Automated masking and exit is controlled by providing the appropriate command line options when the application starts. The options required to automate the masking process are:

<Masking Set Filename>

The name of the masking set to load. This must be a full path including the drive and directory information. The Data Masker software will not use default directories in command line mode. If the masking set filename contains spaces, remember to enclose it in double quotes when placing it on the command line otherwise the Windows operating system will present it to the Data Masker software as multiple command line options.

-R

The signal to Run the masking set and perform the masking operations.

-X

The signal to eXit after the masking set has completed. In order to determine if the masking set completed successfully or failed with an error it is necessary to examine the application exit code (see the discussion below).

-D <param>

The Database substitution parameter. The masking set can be configured with dummy server and database information in the Rule Controllers and have that information substituted by the command line. This functionality enables the target of a masking set to be determined at runtime. The format of the database substitution parameter is always

<DummyServerName>[DummyDatabase]=<RealServerName>[RealDatabase]

The Database Substitution Parameter section below contains more information and examples.

-S <param>

The login Substitution parameter. The masking set can be configured with dummy login information in the Rule Controllers and have that information substituted by the command line. This functionality enables the target of a masking set to be determined at runtime. The format of the login substitution parameter is always

<DummyLogin>@<DummyServerName>[DummyDatabase]=<RealLogin>/<RealPassword>@<RealServerName>[RealDatabase]

The Login Substitution Parameter section below contains more information and examples.

PARFILE

The name of the parameter file to read. This should be a full path including the drive and directory information. The Data Masker software will not use default directories in command line mode. If the parameter file filename contains spaces, remember to enclose it in double quotes when placing it on the command line otherwise the Windows operating system will present it to the Data Masker software as multiple command line options.

Unlike the other command line options, the PARFILE option must be specified with an equals sign as in the example below:

PARFILE=C:\MaskingSets\SamplePARFILE.txt

The Parameter File section below contains more information and examples.

If the Masking Set filename is specified and the -R option is omitted then the Data Masker application will simply load the Masking Set and return to manual operating mode.

Exit Codes

When run from a command line, the Data Masker software will return an exit code via the standard DOS mechanism. If the last run of the masking rules was a success then this exit code will always be zero. Any non-zero exit code implies that an error occurred while opening the masking set or while running the masking rules. If a non-zero exit code is returned the log file should always be examined to determine the error that occurred. Some of the more common exit codes are:

101

The masking set was not found. See the log file for more information.

201

The masking set run was canceled by user request.

301

Errors occurred during the run of the masking set. See the log file for more information.

401

Errors were found during the processing of the command line parameters. See the log file for more information.

1000-1999

Errors occurred during the pre-run checks of the masking set. See the log file for more information.

The exit code value is returned using the Windows standard mechanisms and can be determined via any of the available Windows methods. The most common way to view the return code is by using the DOS echo %errorlevel% command. The script output below shows such an operation. The 301 exit code means the masking set execution failed with an error.

C:\Program Files\Data Masker (Sql Server)>start /wait "" Datamasker.exe C:\Net2000\DMS_TestSets\DMTest.DMSSet -R -X
C:\Program Files\Data Masker (Sql Server)>echo %errorlevel%
301
C:\Program Files\Data Masker>

There is an important consideration which must be noted when launching Windows applications from a command line. The Command application will, by default, launch a Windows application as a separate process. Once started, the Command application will not monitor the running Windows application process. In effect, this behaviour means that immediately after launching the Windows application, the Command application will return to the DOS prompt and continue with the next command statement. It is not possible to retrieve the exit code in such circumstances and the next operation in the Command application will begin to process long before the masking set has completed.

If it is necessary for the Command line application to wait until the masking set has executed (and the Data Masker software has shutdown) before it executes the next operation, then the Data Masker software must be launched with the DOS start /wait command. The example below illustrates these concepts:

Note: For some reason, the first parameter of the Start /Wait Command needs to be the Title of the Window To Open. Nobody knows quite why such an optional parameter would be required let alone be specified first in the list - however that is just the way it is. In the examples below the window title is entered on the command line as two double quote characters "". You can use whatever title you wish but the title parameter does need to be present or the Start /Wait command will improperly interpret the remaining command line parameters.

