Skip to main content
Skip table of contents

Preparing Sybase database for profiling and masking

Before masking data, the database(s) must be prepared. This page provides configuration resources, information on how memory requirements are determined, table keys, creating roles, and creating user privileges.

Determining the amount of memory SAP ASE needs

As referenced in SAP’s Determining the amount of memory SAP ASE needs page, the total memory SAP ASE requires to start is the sum of all memory configuration parameters, plus the size of the procedure cache, plus the size of the buffer cache, where the size of the procedure cache and the size of the buffer cache are expressed in round numbers rather than in percentages. Visit the page mentioned above for more elaborated detail.

Determining SAP ASE memory configuration

As referenced in SAP’s Determining SAP ASE memory configuration page, the total memory allocated during system start-up is the sum of memory required for all the configuration needs of SAP ASE. You can obtain this value from the read-only configuration parameter total logical memory. Visit the page mentioned above for more elaborated detail.

In-place masking and table keys

A key is a unique, non-null value that identifies a row in the database table. When masking using In-Place, this key looks up the row to update the masked record. For performance, this key needs to be indexed. The best index is a Clustered Index.

  • Primary Key (PK): If there is a Primary Key, the Continuous Compliance Engine will use this key.

  • IDENTITY column: If there is no PK, but there is an IDENTITY column on the table, the Continuous Compliance Engine will use this. If this column is not indexed, the Continuous Compliance Engine will add a non-clustered index called i_MASKING_GENERATED_IDENTITY_TMP.

  • Logical Key (LK): You can add a Logical Key to override the key used. The Logical Key can be one or multiple columns. The Logical Key has to be unique and can’t have NULLs.

  • No Key: If there is no Key, the Continuous Compliance Engine has an automated feature that will add an IDENTITY column called MASKING_GENERATED_IDENTITY_TMP. This column is removed at the end of the masking job execution. This column will be indexed with a non-clustered index called i_MASKING_GENERATED_IDENTITY_TMP.

    • An alternative would be using On-the-Fly masking.

Transaction logs

When a table is altered, Sybase ASE will create log entries (needed for Rollback and other DB features so these are unavoidable). The transaction log size required for masking is larger than the combined size of all tables masked.

The management of Transaction Logs on Sybase is a manual DBA task.

Sizing Transaction Logs

In general, the amount of tables and records masked can result in large transactions. Each database's transaction log should be managed appropriately to allow the masking jobs to run; failure in doing so can result in the suspension of the transaction and the masking job appears to hang.

Review the ASE documentation Managing Free Space with Thresholds on how to manage the transaction log threshold. Resizing the database can be necessary to have a larger transaction log. When resizing a Delphix VDB, make sure any new log devices are created in the VDB's underlying datafile directory, provided by the Delphix Engine. For more information, visit the Resizing an SAP ASE VDB page.

Creating a masking user and privileges

It is highly recommended to create a database user and possibly a role to mask. This user should not be created in production, but should be created in non-production. The following permissions are needed:

  • Syntax to add a user and give privileges:

CODE 
sp_adduser mask_user;
CREATE user NEWUSER;
CREATE LOGIN mask_user WITH PASSWORD Delphix_123; --THIS MUST BE DONE IN MASTER
CREATE USER mask_user IDENTIFIED BY Delphix_123;
GRANT SELECT ON PII_V2 TO mask_user; GRANT INSERT ON PII_V2 TO mask_user; GRANT DELETE ON PII_V2 TO mask_user; GRANT ALTER ON PII_V2 TO mask_user; GRANT UPDATE ON PII_V2 TO mask_user;
GRANT ALTER ANY TABLE TO mask_user;

  • Adaptive Server requires a two-step process to add a user: sp_addlogin, followed by sp_adduser.

CODE 
CREATE LOGIN MASK_SUPER_USER WITH PASSWORD Delphix_123;
sp_addlogin MASK_SUPER_USER, Delphix_123;
GRANT ROLE sa_role TO MASK_SUPER_USER;
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close