add

Description

Usage

oci data-safe masking-policy add [OPTIONS]

Required Parameters

The OCID of the masking policy.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy add --masking-policy-id $masking_policy_id

change-compartment

Description

Usage

oci data-safe masking-policy change-compartment [OPTIONS]

Required Parameters

The OCID of the compartment where the masking policy should be moved.

The OCID of the masking policy.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy change-compartment --compartment-id $compartment_id --masking-policy-id $masking_policy_id

create

Description

To use a sensitive data model as the source of masking columns, set the columnSource attribute to SENSITIVE_DATA_MODEL and provide the sensitiveDataModelId attribute. After creating a masking policy, you can use the AddMaskingColumnsFromSdm operation to automatically add all the columns from the associated sensitive data model. In this case, the target database associated with the sensitive data model is used for column and masking format validations.

You can also create a masking policy without using a sensitive data model. In this case, you need to associate your masking policy with a target database by setting the columnSource attribute to TARGET and providing the targetId attribute. The specified target database is used for column and masking format validations.

After creating a masking policy, you can use the CreateMaskingColumn or PatchMaskingColumns operation to manually add columns to the policy. You need to add the parent columns only, and it automatically adds the child columns (in referential relationship with the parent columns) from the associated sensitive data model or target database.

Usage

oci data-safe masking-policy create [OPTIONS]

Required Parameters

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The OCID of the compartment where the masking policy should be created.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Operations": {"CostCenter": "42"}}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description of the masking policy.

The display name of the masking policy. The name does not have to be unique, and it’s changeable.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Department": "Finance"}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Indicates if the temporary tables created during a masking operation should be dropped after masking. It’s enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.

Indicates if redo logging is enabled during a masking operation. It’s disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.

Indicates if statistics gathering is enabled. It’s enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

Specifies options to enable parallel execution when running data masking. Allowed values are ‘NONE’ (no parallelism), ‘DEFAULT’ (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUsi and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.

A post-masking script, which can contain SQL and PL/SQL statements. It’s executed after the core masking script generated using the masking policy. It’s usually used to perform additional transformation or cleanup work after masking.

A pre-masking script, which can contain SQL and PL/SQL statements. It’s executed before the core masking script generated using the masking policy. It’s usually used to perform any preparation or prerequisite work before masking data.

Specifies how to recompile invalid objects post data masking. Allowed values are ‘SERIAL’ (recompile in serial), ‘PARALLEL’ (recompile in parallel), ‘NONE’ (do not recompile). If it’s set to PARALLEL, the value of parallelDegree attribute is used.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id

create-masking-policy-create-column-source-from-sdm-details

Description

To use a sensitive data model as the source of masking columns, set the columnSource attribute to SENSITIVE_DATA_MODEL and provide the sensitiveDataModelId attribute. After creating a masking policy, you can use the AddMaskingColumnsFromSdm operation to automatically add all the columns from the associated sensitive data model. In this case, the target database associated with the sensitive data model is used for column and masking format validations.

You can also create a masking policy without using a sensitive data model. In this case, you need to associate your masking policy with a target database by setting the columnSource attribute to TARGET and providing the targetId attribute. The specified target database is used for column and masking format validations.

After creating a masking policy, you can use the CreateMaskingColumn or PatchMaskingColumns operation to manually add columns to the policy. You need to add the parent columns only, and it automatically adds the child columns (in referential relationship with the parent columns) from the associated sensitive data model or target database.

Usage

oci data-safe masking-policy create-masking-policy-create-column-source-from-sdm-details [OPTIONS]

Required Parameters

The OCID of the sensitive data model to be associated as the column source with the masking policy.

The OCID of the compartment where the masking policy should be created.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Operations": {"CostCenter": "42"}}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description of the masking policy.

The display name of the masking policy. The name does not have to be unique, and it’s changeable.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Department": "Finance"}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Indicates if the temporary tables created during a masking operation should be dropped after masking. It’s enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.

Indicates if redo logging is enabled during a masking operation. It’s disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.

