PK Protect utilizes target data storage for storing masking task metadata and their status, generated during the task execution.
When a masking task is executed, Dg schema gets created. The DgSecureMaskerIDP creates the following masking objects i.e., Masker Metadata Tables, Procedures, and Scalar UDF Functions in the schema. These objects help the IDP during masking task execution and only store metadata such as column details that need to be masked, masking options, status and errors occur during the task if any. The Dg schema is created for all the databases except Salesforce.
For some specific databases, these objects are created.
Oracle: This object is created within the Oracle user account that is used for creating masking connection.
Postgres, SQL Server, Snowflake, Redshift: These objects are created in Dg schema under the database that is used for creating masking connection. You can edit the schema name in RDBMS > Static Masking > Tasks/Templates Definition screen under “Package schema” option.
MySQL, Teradata: These objects are created in the database that has been specified while creating masking connection.
The Package Schema setting enables the user to store the masking task metadata and status generated while the task is running. This setting is available in the RDBMS > Static Masking > Tasks/Templates Definition screen listed under +Show Advanced Options. You can enter the name of the schema using this option. The default value of the Package Schema is set to DG.
Following are the masking objects created under Dg schema:
Masker Metadata Tables
These tables are created by the DgSecureMaskerIDP when a masking task is executed.
It uses Dg schema to save the task parameters and to keep track of masking tasks and their status during the task execution.
In procedures, accessing task definitions and other global data from tables are more convenient than passing all the data through parameters. These tables also assist Database Administrators to monitor the task state from the database.
Following are the tables created in Dg schema that stores the masking related information:
DGSQL: This table logs the queries that are used in the masking task.
DG_COLUMNS: This table saves the masking task definition and metadata related to columns that are a part of masking tasks.
DG_ERROR_LOG: This table logs the errors generated during the execution of a masking task.
DG_PROCESS_CONTROL: This table stores multiple flags for the masking task status.
DG_RECREATE_INDEX: This table contains metadata related to constraints that needs to be enabled/disabled.
DG_RECREATE_TRIGGER: This table contains metadata related to triggers that needs to be enabled/disabled.
DG_RE_ENABLE: This table contains metadata related to constraints that needs to be enabled/disabled during execution of a masking task.
DG_SCHEDULEDJOBS: Masking on multiple tables is done in batches. This table contains metadata of tables that are a part of masking tasks.
DG_STATUS_MESSAGE: This table contains status messages and high-level logs from masking task.
DG_TABLES: This table saves the masking task definition and metadata related to tables that are a part of masking tasks.
DG_WATERMARK: This table includes encrypted text of fully qualified column names which has been masked.
DG_WORKER_LOG: This table contains metadata related to tables that are in-queue or have already been masked. It also saves the number of rows masked, once the task has been completed.
Country_XDGM: This table stores the referenced data for Random-Country masking option. The values are picked from this table, and it will update the column that is masked using Random-Country masking option.
Similarly, there are other XDGM tables that stores referenced data for other Random Masking options which can be used to update the column that needs to be masked.
Procedures are created in Dg schema by the DgSecureMaskerIDP during the execution of masking task. These procedures contain the logic that processes data and is passed through the multiple parameters. It contains set of instructions/steps that helps in executing the task. Procedures are created in the following databases: Oracle, SQL Server, Postgresql, MySQL, and DB2.
Given below are the sample procedure names in Oracle:
DG_FIND_PK_FK , DG_FINDK_PK, DG_CLEAR_CONSTRAINTS,
DG_WRITE_ERROR_LOG, FIND_PK_FK, DG_DROP_ALL_TEMP_TABLES
Scalar UDF Functions
These functions are created by the DgSecureMaskerIDP in the Dg schema when a masking task is executed. These functions are used to create masking query that takes original data as input and returns masked data as output.
There are two types of functions:
PL/SQL: These functions are written in PL/SQL language.
External: These functions are written in java, python or .net language.
Given below is the sample update query in SQL language:
UPDATE "table name" SET "column 1" = fpm(column1, key), " column 2" = date();
Given below is the sample for External Function:
REPLACE FUNCTION DG_FPM
columnvalue VARCHAR(32000) ,
keepnull VARCHAR(500) ,
datatype VARCHAR(500) ,
NO EXTERNAL DATA
PARAMETER STYLE JAVA
CALLED ON NULL INPUT EXTERNAL NAME
(java.lang.String, java.lang.String, long, java.lang.String, int, int)