C:\Program Files\Data Masker (Sql Server)>REM the errorlevel will be set and the next command will only
C:\Program Files\Data Masker (Sql Server)>REM    be performed once the masking set is complete
C:\Program Files\Data Masker (Sql Server)>start /wait "" Datamasker.exe C:\Net2000\DMS_TestSets\DMTest.DMSSet -R -X
C:\Program Files\Data Masker (Sql Server)>echo %errorlevel%
C:\Program Files\Data Masker (Sql Server)> ... perform next command

C:\Program Files\Data Masker (Sql Server)>REM the errorlevel will always be zero and the next command will be
C:\Program Files\Data Masker (Sql Server)>REM    performed immediately without waiting for the Data Masker software
C:\Program Files\Data Masker (Sql Server)>REM    to complete
C:\Program Files\Data Masker (Sql Server)>Datamasker.exe C:\Net2000\DMS_TestSets\DMTest.DMSSet -R -X
C:\Program Files\Data Masker (Sql Server)>echo %errorlevel%
C:\Program Files\Data Masker (Sql Server)> ... perform next command

The Database Substitution Parameter always follows the -D command line option and is used to replace dummy values configured in the Rule Controller with values specified on the command line. The format of the database substitution parameter is always

<DummyServerName>[DummyDatabase]=<RealServerName>[RealDatabase]

For example, a Rule Controller might be configured with a server name of XXXX, and a database name of YYYY. In that case, a command line with the option -D XXXX[YYYY]=XANTHE\MSSDMTEST[DMTest] would check each Rule Controller in the masking set and substitute the real server and database information of XANTHE\MSSDMTEST in place of XXXX and the database name DMTest would be substituted in place of the dummy value YYYY . The dummy values of serve as place holders for the real information and allow the appropriate Rule Controller to be updated at run time. A masking set can have multiple Rule Controllers. In that circumstance, multiple substitution parameters can be configured as shown below:

-D XXXX[YYYY]=XANTHE\MSSDMTEST[DMTest] -D AAA[BBBB]=CHRYSE\SQLSERVERTEST[Pubs]

The Login Substitution Parameter

The Login Substitution Parameter always follows the -S command line option and is used to replace dummy values configured in the Rule Controller with values specified on the command line. The format of the login substitution parameter is always

<DummyLogin>@<DummyServerName>[DummyDatabase]=<RealLogin>/<RealPassword>@<RealServerName>[RealDatabase]

For example, a Rule Controller might be configured with a login of FOO, a server name of BAR, and a database name of ABCDB. In that case, a command line with the option -S FOO@BAR[ABCDB]=DataMasker/ItIsSecret@XANTHE\MSSDMTEST[DMTest] would check each Rule Controller in the masking set and substitute the real login information of DataMasker/ItIsSecret@XANTHE\MSSDMTEST in place of FOO@BAR and the database name DMTest would be substituted in place of the dummy value ABCDB . The dummy values of serve as place holders for the real information and allow the appropriate Rule Controller to be updated at run time. A masking set can have multiple Rule Controllers. In that circumstance, multiple substitution parameters can be configured as shown below:

-S FOO@BAR[ABCDB]=DataMasker/ItIsSecret@XANTHE\MSSDMTEST[DMTest] -S AAA@BBB[ABCDB]=DataMasker/SecretPassWord@CHRYSE\SQLSERVERTEST[Pubs]

The Parameter File Contents

The name of the parameter file always follows the PARFILE command line option. Each line of the parameter file specifies a command line option. Every option that can directly specified on the command line can also be specified in a parameter file. However, there are some options which can only be specified in a parameter file.

Each line of a parameter file specifies an option. Note that it is not necessary to enclose file names which contain space characters in double quotes inside the parameter file. The use of double quotes is only required (by Windows) when the file name is specified directly on the command line. Below is an example of a parameter file:

-- Sample Parameter file for Data Masker Command Line
-- usage: start /wait Datamasker.exe PARFILE=C:\MaskingSets\SamplePARFILE.txt 
-- 
LOGINSUB=DummyLogin@DummyServer[DummyDatabase]||DataMasker/DataMasker@N2KBUILD-PC\N2KTEST1[DMTest]
LOGINSUB=XXXLogin@XXXServer[XXXDatabase]||DBSSourceUser/DBSSourceUser@N2KBUILD-PC\N2KTEST1[DBSSource]
MASKSET=C:\Net2000\DMS_TestSets\CmdTestWithSubParams.DMSSet
AUTORUN=true
AUTOEXIT=true
DMSSUBVALUE00=DM_INVOICE_LINE_HISTORY
DMSSUBVALUE05=TESTUSER

MASKSET

The name of the masking set to load. This must be a full path including the drive and directory information. The Data Masker software will not assume default directories in the parameter file.