Indicates if statistics gathering is enabled. It’s enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

Specifies options to enable parallel execution when running data masking. Allowed values are ‘NONE’ (no parallelism), ‘DEFAULT’ (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUsi and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.

A post-masking script, which can contain SQL and PL/SQL statements. It’s executed after the core masking script generated using the masking policy. It’s usually used to perform additional transformation or cleanup work after masking.

A pre-masking script, which can contain SQL and PL/SQL statements. It’s executed before the core masking script generated using the masking policy. It’s usually used to perform any preparation or prerequisite work before masking data.

Specifies how to recompile invalid objects post data masking. Allowed values are ‘SERIAL’ (recompile in serial), ‘PARALLEL’ (recompile in parallel), ‘NONE’ (do not recompile). If it’s set to PARALLEL, the value of parallelDegree attribute is used.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export column_source_sensitive_data_model_id=<substitute-value-of-column_source_sensitive_data_model_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create-masking-policy-create-column-source-from-sdm-details.html#cmdoption-column-source-sensitive-data-model-id
    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create-masking-policy-create-column-source-from-sdm-details.html#cmdoption-compartment-id
    oci data-safe masking-policy create-masking-policy-create-column-source-from-sdm-details --column-source-sensitive-data-model-id $column_source_sensitive_data_model_id --compartment-id $compartment_id

create-masking-policy-create-column-source-from-target-details

Description

To use a sensitive data model as the source of masking columns, set the columnSource attribute to SENSITIVE_DATA_MODEL and provide the sensitiveDataModelId attribute. After creating a masking policy, you can use the AddMaskingColumnsFromSdm operation to automatically add all the columns from the associated sensitive data model. In this case, the target database associated with the sensitive data model is used for column and masking format validations.

You can also create a masking policy without using a sensitive data model. In this case, you need to associate your masking policy with a target database by setting the columnSource attribute to TARGET and providing the targetId attribute. The specified target database is used for column and masking format validations.

After creating a masking policy, you can use the CreateMaskingColumn or PatchMaskingColumns operation to manually add columns to the policy. You need to add the parent columns only, and it automatically adds the child columns (in referential relationship with the parent columns) from the associated sensitive data model or target database.

Usage

oci data-safe masking-policy create-masking-policy-create-column-source-from-target-details [OPTIONS]

Required Parameters

The OCID of the target database to be associated as the column source with the masking policy.

The OCID of the compartment where the masking policy should be created.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Operations": {"CostCenter": "42"}}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description of the masking policy.

The display name of the masking policy. The name does not have to be unique, and it’s changeable.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Department": "Finance"}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Indicates if the temporary tables created during a masking operation should be dropped after masking. It’s enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.

Indicates if redo logging is enabled during a masking operation. It’s disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.

Indicates if statistics gathering is enabled. It’s enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

Specifies options to enable parallel execution when running data masking. Allowed values are ‘NONE’ (no parallelism), ‘DEFAULT’ (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUsi and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.

A post-masking script, which can contain SQL and PL/SQL statements. It’s executed after the core masking script generated using the masking policy. It’s usually used to perform additional transformation or cleanup work after masking.

A pre-masking script, which can contain SQL and PL/SQL statements. It’s executed before the core masking script generated using the masking policy. It’s usually used to perform any preparation or prerequisite work before masking data.

Specifies how to recompile invalid objects post data masking. Allowed values are ‘SERIAL’ (recompile in serial), ‘PARALLEL’ (recompile in parallel), ‘NONE’ (do not recompile). If it’s set to PARALLEL, the value of parallelDegree attribute is used.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export column_source_target_id=<substitute-value-of-column_source_target_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create-masking-policy-create-column-source-from-target-details.html#cmdoption-column-source-target-id
    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create-masking-policy-create-column-source-from-target-details.html#cmdoption-compartment-id
    oci data-safe masking-policy create-masking-policy-create-column-source-from-target-details --column-source-target-id $column_source_target_id --compartment-id $compartment_id

delete

Description

Usage

oci data-safe masking-policy delete [OPTIONS]

Required Parameters

The OCID of the masking policy.

