Masking data while refreshing databases

Edit online

The masking feature of IMS Cloning Tool helps you to protect sensitive data, (for example, credit card numbers, Social Security numbers, names, and addresses) by masking data while refreshing your IMS databases.

IMS Cloning Tool masks data by modifying it during the refresh process, leaving the data in the source database in its original state, but modifying it before it is moved to the target database. Any changes made to the data are determined by user-specified masking rules applied during the copy.

You can apply data masking by using the batch interface commands and DD, or by using the ISPF interface.

The masking support will allow for masking of a segment, a field, or any positions within the segment. For field-level masking, you can include the FIELD() keyword for any fields defined in the DBD or the START() and BYTES() keywords to specify the starting position and length of the data to be masked.

When a database is masked, the output of the IMSDBREFRESH command is an IMS unload file. This unload file must then be used to reload the database on the target system. Normal (non-masked) IMSDBREFRESH processing will cause the IMS database on the target system to be updated. When an IMS database is masked using IMSDBREFRESH, the source database is first unloaded using the IMS HD reorganization unload utility (DFSURGU0). The data masking interface then reads this file and creates a new unload file that has been modified to perform masking. If the IMSDBREFRESH command and data masking is successful, in order to update the IMS database on the target system, this masked unload file must be used as input to the IMS HD reorganization reload utility (DFSURGL0). Once the database has been reloaded, all indexes associated with the database must also be rebuilt.

Restriction: Data masking is not supported for segments that are involved in a logical relationship. Also, data masking is not supported when the source IMS subsystem is in an ACBLIB environment and the target IMS subsystem is in an IMS-managed ACBs environment.

How to process indexes when using data masking

When specifying data masking for a database, the best practice is to assume all indexes on that database must be rebuilt. Instead of copying the indexes for masked databases, omit the indexes from the DBD parameter and ensure that the INDEXES keyword specifies N explicitly to prevent all indexes from being included in copy processing. After executing the IMSDBREFRESH job and reloading the target database, rebuild all of the indexes that were omitted from the database refresh.

Note: When applying data masking to an HIDAM or PHIDAM database, the primary index database must be specified in the DBD keyword to prevent the processing from failing with GCL35510E error.