AUTORUN

A flag which indicates if the opened masking set should be automatically executed and masking operations performed at startup. This value can be either of true or false.

AUTOEXIT

A flag which indicates if the Data Masker software should automatically exit after the masking set has completed operations. This value can be either of true or false.

LOGINSUB <param>

The login substitution parameter. The masking set can be configured with dummy login information in the Rule Controllers and have that information substituted by the command line. This functionality enables the target of a masking set to be determined at runtime. The format of the login substitution parameter is always

<DummyLogin>@<DummyServerName>[DummyDatabase]||<RealLogin>/<RealPassword>@<RealServerName>[RealDatabase]

The Login Substitution Parameter section above contains more information and examples. If more than one login substition is required by the masking set, use multiple LOGINSUB lines in the parameter file as illustrated in the example above.

DMSSUBVALUExx

Up to twenty replacement strings can be specified in the parameter file. The xx is a two digit numeric value. These runtime substitution values are designed to permit generic sql statements to be dynamically adjusted at runtime for specific targets during batch operations.

Usage: The keywords for these replacement strings are DMSSUBVALUE00 to DMSSUBVALUE19. If the text %DMSSUBVALUExx% is used in a Command rule or in the Where Clause of a masking rule, the value associated with that keyword will be replaced at runtime before the rule is executed. For example, if a Command rule included a statement like Truncate table %DMSSUBVALUE05%_TEMP; and the parameter file contained a line stating DMSSUBVALUE05=TESTUSER then the actual statement that would be executed would be Truncate table TESTUSER_TEMP;. The value TESTUSER would be substituted for the %DMSSUBVALUE05% text in the SQL statement immediately before the statement was executed.

Note: It is possible to specify the same actions using both options on the command line and also in the parameter file. The arguments are processed in order from left to right on the command line and from top to bottom of the parameter file. The last value processed will be active setting.

Use of Delimiters in Substitution Value Text

The Data Masker Command Line Processor uses delimiter characters ('@', '[', ']' and '=') to determine the various components of the login name, password, database and instance in the Login and Database substitution parameters. If the contents of the Login and Database substitution parameters require the use of any of these characters (for example a password is "myp@ss") the presence of the delimiters will disrupt the interpretation and processing of the command line.

Delimiter characters used in the text of a substitution value must be marked with a preceeding backslash character (escaped). For example, a Login Substitution value implementing a password of myp@ss=1 would have its password written as myp\@ss\=1. The full Login Substution value might look like...

FOO@BAR[ABCDB]=DataMasker/myp\@ss\=1@XANTHE\MSSDMTEST[DMTest]

The command line processor will see the "\@" and "\=" and will interpret them as part of the substitution value text and not as the '@' and '=' delimiters. Similarly, the '[' and ']' characters can be escaped as "\[" and "\]". A single backslash can be represented in the text as "\\" if necessary.

Examples

Load a Masking Set file only

start /wait "" DataMasker.exe "C:\Program Files\Data Masker Sql Server\Masking Sets\pubs.DMSSet"

Load, Run and Exit

start /wait "" DataMasker.exe "C:\Program Files\Data Masker Sql Server\Masking Sets\pubs.DMSSet" -R -X

Load, Run and Exit and Substitute login details

start /wait "" DataMasker.exe "C:\Program Files\Data Masker Sql Server\Masking Sets\pubs.DMSSet" -R -X -S FOO@BAR[ABCDB]=DataMasker/ItIsSecret@XANTHE\MSSDMTEST[DMTest]

Execute using a parameter file

start /wait "" DataMasker.exe PARFILE=C:\MaskingSets\SamplePARFILE.txt

Execute using a parameter file specified with other command line options

start /wait "" DataMasker.exe PARFILE=C:\MaskingSets\SamplePARFILE.txt -R -X