SAP PII Discovery in Oracle DB Recommendations
search cancel

SAP PII Discovery in Oracle DB Recommendations


Article ID: 262680


Updated On:


CA Test Data Manager (Data Finder / Grid Tools)


We are doing PII discovery and masking in an Oracle SAP DB and are looking for any instructions, scripts, etc. specific to Oracle to grant the appropriate access to the database at the schema level to ensure the tool can access all the tables necessary to complete the discovery.  


Release : 4.10


Our SAP classifiers only use regular expressions on column names. You will notice duplicates in the list because the list contains all the classifiers for all SAP modules. The list doesn't have the connection with the actual module. I've attached a copy of the list to this article. 

Notes on PII discovery:

  • Look at column names and data
  • Restrict data to a few rows, not more than 10 to 20.
  • SAP has 100,000+ tables, so looking at data is a bit tricky. Our provided classifiers only look at the column names, so creating additional classifiers that analyze data would be helpful. See Manage Data Classifiers for more information.
  • If using the regular SAP classifiers, just select column names on the PII scope.

What happens is that an SAP module (A) can have the same regular expression on address as Module (B). Ideally, you would just import what modules you need. For some modules, the regular expression changes a bit. If that is the case, then you can, so you could look at acct # on module (A) and acct # on module (B).

As for masking, since your SAP application is using an Oracle database, then masking will be no different from masking any other Oracle database. See the FDM Best Practices, since Portal also uses the FDM Masking Engine. Also, review Masking Performance Optimization in CA TDM Portal. If you would like to take advantage of the scalable masking provided through our Docker solution, see Scalable Masking with Docker.

As for additional scripts to provide grants, we really don't have any. The only script that I can think of is part of the DB-install-kit-, which can be downloaded from the Broadcom Support Portal - My Downloads for the TDM product, and is used to create the gtrep user account, which really doesn't apply to what you are asking for. You should check with your DBA. For PII discovery, you primarily need to read the table column names and sample the data if you use classifiers that analyze the data. Masking would need more privileges, as you may need to create a Restart Column used to keep track of where we are in the masking process.

Additional Information

PII Data Scan Terminology

TDM Supported Data Sources