Optional Parameters

Perform deletion without prompting for confirmation.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy delete --masking-policy-id $masking_policy_id

download

Description

Usage

oci data-safe masking-policy download [OPTIONS]

Required Parameters

The name of the file that will receive the response data, or ‘-‘ to write to STDOUT.

The OCID of the masking policy.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The format of the masking policy file.

Accepted values are:

XML

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy download --file $file --masking-policy-id $masking_policy_id

download-masking-log

Description

Usage

oci data-safe masking-policy download-masking-log [OPTIONS]

Required Parameters

The name of the file that will receive the response data, or ‘-‘ to write to STDOUT.

The OCID of the masking policy.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The OCID of the target database for which the masking log is to be downloaded.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy download-masking-log --file $file --masking-policy-id $masking_policy_id

download-masking-report

Description

Usage

oci data-safe masking-policy download-masking-report [OPTIONS]

Required Parameters

The name of the file that will receive the response data, or ‘-‘ to write to STDOUT.

The OCID of the masking policy.

Format of the report.

Accepted values are:

PDF, XLS

The OCID of the masking report to be downloaded.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    export report_format=<substitute-value-of-report_format> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/download-masking-report.html#cmdoption-report-format
    export report_id=<substitute-value-of-report_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/download-masking-report.html#cmdoption-report-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy download-masking-report --file $file --masking-policy-id $masking_policy_id --report-format $report_format --report-id $report_id

generate-masking-policy-for-download

Description

Usage

oci data-safe masking-policy generate-masking-policy-for-download [OPTIONS]

Required Parameters

The OCID of the masking policy.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

The format of the masking policy file.

Accepted values are:

XML

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy generate-masking-policy-for-download --masking-policy-id $masking_policy_id

generate-masking-report-for-download

Description

Usage

oci data-safe masking-policy generate-masking-report-for-download [OPTIONS]

Required Parameters

The OCID of the masking policy.

Format of the report.

Accepted values are:

PDF, XLS

The OCID of the masking report for which a downloadable file is to be generated.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    export report_format=<substitute-value-of-report_format> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/generate-masking-report-for-download.html#cmdoption-report-format
    export report_id=<substitute-value-of-report_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/generate-masking-report-for-download.html#cmdoption-report-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy generate-masking-report-for-download --masking-policy-id $masking_policy_id --report-format $report_format --report-id $report_id

get

Description

Usage

oci data-safe masking-policy get [OPTIONS]

Required Parameters

The OCID of the masking policy.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy get --masking-policy-id $masking_policy_id

list

Description

Usage

oci data-safe masking-policy list [OPTIONS]

Required Parameters

A filter to return only resources that match the specified compartment OCID.

Optional Parameters

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

Accepted values are:

ACCESSIBLE, RESTRICTED

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the ‘accessLevel’ setting.

A filter to return only resources that match the specified display name.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

A filter to return only the resources that match the specified lifecycle states.

Accepted values are:

ACTIVE, CREATING, DELETED, DELETING, FAILED, NEEDS_ATTENTION, UPDATING

For list pagination. The maximum number of items to return per page in a paginated “List” call. For details about how pagination works, see List Pagination <https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/usingapi.htm#nine>.

A filter to return only the resources that match the specified masking policy OCID.

For list pagination. The page token representing the page at which to start retrieving results. It is usually retrieved from a previous “List” call. For details about how pagination works, see List Pagination <https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/usingapi.htm#nine>.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

A filter to return only the resources that match the specified sensitive data model OCID.

The field to sort by. You can specify only one sort order (sortOrder). The default order for timeCreated is descending. The default order for displayName is ascending. The displayName sort order is case sensitive.

Accepted values are:

displayName, timeCreated

The sort order to use, either ascending (ASC) or descending (DESC).

Accepted values are:

ASC, DESC

A filter to return only items related to a specific target OCID.

A filter to return only the resources that were created after the specified date and time, as defined by RFC3339 <https://tools.ietf.org/html/rfc3339>. Using TimeCreatedGreaterThanOrEqualToQueryParam parameter retrieves all resources created after that date.

