TAG:<credentials_file_name>] [-script | -format=[name:<pretty|script|csv>]; [column_separator:"column_sep_string"]; [row_separator:"row_sep_string"]; ] [ ] indicates that the parameter is optional
Note:
Unless values for the Host and DB credentials are specified in the -parameters parameter, either the host_pref_creds_name or host_cred_name parameter should be specified. Similarly, either the db_pref_creds_name or the db_cred_name parameter should be specified.
Options
-
definition_name
Masking definition name.
-
target_name
Database target name to mask.
-
target_type
Database target type to mask.
-
parameters
List of name-value pairs that represent the credentials required to connect to the database instance. The supported parameters are 'db_username', 'db_password', 'db_role', 'db_cred_name', 'host_username', 'host_password', and 'host_cred_name'. If PDP needs to be used, additional parameters to be specified are 'PDP','RUNAS', and 'PROFILE'. The 'PROFILE' option is only applicable for Powerbroker.
-
host_pref_creds_name
Type of preferred credentials to use to connect to the database host, which can either be HostCredsNormal or HostCredsPriv.
-
host_cred_name
Credential name to use to connect to the database host.
-
db_pref_creds_name
Type of preferred credentials to use to connect to the database instance, which can either be DBCredsNormal or DBCredsSYSDBA.
-
db_cred_name
Credential name to use to connect to the database instance.
-
encryption_key
Specify an encryption key if the masking definition involves usage of a substitute format.
-
script_file_location
Location where the SQL script is to be copied and executed. Default values of $ORACLE_HOME/dbs are used if a value is not specified.
-
script_file_name
Name of the script file to store the masking SQL script. If you do not specify a name, a system-generated file name is used.
-
input_file
Used in conjunction with the 'parameters' option, this option enables you to store parameter values, such as user name and password, in a separate file. The 'input_file' option specifies a mapping between a tag and a local file path. The tag is specified in lieu of specific parameter values of the 'parameters' option. You can specify multiple -input_file parameters. The result would be a combination of all of the files.
For more information about the input_file parameter, see -input_file Syntax Guidelines.
-
script
This option is equivalent to -format="name:script" .
-
format
Format specification (default is
-format="name:pretty"
).-
format="name:pretty"
prints the output table in a readable format not intended to be parsed by scripts. -
format="name:script"
sets the default column separator to a tab and the default row separator to a newline. The column and row separator strings can be specified to change these defaults. -
format="name:csv"
sets the column separator to a comma and the row separator to a newline. -
format=
column_separator:"column_sep_string" column-separates the verb output by <column_sep_string>. Rows are separated by the newline character. -
row_separator:"row_sep_string" row-separates the verb output by <row_sep_string>. Rows are separated by the tab character.
-
Examples
Example 1
This example submits a masking job for the definition name MASKING_DEF and returns the job ID and execution ID.
emcli submit_masking_job -definition_name=MASKING_DEF -target_name=testdb -target_type=oracle_database -parameters="db_username:sys;db_password:password;db_role:SYSDBA;db_cred_name:DBCREDS;host_username:test;host_password:password;host_cred_name:HOSTCREDS"
Example 2
This example takes the credentials from the provided input files host_creds.txt and db_creds.txt.
emcli submit_masking_job -definition_name=MASKING_DEF -target_name=testdb -target_type=oracle_database -parameters="HOST_CREDS;DB_CREDS" -input_file=HOST_CREDS:host_creds.txt -input_file=DB_CREDS:db_creds.txt
It is also possible to specify both of the credentials in one file and use only one -input_file tag. If PDP must be used, you must provide values in the parameters/input_file as follows:
-
SUDO:
db_username:sys;db_password:password;db_role:SYSDBA;host_username:user2;host_password:password;PDP:SUDO;RUNAS:user1
-
POWERBROKER:
db_username:sys;db_password:password;db_role:SYSDBA;host_username:user2;host_password:password;PDP:POWERBROKER;RUNAS:user1;PROFILE:profile