Automated masking and exit is controlled by providing the appropriate command line options when the application starts. The options required to automate the masking process are:
<DummySchema>@<DummyTNSName>=<RealSchema>/<RealPassword>@<RealTNSName>
The Login Substitution Parameter section below contains more information and examples.
Unlike the other command line options, the PARFILE option must be specified with an equals sign as in the example below:
PARFILE=C:\MaskingSets\SamplePARFILE.txt
The Parameter File section below contains more information and examples.
Exit Codes
The exit code value is returned using the Windows standard mechanisms and can be determined via any of the available Windows methods. The most common way to view the return code is by using the DOS echo %errorlevel% command. The script output below shows such an operation. The 301 exit code means the masking set execution failed with an error.
C:\Program Files\Data Masker for Oracle>start /wait "" Datamasker.exe C:\Net2000\DMO_TestSets\DMTest.MaskSet -R -X C:\Program Files\Data Masker for Oracle>echo %errorlevel% 301 C:\Program Files\Data Masker>
There is an important consideration which must be noted when launching Windows applications from a command line. The Command application will, by default, launch a Windows application as a separate process. Once started, the Command application will not monitor the running Windows application process. In effect, this behaviour means that immediately after launching the Windows application, the Command application will return to the DOS prompt and continue with the next command statement. It is not possible to retrieve the exit code in such circumstances and the next operation in the Command application will begin to process long before the masking set has completed.
If it is necessary for the Command line application to wait until the masking set has executed (and the Data Masker software has shutdown) before it executes the next operation, then the Data Masker software must be launched with the DOS start /wait command. The example below illustrates these concepts:
Note: For some reason, the first parameter of the Start /Wait Command needs to be the Title of the Window To Open. Nobody knows quite why such an optional parameter would be required let alone be specified first in the list - however that is just the way it is. In the examples below the window title is entered on the command line as two double quote characters "". You can use whatever title you wish but the title parameter does need to be present or the Start /Wait command will improperly interpret the remaining command line parameters.
C:\Program Files\Data Masker for Oracle>REM the errorlevel will be set and the next command will only C:\Program Files\Data Masker for Oracle>REM be performed once the masking set is complete C:\Program Files\Data Masker for Oracle>start /wait "" Datamasker.exe C:\Net2000\DMO_TestSets\DMTest.MaskSet -R -X C:\Program Files\Data Masker for Oracle>echo %errorlevel% C:\Program Files\Data Masker for Oracle> ... perform next commandC:\Program Files\Data Masker for Oracle>REM the errorlevel will always be zero and the next command will be C:\Program Files\Data Masker for Oracle>REM performed immediately without waiting for the Data Masker software C:\Program Files\Data Masker for Oracle>REM to complete C:\Program Files\Data Masker for Oracle>Datamasker.exe "" C:\Net2000\DMO_TestSets\DMTest.MaskSet -R -X C:\Program Files\Data Masker for Oracle>echo %errorlevel% C:\Program Files\Data Masker for Oracle> ... perform next command
The Login Substitution Parameter The Login Substitution Parameter always follows the -S command line option and is used to replace dummy values configured in the Rule Controller with values specified on the command line. The format of the login substitution parameter is always
<DummySchema>@<DummyTNSName>=<RealSchema>/<RealPassword>@<RealTNSName>
For example, a Rule Controller might be configured with a schema of FOO and a TNSName of BAR. In that case, a command line with the option -S FOO@BAR=scott/tiger@testdb1 would check each Rule Controller in the masking set and substitute the real connection information of scott/tiger@testdb1 in place of FOO@BAR. The dummy values of FOO@BAR serve as place holders for the real information and allow the appropriate Rule Controller to be updated at run time. A masking set can have multiple Rule Controllers. In that circumstance, multiple substitution parameters can be configured as shown below:
-S FOO@BAR=scott/tiger@testdb1 -S ABC@TESTDB=dmtest/dmtestpass@Test10G
The Parameter File Contents
Each line of a parameter file specifies an option. Note that it is not necessary to enclose file names which contain space characters in double quotes inside the parameter file. The use of double quotes is only required (by Windows) when the file name is specified directly on the command line. Below is an example of a parameter file:
-- Sample Parameter file for Data Masker Command Line -- usage: start /wait "" Datamasker.exe PARFILE=C:\MaskingSets\SamplePARFILE.txt -- MASKSET=C:\Masking Sets\CmdTest_WithSubs.MaskSet LOGINSUB=FOO@Bar||scott/tiger@testdb1 LOGINSUB=ABC@TESTDB||dmtest/dmtestpass@Test10G AUTORUN=true AUTOEXIT=true DMOSUBVALUE00=Scott DMOSUBVALUE05=TESTUSER
<DummySchema>@<DummyTNSName>||<RealSchema>/<RealPassword>@<RealTNSName>
The Login Substitution Parameter section above contains more information and examples. If more than one login substition is required by the masking set, use multiple LOGINSUB lines in the parameter file as illustrated in the example above.
Usage: The keywords for these replacement strings are DMOSUBVALUE00 to DMOSUBVALUE19. If the text %DMOSUBVALUExx% is used in a Command rule or in the Where Clause of a masking rule, the value associated with that keyword will be replaced at runtime before the rule is executed. For example, if a Command rule included a statement like Truncate table %DMOSUBVALUE05%_TEMP; and the parameter file contained a line stating DMOSUBVALUE05=TESTUSER then the actual statement that would be executed would be Truncate table TESTUSER_TEMP;. The value TESTUSER would be substituted for the %DMOSUBVALUE05% text in the SQL statement immediately before the statement was executed.
Examples