Oracle Analytics allows us to quickly create and then apply data preparation and enrichment scripts to our data sets. These scripts can be used in preparing and cleansing the data before visualizing a data set in a project. This step is often vital for many reasons, maybe even complying with corporate security policies.
For example, recently an OAC user inquired an interesting question about securing uploaded datasets so that people can view/open a project built on it without granting them access to open/download the underlying ad-hoc data set. The issue presented is key identifying fields like EMPLID or other very granular personnel data being mashed up with an existing subject areas. In many cases the personal identifying data should not be shared with a broader audience, based on company security policies.
It’s true that if we allow users ”Full Control”, ”Modify”, or ”Read” access to a dataset, they can download a data source created from a Microsoft Excel file by clicking Options and selecting Download Excel. Note that the columns in the download match the columns in the file that you originally uploaded. Any derived columns that were added in the Visualization editor’s prepare canvas aren’t included in the data source download.
Users can build projects with the dataset, we cannot prevent the users from exporting the project's visualizations, canvases, or stories as a Portable Document Format (PDF), PowerPoint (PPT) file, or writing visualization data to a CSV file.
Compliance can be maintained with security policies by concealing sensitive (personal identifying) data with the obfuscation functionality. OAC allows us to obfuscate all or a portion of the data in a column through data preparation script. When we create a Preparation Script the changes are recorded on the Prepare page - It contain a blue dot next to the page the if the script has not yet been applied to the dataset. The changes are implemented when we select Apply Script. The changes are complete when the Apply Script progress indicator disappears. If some users need to see the sensitive data, a duplicate data set can be created containing the specified sensitive data. As a prerequisite, perform the steps needed to create or open a previously created dataset.
To create a preparation script and obfuscate all or a portion of the data in a column:
- - In Results, select the sensitive column. If you desire to conceal multiple columns, must be done one column at a time.
- - In the Recommendations list, click the desired obfuscation effect, you may; obfuscate the entire column, delete the column, or obfuscate a portion of the columns data.
- - Repeat steps for any other columns that you may want to apply obfuscation such as SSN, CC number, or even name.
You may need to take some additional steps using Oracle Analytics Data Flow if you are planning to join to other data with a column that is obfuscated.
Once you have created the preparation script use the below steps to run the script to apply the column obfuscations:
- - Click Apply Script.
- - When the blue dot next to Results, the Apply Script progress indicator disappears and the script completes the transformations.
Oracle Analytics automatically saves the changes in the data set.
- - Click Go back in save changes, click Save to update the data set.
- - Navigate to the Home page, select your updated data set, click Options and then select Inspect.
This is an approach to use the Oracle Analytics obfuscation functionality to help companies protect data and comply with security policies. The data obfuscation functionality is part of the Oracle Analytics data preparation and enrichment scripting that can be created and applied to data sets.
Interested in a deep dive on the differences among OAC, OAS, OBIEE? Watch the replay of our "Analytics Showdown" webinar here.