Dump data definitions

Use dump_df.p procedure to dump the data definitions of a database. Prodict/dump_df.p creates a data definition (.df) file, which contains the schema definitions of all tables, fields, indexes, and sequences in the database but not the actual table data. The following parameters are provided to run the dump_df batch scripts:
RUN prodict/dump_df.p (
						"ALL" or "<file-name> [,<filename>] ...",
						df-file-name,
						code-page
					  )

Parameters

file-name
Specifies the names of one or more tables or files that contain the list of tables you want to dump. To dump definitions of the entire database, type "ALL". To batch dump specific tables, provide the file name with a list of tables that you want to dump.
df-file-name
Specifies the name of the file in which the data is dumped.
code-page
Specifies the code page value, which can be one of the following:
Value Description
? No conversion
"" Default conversion (SESSION:STREAM)
code-page Converts to the provided code page value

Example

Generate the .df file for all tables.
RUN prodict/dump_df.p (INPUT "ALL",
					   INPUT "C:\Demo.df",
					   INPUT "ISO8859-1").

Dynamic data masking schema section in the .df file

Dynamic data masking (DDM) enables security and DDM administrators to control which end users of applications are authorized to view sensitive information and mask (or obfuscate) sensitive data when viewed by unauthorized users.

A mask is a format string representation that is setup against table fields to control how data is shown to an unauthorized user.

DDM configuration uses a Role-Based Access Control (RBAC) mechanism to control who has the privileges to unmask the data. With the help of RBAC, new roles are created and assigned to database users. These roles help determine whether a user has access to particular fields.

A security administrator is responsible for creating new roles. After these roles are created, a DDM administrator assigns them to database users. The DDM administrator is also responsible for creating and assigning new authentication tags to the user-defined roles. Any role could be mapped to multiple authentication tags and any authentication tag could be mapped to multiple user-defined roles.

After mapping the roles and authentication tags together, the DDM administrator can map these authentication tags to the table fields. These tags will help decide whether the user has unmasking privileges for a particular field. You have unmasking privileges over a field if the authentication tag on the table field is mapped to a role and if that role has been assigned to you. This mapping implies that the DDM administrator has granted you unmasking privileges over the concerned field.

For more information on the available mask configuration types and authorization tags, see Dynamic data mask configurations and Authorization tags.

Note: Given that the DDM administrator and the security administrator are separate individuals, only the DDM administrator can dump and load DDM schema definitions. You can dump and load DDM schema definitions if you are both a DDM administrator and a security administrator.

For more information on how to configure DDM and how to get started, see Introduction to Dynamic Data Masking in the Learn about Security and Auditing.

The DDM_Schema_Section in the .df file contains the DDM schema definitions that include details of the mask and authorization tags defined for database fields. 
# BEGIN DDM_Schema_Section
										
	UPDATE FIELD <Field-Name> OF <Table-Name>
	MASK <<_FLD-res2[1]>>
	AUTHTAG <<_FLD-res2[2]>>
										
# END DDM_Schema_Section

Batch dump DDM and schema definitions

To batch dump the DDM schema definitions for your database, the DDM administrator can run the batch_dump_df.p wrapper file. This file accepts an environment variable named DUMP_DDM and passes it to dump_df.p as a parameter. DUMP_DDM is responsible for determining the content dumped in the .df file.

Depending on the value of DUMP_DDM passed, the wrapper file executes the following actions:
DUMP_DDM Action
No or no value passed Dumps only the schema definitions in the .df file.
Yes Dumps only the DDM schema definitions in the .df file.
Both Dumps both, the schema definitions and the DDM schema definitions in the .df file.

Batch dump from the command-line

You may also run the batch dump program from the command-line to dump DDM and schema definitions. For example, to dump both, the schema definitions and the DDM schema definitions in the .df file, set the value of DUMP_DDM as Both and run the following command from the command-line:
DUMP_DDM=Both
$PROEXE -db sports -U user1 -P user1 -1 -b -p prodict/batch_dump_df.p -param "FILE-NAME=ALL;DF-FILE-NAME=dump.df"

Notes

While dumping the DDM schema definitions, you may receive an error in the following scenarios:
  • The table is either a SQL table, exists in a DataServer schema, or does not exist at all.
  • The field name does not exist in the table.
  • The field datatype is either CLOB or BLOB.
  • The user running the batch dump procedure is not a DDM administrator.

To know more about how to batch load DDM schema definition, see Batch Load updated ABL data definitions.