Example: 2016-12-19T16:39:57.600Z

UTC with microseconds

Format: YYYY-MM-DDTHH:mm:ss.ssssssTZD
Example: 2017-09-15T20:30:00.123456Z
UTC with milliseconds
***********************
.. code::
    Format: YYYY-MM-DDTHH:mm:ss.sssTZD
    Example: 2017-09-15T20:30:00.123Z
UTC without milliseconds
**************************
.. code::
    Format: YYYY-MM-DDTHH:mm:ssTZD
    Example: 2017-09-15T20:30:00Z
UTC with minute precision
**************************
.. code::
    Format: YYYY-MM-DDTHH:mmTZD
    Example: 2017-09-15T20:30Z

Timezone with microseconds

Format: YYYY-MM-DDTHH:mm:ssTZD
Example: 2017-09-15T12:30:00.456789-08:00, 2017-09-15T12:30:00.456789-0800
Timezone with milliseconds
***************************
.. code::
    Format: YYYY-MM-DDTHH:mm:ssTZD
    Example: 2017-09-15T12:30:00.456-08:00, 2017-09-15T12:30:00.456-0800
Timezone without milliseconds
*******************************
.. code::
    Format: YYYY-MM-DDTHH:mm:ssTZD
    Example: 2017-09-15T12:30:00-08:00, 2017-09-15T12:30:00-0800
Timezone with minute precision
*******************************
.. code::
    Format: YYYY-MM-DDTHH:mmTZD
    Example: 2017-09-15T12:30-08:00, 2017-09-15T12:30-0800
Short date and time
********************
The timezone for this date and time will be taken as UTC (Needs to be surrounded by single or double quotes)
.. code::
    Format: 'YYYY-MM-DD HH:mm' or "YYYY-MM-DD HH:mm"
    Example: '2017-09-15 17:25'
Date Only
**********
This date will be taken as midnight UTC of that day
.. code::
    Format: YYYY-MM-DD
    Example: 2017-09-15
Epoch seconds
**************
.. code::
    Example: 1412195400

Search for resources that were created before a specific date. Specifying this parameter corresponding timeCreatedLessThan parameter will retrieve all resources created before the specified created date, in “YYYY-MM-ddThh:mmZ” format with a Z offset, as defined by RFC 3339.

Example: 2016-12-19T16:39:57.600Z

UTC with microseconds

Format: YYYY-MM-DDTHH:mm:ss.ssssssTZD
Example: 2017-09-15T20:30:00.123456Z
UTC with milliseconds
***********************
.. code::
    Format: YYYY-MM-DDTHH:mm:ss.sssTZD
    Example: 2017-09-15T20:30:00.123Z
UTC without milliseconds
**************************
.. code::
    Format: YYYY-MM-DDTHH:mm:ssTZD
    Example: 2017-09-15T20:30:00Z
UTC with minute precision
**************************
.. code::
    Format: YYYY-MM-DDTHH:mmTZD
    Example: 2017-09-15T20:30Z

Timezone with microseconds

Format: YYYY-MM-DDTHH:mm:ssTZD
Example: 2017-09-15T12:30:00.456789-08:00, 2017-09-15T12:30:00.456789-0800
Timezone with milliseconds
***************************
.. code::
    Format: YYYY-MM-DDTHH:mm:ssTZD
    Example: 2017-09-15T12:30:00.456-08:00, 2017-09-15T12:30:00.456-0800
Timezone without milliseconds
*******************************
.. code::
    Format: YYYY-MM-DDTHH:mm:ssTZD
    Example: 2017-09-15T12:30:00-08:00, 2017-09-15T12:30:00-0800
Timezone with minute precision
*******************************
.. code::
    Format: YYYY-MM-DDTHH:mmTZD
    Example: 2017-09-15T12:30-08:00, 2017-09-15T12:30-0800
Short date and time
********************
The timezone for this date and time will be taken as UTC (Needs to be surrounded by single or double quotes)
.. code::
    Format: 'YYYY-MM-DD HH:mm' or "YYYY-MM-DD HH:mm"
    Example: '2017-09-15 17:25'
Date Only
**********
This date will be taken as midnight UTC of that day
.. code::
    Format: YYYY-MM-DD
    Example: 2017-09-15
Epoch seconds
**************
.. code::
    Example: 1412195400

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/list.html#cmdoption-compartment-id
    oci data-safe masking-policy list --compartment-id $compartment_id

list-masking-analytics

Description

Usage

oci data-safe masking-policy list-masking-analytics [OPTIONS]

Required Parameters

A filter to return only resources that match the specified compartment OCID.

