Skip to main content

Configure SL Masking for Kerberos User in Oracle

To perform SL masking, we need to create a database user to load the library into; this user is identified externally by the Kerberos user.

To create a user, follow the below steps before masking is run:

  1. Create a new user who is identified externally by Kerberos user. The username must be same and should be without domain name. The names are case sensitive. Following is the command:

    create user <KRBUSER_NAME> identified externally as '<KRBUSER@EXAMPLE.COM>'

    For example,

    create user ORAKRB identified externally as 'ORAKRB@DGAD.COM’.

  2. Give the grants required for masking to <KRBUSER>; e.g., ORAKRB. The grants can be found under prerequisites folder for oracle in DgMaskerIDP installation.

    Steps 3-4 are specific to SL masking

  3. Load the jar file in <KRBUSER> using below command. 

    loadjava -user sys/sys -schema ORAKRB <location for fpe-oracle.jar>
    where ORKRB is the <KRBUSER> as specified in the step 1 example.

    Give grants mentioned in GrantsToAccessJavaFromRDBMS.sql to <KRBUSER>.

  4. Run the masking task.

*Note: During SL masking task execution, if an error related to run time permission is encountered then provide the grant specified below and re-execute the task.

Call dbms_java.grant_permission( ‘ORAKRB’,’SYS:java.lang.RuntimePermission’, ‘accessClassInPackage.sun.misc’,”)

Where ‘ORAKRB’ is the Kerberos user i.e., <KRBUSER>

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.