Scrambling Sensitive E-Business Suite Data During Cloning

Enterprise Manager 10g Grid Control allows you to manage all of your Oracle E-Business Suite systems from a single console.  The Application Management Pack (AMP) for Oracle E-Business Suite, Release 2.0.0 and 2.0.1 extends EM 10g Grid Control to manage Oracle Applications systems.


One of the key features of the Applications Management Pack is the ability to clone an Oracle E-Business Suite system automatically.  While cloning environments, administrators can modify the standard cloning process to include some custom actions. One such custom action is data

Data scrambling is the process of obfuscating or removing sensitive data, and can be used by functional administrators and database administrators when cloning an environment that contains sensitive information.

Data Scrambling Characteristics

The key characteristics of Data Scrambling are:

  • The scrambling process is irreversible, so that the original data cannot be derived from the scrambled data.
  • The scrambling process is repeatable (with the same parameters) and can be used for multiple cloning processes.

Key Data Scrambling Terms

Attribute:  Group of columns in one or more tables representing a single, logical E-Business Suite-wide value such as customer name

Tables to Purge:   Tables selected to be purged for rows matching user-defined criteria. This table selection allows the removal of sensitive data such as transaction histories before allowing applications to access to the system.

Policy:  Functional groupings of Attributes and Tables to Purge related to one or more applications in the E-Business Suite. For example: "GL Policy" or "AR Policy".

Policy Set:  Policy sets are groups of policies. Multiple policy sets can contain overlapping policies.  Example: "Financial Policy Set"

Configuring Data Scrambling1: Flow diagram showing data scrambling policy definition process

Preparing for Data Scrambling

  1. Data scrambling is configured through the Oracle Applications Manager.  To enable data scrambling, set the site-level profile option OAM: Data Scrambling Enabled to "Yes".
  2. Functional administrators define the attributes and map them to database columns.
  3. Functional administrators collect attributes together to define policies and policy sets.

Scrambling the Data

The configuration defined in Oracle Applications Manager for data scrambling can be utilized within the Apps Management Pack during the cloning process.

The Database Administrator specifies the policy sets to scramble the source data, initiates and then monitors the data scrambling process.

The source data from the original instance is sent through the data scrambling engine, which then scrambles the data.

Configuring Data Scrambling2:


Related Articles


Good stuff. I've seen another Oracle document floating around that discusses "masking" in the same manner as "scrambling" is discussed here. I understood masking to be distinct from scrambling?

Either way, good stuff. The document from Oracle is:


Hope you had a safe trip.


Posted by John Stouffer on March 01, 2008 at 03:19 AM PST #

It is and excellent news that Data Scrambling now build in to Oracle products. For a long time this was a question for customizations. Just wonder if the Data Scrambling API is available in core EBS package (from patch delivers the code)? It might be a bit challenging to implement OEM just this features for (I know that there are a lot others). But still it might be a problem justifying OEM Apps Pack expenses to customer.

Posted by Yury Velikanov on March 02, 2008 at 04:53 PM PST #


What is the difference between OEM with the Data Masking Pack and OEM with AMP scrambling?


Posted by John Stouffer on March 11, 2008 at 12:59 AM PDT #


The OEM Data Masking is a part of Database Management Pack whereas; OEM Data Scrambling is a part of Application Management Pack for EBS.

OEM Database scrambling can only be performed when cloning EBS using AMP.


Posted by Sanchit Jindal on March 16, 2008 at 09:51 PM PDT #

We're still in the process of certifying the pack on HP-UX and Windows. However for Unix platforms we haven't re-packaged the product and the same Unix release can be used for HP-UX platform.

For windows platform we would need to re-package the product and create a new release. That effort is currently underway.

Posted by Sanchit Jindal on March 16, 2008 at 10:04 PM PDT #

Is it possible to add E-biz custom tables to the data scrambling configuration? I would assume that this is schema dependent.


Posted by John Hax on December 29, 2008 at 04:15 AM PST #

Dear All,

Thanks for all these info provided.

I Have a cloned EBS 12, and I need to scramle the data on it, how can I acheive that? or I should clone again, and during cloning I should scramble the data using AMP ?

Thanks in Advance,

Posted by Jamal Mallouh on March 09, 2009 at 04:09 PM PDT #


Data Masking and Scrambling state that they are irreversible. We have a need to have scrambled data in our test environments but then be able to send files to our shared systems where they need to "de-scramble" the data to validate.

Is that possible with any of the Oracle tools?

As always, thanks in advance and hope all is well.


Posted by John Stouffer on March 24, 2009 at 05:46 AM PDT #

Hi, John,

As far as I'm aware, these tools don't have a decryption or unscrambling option.