Optional Parameters

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the ‘accessLevel’ setting.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Attribute by which the masking analytics data should be grouped.

Accepted values are:

policyId, targetId

For list pagination. The maximum number of items to return per page in a paginated “List” call. For details about how pagination works, see List Pagination <https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/usingapi.htm#nine>.

A filter to return only the resources that match the specified masking policy OCID.

For list pagination. The page token representing the page at which to start retrieving results. It is usually retrieved from a previous “List” call. For details about how pagination works, see List Pagination <https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/usingapi.htm#nine>.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

A filter to return only items related to a specific target OCID.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/list-masking-analytics.html#cmdoption-compartment-id
    oci data-safe masking-policy list-masking-analytics --compartment-id $compartment_id

list-masking-reports

Description

Usage

oci data-safe masking-policy list-masking-reports [OPTIONS]

Required Parameters

A filter to return only resources that match the specified compartment OCID.

Optional Parameters

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

Accepted values are:

ACCESSIBLE, RESTRICTED

Fetches all pages of results. If you provide this option, then you cannot provide the --limit option.

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the ‘accessLevel’ setting.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For list pagination. The maximum number of items to return per page in a paginated “List” call. For details about how pagination works, see List Pagination <https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/usingapi.htm#nine>.

A filter to return only the resources that match the specified masking policy OCID.

For list pagination. The page token representing the page at which to start retrieving results. It is usually retrieved from a previous “List” call. For details about how pagination works, see List Pagination <https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/usingapi.htm#nine>.

When fetching results, the number of results to fetch per call. Only valid when used with --all or --limit, and ignored otherwise.

The field to sort by. You can specify only one sort order (sortOrder). The default order for timeMaskingFinished is descending.

Accepted values are:

timeMaskingFinished

The sort order to use, either ascending (ASC) or descending (DESC).

Accepted values are:

ASC, DESC

A filter to return only items related to a specific target OCID.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/list-masking-reports.html#cmdoption-compartment-id
    oci data-safe masking-policy list-masking-reports --compartment-id $compartment_id

mask-data

Description

Usage

oci data-safe masking-policy mask-data [OPTIONS]

Required Parameters

The OCID of the masking policy.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

Indicates if the masking request is to decrypt the data values previously encrypted using Deterministic Encryption. Note that, to correctly decrypt the encrypted data values, it requires the same seed value that was provided to encrypt those data values.

Indicates if data masking should be performed using a saved masking script. Setting this attribute to true skips masking script generation and executes the masking script stored in the Data Safe repository. It helps save time if there are no changes in the database tables and their dependencies.

Indicates if the masking process should continue on hitting an error. It provides fault tolerance support and is enabled by default. In fault-tolerant mode, the masking process saves the failed step and continues. You can then submit another masking request (with isRerun attribute set to true) to execute only the failed steps.

Indicates if the interim DMASK tables should be moved to the user-specified tablespace. As interim tables can be large in size, set it to false if moving them causes performance overhead during masking.

Indicates if the masking request is to rerun the previously failed masking steps. If a masking request is submitted with the isIgnoreErrorsEnabled attribute set to true, the masking process tracks the failed masking steps. Another masking request can be submitted with the isRun attribute set to true to rerun those failed masking steps. It helps save time by executing only the failed masking steps and not doing the whole masking again.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

The seed value to be used in case of Deterministic Encryption and Deterministic Substitution masking formats.

The tablespace that should be used to create the mapping tables, DMASK objects, and other temporary tables for data masking. If no tablespace is provided, the DEFAULT tablespace is used.

