Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking
  3. Rules
  4. Connection Rules
  5. Security Rules
  6. Security Rule Set Simulator
  7. Masking Functions
  8. Glossary

Client/Application Information Matcher

Client/Application Information Matcher

The Client/Application Information matcher determines the users and applications that can access the database. Use the application information, such as the user name, host information, and program name, to define the connection criteria for the Client/Application Information matcher.
The Client/Application Information matcher provides include and exclude lists that you use to manage the users and applications that have access to the database. The include list specifies the applications and users that you want to restrict access to information within the database. The exclude list specifies the applications and users that you want to allow access to the database. For example, you can use the Client/Application Information matcher to mask requests from development applications, but allow database administrators to access the application data.
When the Rule Engine applies the Client/Application Information matcher, the Rule Engine parses the exclude list first. Users and applications that are on the exclude list bypass Dynamic Data Masking and access the database directly. Next, the Rule Engine parses the include list. Users and applications that are on the include list can access obfuscated data.
If you do not specify any information in the include list, the Rule Engine includes all application programs.
The Rule Engine uses regular expressions to perform application identification on the full name. For programs, you must use
.*
before the program name to match the full program path. For example, use
.*sqlplus.exe
for
application=C:\oracle\app\product\11.1.0\db_1\bin\sqlplus.exe
.
The following table describes the parameters for Client/Application Information matcher:
Parameter
Description
OS user
Operating system user name.
Host name
Client/application host name.
Program name
Name of the file to run the application.
Include list
Defines the program file names, hosts, and application users that you want to add to the include list.
Exclude list
Defines the program file names, hosts, and application users that you want to add to the exclude list.
The Client/Application Information matcher is not available for the DDM for JDBC or DDM for ODBC services.

0 COMMENTS

We’d like to hear from you!