I don't think I fully understand your requirements, but here's one possible approach:

The Oracle Applications Management Pack offers a scriptable cloning process. You get to choose what happens during cloning. You might choose to include the data scrambling step for your test instances (using one particular script), but leave production cloning unscrambled (using a different cloning script).

Would that meet your requirements?


Posted by Steven Chan on March 26, 2009 at 08:00 AM PDT #

I have a question about using the Data Masking feature in OEM. I found this link which explains the step-by-step process about Data Masking:

I tried following these steps and just realized that the OEM and Oracle Applications should be running on a Linux Server as against a Sun Solaris. Is that correct? We have our Oracle Applications system (and OEM) running on Sun Solaris so does this mean Data Masking cannot be used?

Please reply as soon as possible.


Posted by Shantan on March 30, 2009 at 06:54 AM PDT #

I installed EBS R12.0.0 with database .Please provide the information about " datamasking concept is applicable to DATABASE of EBS R12.0.0"


Posted by Thireesh on June 18, 2009 at 07:23 PM PDT #

Does AMP require additional licensing?

Posted by Kurt on November 17, 2009 at 03:20 AM PST #

Hi, Kurt,

Yes it does. I don't know what that licencing costs, though (I'm in Development not Sales). For details about AMP licencing, your best bet would be to contact your Oracle account manager.


Posted by Steven Chan on November 17, 2009 at 03:22 AM PST #

Hello Guru's,

I would appreciate some more info on which are EBS fields which can be Scrambled? As I understand there should be some limitations on the tool from Oracle EBS .


Posted by Sachin on October 19, 2010 at 10:48 PM PDT #

Can OEM database scrambling be used to effectively separate a company that is spinning off. We want the cloned instance to only have information belonging to the new (i.e. spun off) entity) or at least the data scrambled.

Posted by guest on January 25, 2012 at 05:01 PM PST #

Hello, Guest,

As far as I'm aware, there's no straightforward way of using the OEM database scrambling tool to scramble EBS data for one organization vs. another. Your best bet may be to create a new EBS instance for the spun off entity.


Posted by Steven Chan on January 26, 2012 at 09:59 AM PST #

Currently, Data Masking from AMP is not supporting on RAC enabled system. Can we apply the data masking on the staging instance (non RAC) where the source of the cloning is a RAC enabled with single instance?

Posted by guest on February 01, 2012 at 09:19 AM PST #

Could you show where I can get more information on data masking from OEM and data scrambling from AMP on an ERP instance?

Posted by Damasus on February 06, 2012 at 03:10 PM PST #

Hi, Damasus,

For more information about Data Masking, see:

For more information about AMP data scrambling, see the AMP resources listed in this article:

Oracle E-Business Suite Plug-in 4.0 Released for OEM 11g (


Posted by Steven Chan on February 09, 2012 at 10:15 AM PST #

Hi, Damasus,

I'm working through our backlog but missed your prior question.

I believe that it would be possible to apply the AMP data scrambling feature to a non-RAC staging instance, as long as the RAC cloning source has been able to do the clone from RAC to non-RAC.


Posted by Steven Chan on February 09, 2012 at 10:26 AM PST #

Dear Steven

Can we leave fnd user id without scremblled while using data masking pack?

Posted by jatin on November 26, 2013 at 09:55 PM PST #


We've deprecated the data scrambling features in AMP due to the subsequent release of the Enterprise Manager Data Masking Pack. You should use that product instead now.

And this article is for AMP 2.0 and 2.1. If you're still on that release, you should upgrade to the latest versions of Enterprise Manager and AMP to remain on a supported release, such as EM 12c and AMP


Posted by Steven Chan on November 27, 2013 at 08:39 AM PST #


How Can we mask custom objects in R12 using 12c Grid Control?


Posted by guest on February 07, 2014 at 03:18 AM PST #


We've deprecated the scrambling features in AMP due to EM data masking. For additional information on how to use EM data masking with E-Business Suite Release 12.1.3, please refer to the blog article "Oracle E-Business Suite Technology - E-Business Suite 12.1.3 Data Masking Certified with Enterprise Manager 12c" available here:

For information on how to mask custom objects, please refer to the guidelines in "Part 3: Customization" in the following My Oracle Support Note:

• Using Oracle E-Business Suite Release 12.1.3 Template for the Data Masking Pack with Oracle Enterprise Manager Data Masking Tool (Note 1481916.1)


Posted by Elke Phelps (Oracle Development) on February 07, 2014 at 02:36 PM PST #

Post a Comment:
  • HTML Syntax: NOT allowed


« July 2016