The OCID of the target database to be masked. If it’s not provided, the value of the targetId attribute in the MaskingPolicy resource is used. The OCID of the target database to be masked. If it’s not provided, the value of the targetId attribute in the MaskingPolicy resource is used.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy mask-data --masking-policy-id $masking_policy_id

update

Description

Usage

oci data-safe masking-policy update [OPTIONS]

Required Parameters

The OCID of the masking policy.

Optional Parameters

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Operations": {"CostCenter": "42"}}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description of the masking policy.

The display name of the masking policy. The name does not have to be unique, and it’s changeable.

Perform update without prompting for confirmation.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Department": "Finance"}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Indicates if the temporary tables created during a masking operation should be dropped after masking. It’s enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.

Indicates if redo logging is enabled during a masking operation. It’s disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.

Indicates if statistics gathering is enabled. It’s enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

Specifies options to enable parallel execution when running data masking. Allowed values are ‘NONE’ (no parallelism), ‘DEFAULT’ (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUsi and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.

A post-masking script, which can contain SQL and PL/SQL statements. It’s executed after the core masking script generated using the masking policy. It’s usually used to perform additional transformation or cleanup work after masking.

A pre-masking script, which can contain SQL and PL/SQL statements. It’s executed before the core masking script generated using the masking policy. It’s usually used to perform any preparation or prerequisite work before masking data.

Specifies how to recompile invalid objects post data masking. Allowed values are ‘SERIAL’ (recompile in serial), ‘PARALLEL’ (recompile in parallel), ‘NONE’ (do not recompile). If it’s set to PARALLEL, the value of parallelDegree attribute is used.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy update --masking-policy-id $masking_policy_id

update-masking-policy-update-column-source-sdm-details

Description

Usage

oci data-safe masking-policy update-masking-policy-update-column-source-sdm-details [OPTIONS]

Required Parameters

The OCID of the sensitive data model to be associated as the column source with the masking policy.

The OCID of the masking policy.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Operations": {"CostCenter": "42"}}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description of the masking policy.

The display name of the masking policy. The name does not have to be unique, and it’s changeable.

Perform update without prompting for confirmation.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Department": "Finance"}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Indicates if the temporary tables created during a masking operation should be dropped after masking. It’s enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.

Indicates if redo logging is enabled during a masking operation. It’s disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.

Indicates if statistics gathering is enabled. It’s enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

Specifies options to enable parallel execution when running data masking. Allowed values are ‘NONE’ (no parallelism), ‘DEFAULT’ (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUsi and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.

A post-masking script, which can contain SQL and PL/SQL statements. It’s executed after the core masking script generated using the masking policy. It’s usually used to perform additional transformation or cleanup work after masking.

A pre-masking script, which can contain SQL and PL/SQL statements. It’s executed before the core masking script generated using the masking policy. It’s usually used to perform any preparation or prerequisite work before masking data.

Specifies how to recompile invalid objects post data masking. Allowed values are ‘SERIAL’ (recompile in serial), ‘PARALLEL’ (recompile in parallel), ‘NONE’ (do not recompile). If it’s set to PARALLEL, the value of parallelDegree attribute is used.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    export column_source_sensitive_data_model_id=<substitute-value-of-column_source_sensitive_data_model_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/update-masking-policy-update-column-source-sdm-details.html#cmdoption-column-source-sensitive-data-model-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy update-masking-policy-update-column-source-sdm-details --column-source-sensitive-data-model-id $column_source_sensitive_data_model_id --masking-policy-id $masking_policy_id

update-masking-policy-update-column-source-target-details

Description

Usage

oci data-safe masking-policy update-masking-policy-update-column-source-target-details [OPTIONS]

Required Parameters

The OCID of the target database to be associated as the column source with the masking policy.

The OCID of the masking policy.

Optional Parameters

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Operations": {"CostCenter": "42"}}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

The description of the masking policy.

The display name of the masking policy. The name does not have to be unique, and it’s changeable.

Perform update without prompting for confirmation.

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags <https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm>

Example:

{"Department": "Finance"}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

Indicates if the temporary tables created during a masking operation should be dropped after masking. It’s enabled by default. Set this attribute to false to preserve the temporary tables. Masking creates temporary tables that map the original sensitive data values to mask values. By default, these temporary tables are dropped after masking. But, in some cases, you may want to preserve this information to track how masking changed your data. Note that doing so compromises security. These tables must be dropped before the database is available for unprivileged users.

Indicates if redo logging is enabled during a masking operation. It’s disabled by default. Set this attribute to true to enable redo logging. By default, masking disables redo logging and flashback logging to purge any original unmasked data from logs. However, in certain circumstances when you only want to test masking, rollback changes, and retry masking, you could enable logging and use a flashback database to retrieve the original unmasked data after it has been masked.

Indicates if statistics gathering is enabled. It’s enabled by default. Set this attribute to false to disable statistics gathering. The masking process gathers statistics on masked database tables after masking completes.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

Specifies options to enable parallel execution when running data masking. Allowed values are ‘NONE’ (no parallelism), ‘DEFAULT’ (the Oracle Database computes the optimum degree of parallelism) or an integer value to be used as the degree of parallelism. Parallel execution helps effectively use multiple CPUsi and improve masking performance. Refer to the Oracle Database parallel execution framework when choosing an explicit degree of parallelism.

A post-masking script, which can contain SQL and PL/SQL statements. It’s executed after the core masking script generated using the masking policy. It’s usually used to perform additional transformation or cleanup work after masking.

A pre-masking script, which can contain SQL and PL/SQL statements. It’s executed before the core masking script generated using the masking policy. It’s usually used to perform any preparation or prerequisite work before masking data.

Specifies how to recompile invalid objects post data masking. Allowed values are ‘SERIAL’ (recompile in serial), ‘PARALLEL’ (recompile in parallel), ‘NONE’ (do not recompile). If it’s set to PARALLEL, the value of parallelDegree attribute is used.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    export column_source_target_id=<substitute-value-of-column_source_target_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/update-masking-policy-update-column-source-target-details.html#cmdoption-column-source-target-id
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy update-masking-policy-update-column-source-target-details --column-source-target-id $column_source_target_id --masking-policy-id $masking_policy_id

upload

Description

Usage

oci data-safe masking-policy upload [OPTIONS]

Required Parameters

The OCID of the masking policy.

Details to upload a masking policy file.

Optional Parameters

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource’s current etag value.

The maximum time to wait for the work request to reach the state defined by --wait-for-state. Defaults to 1200 seconds.

This operation asynchronously creates, modifies or deletes a resource and uses a work request to track the progress of the operation. Specify this option to perform the action and then wait until the work request reaches a certain state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

ACCEPTED, CANCELED, CANCELING, FAILED, IN_PROGRESS, SUCCEEDED, SUSPENDED, SUSPENDING

Check every --wait-interval-seconds to see whether the work request to see if it has reached the state defined by --wait-for-state. Defaults to 30 seconds.

Global Parameters

--auth-purpose, --auth, --cert-bundle, --cli-auto-prompt, --cli-rc-file, --config-file, --debug, --defaults-file, --endpoint, --generate-full-command-json-input, --generate-param-json-input, --help, --latest-version, --max-retries, --no-retry, --opc-client-request-id, --opc-request-id, --output, --profile, --query, --raw-output, --region, --release-info, --request-id, --version, -?, -d, -h, -i, -v

Examples

    oci data-safe masking-policy create --generate-param-json-input column-source > column-source.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration <https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#configfile> and appropriate security policies <https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm> before trying the examples.

    export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/create.html#cmdoption-compartment-id
    export upload_masking_policy_details=<substitute-value-of-upload_masking_policy_details> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/data-safe/masking-policy/upload.html#cmdoption-upload-masking-policy-details
    masking_policy_id=$(oci data-safe masking-policy create --column-source file://column-source.json --compartment-id $compartment_id --query data.id --raw-output)
    oci data-safe masking-policy upload --masking-policy-id $masking_policy_id --upload-masking-policy-details $upload_masking_policy_details