| SDCs |
Include the SDCs whose information you want to mask.
| Property Name | Description | | SDC Id | The SDC Id for which these Masking properties are defined. | | Enable | Whether or not to enable Data Masking for this SDC. | | Columns | Identify the Columns that contain sensitive information. For each Column define the different Masking techniques to apply when sensitive information is displayed to unauthorized Users.
| Property Name | Description | | Column Id | Id of the column that contains sensitive information (such as birthdt). | | Nested SQL Alias Id | Alias Id of the nested SQL column defined in the target element. | | Enable Masking? | Whether or not Masking Rules will be applied for this column. | | Limited Data Access SQL | SQL that can be used to retrieve User-Column access information. This dataset is available in the Groovy Expression of the Enable Column Masking property. Supported tokens are currentuser, keyid1, keyid2, keyid3, rsetid. | | Masking Properties | Define the Masking technique to use for this Column.
| Data Type | Description | | Data Type | Choose the type of data you are Masking. | | Text | Logic to use when masking Text data. Mask Text data by specifying a percentage of the text to be masked, or choose to show only initial characters (Joe Smith would be shown as JS).
These are the Text Data Masking templates provided OOB:
| Property | Description | | Masking Logic | Choose the Masking Logic to apply to Text fields when Data Masking is enabled. | | FIRST_N_PERCENT_CHAR
LAST_N_PERCENT_CHAR | Define the length of text and the percentage to mask.
| Property | Description | | Length Percent | The percentage of the total length of the value.
For example, you might choose to mask the first 50% of
text with an asterisk.
Non zero, non negative integers only. | | Replace each Character | Specify the replacement character. The characters or strings within the Length Percent are replaced with this character. | | Replace with Text | Applicable only if "Replace each Character" is blank.
Define the text to replace the characters or strings within the Length Percent. You might choose to replace the sensitive information with the word [Restricted]. |
| | FIRST_N_CHAR
LAST_N_CHAR | Define a specific number of characters at the beginning (FIRST_N_CHAR) or end (LAST_N_CHAR) of the text field.
| Property | Description | | Length | The number of characters to replace. | | Replace each Digit | Specify the replacement character.
For example, if you use the template "FIRST_N_CHAR" where "N" is 5, and specify an * as the replacement, a Social Security number would display as ***-**-1234. The first 5 digits are replaced with the specified character. | | Replace with Text | Applicable only if Replace each Character is blank.
Define text to replace the specified number of characters. The digits are replaced with the specified text, 555-123-[Restricted] (LAST_4_CHAR). |
| | ONLY INITIALS | The Split Delimiter field specifies the delimiter used to determine initials. The default is "Space". For example, if the data were "John Smith", the space between John and Smith is the delimiter, "JS" would display in the column. |
| | Number | Number data
can either be masked with a specified character or by a range of numbers. | Property | Description | | RANGE SIZE | Size to determine the range. A Range Size of 10 would create ranges such as 0-10, 10-20, 20-30. The range replaces the number with the specified range of numbers.
For example, if you are masking a person's age, you could choose to display their age within a range such as 20 - 30. If the person was 25, 20-30 would display. | | REPLACE_WITH | Replaces each digit with the specified character.
| Property | Description | | Replace each Digit | Specify the replacement character. For example, if you specify an *, a Social Security number would display as ***-**-****. Each digit will be replaced with the specified character. | | Replace with Text | Applicable only if Replace each Digit is blank.
Define text to replace the characters. The digits are replaced with the specified text, 555-123-[Restricted] (LAST_4_CHAR). |
|
| | Date | Date fields can be masked in the following ways:
| Property | Description | | AGE_RANGE | Based on "today's date", age is calculated. The birth date is then replaced with a specified range of numbers. For example, you could choose to display ranges such as under 5, 18-25 or Over 70.
| Property | Description | | Range Size | After the age is calculated, the size to determine the range. A Range Size of 10 would create ranges such as 0-10, 10-20, 20-30. | | Upper Age Limit | After the age is calculated, this is the number at which the age is blank. For example, if the upper age limit is 70, any age calculated to be 70 and above will not display. |
| | MONTH_N_YEAR_ONLY | Displays the month and year (July 1988).
| Property | Description | | Upper Age Limit | The number at which the age is blank. For example, if the upper age limit is 70, any age calculated to be 70 and above will not display. |
| | PATTERN | Simple Date Format pattern tokens (such as mm/dd/yyyy).
| Property | Description | | Pattern | Specify the pattern to use (such as mm/dd/yy). | | Upper Age Limit | The number at which the age is blank. For example, if the upper age limit is 70, any age calculated to be 70 and above will not display. |
| | REPLACE_WITH | Replace the date with the specified character.
| Property | Description | | Replace each Digit | Specify the replacement character. For example, if you specify an *, a Social Security number would display as ***-**-****. Each digit will be replaced with the specified character. | | Replace with Text | Applicable only if Replace each Digit is blank.
Define text to replace the characters. The digits are replaced with the specified text, 555-123-[Restricted] (LAST_4_CHAR). |
| | YEAR_ONLY | Displays the year only.
| Property | Description | | Upper Age Limit | The number at which the age is blank. For example, if the upper age limit is 70, any age calculated to be 70 and above will not display. |
|
| | Expression | Define a custom Groovy Expression. Available Variables are: value, user, primary, columnid.
For example, $G{primary.genderflag=="M"?value.replaceAll(".","*"):"Female Subject"} The above expression can be used for the subjectdesc
column. It means, if the subject is female, then show
the text "Female Subject" or else replace
every character with *. Note that when using an Expression type Masking Rule,
all masking logic performed is done by the groovy expression
itself. |
|
| | Alias | Determines how Alias data will display when Data Masking is enabled.
Field values are treated as Text.
| Property | Description | | Enable Masking | Whether or not to enable Data Masking when displaying Alias data. Defaults to "No". | | Masking Properties | Logic to use when masking data. Options include specifying a percentage of the text to be masked, or choose to show only initial characters (Joe Smith would be shown as JS).
These are the Text Data Masking templates provided OOB.
| Property | Description | | Masking Logic | Choose the Masking Logic template to apply when Data Masking is enabled. Optionally, customize these templates using the properties described below. If no properties are defined, sensitive data is masked entirely, with asterisks. | | FIRST_N_PERCENT_CHAR
LAST_N_PERCENT_CHAR | Define the length of text, and the percentage to mask.
| Property | Description | | Length Percent | The percentage of the total length of the value.
For example, you might choose to mask the first 50% of
text with an asterisk.
Non zero, non negative integers only. | | Replace each Character | Specify the replacement character. The characters or strings within the Length Percent are replaced with this character. | | Replace with Text | Applicable only if Replace each Character is blank.
Define text to replace the characters or strings within the Length Percent. You might choose to replace sensitive information with the word [Restricted]. |
| | FIRST_N_CHAR
LAST_N_CHAR | Define a specific number of characters at the beginning (FIRST_N_CHAR) or end (LAST_N_CHAR) of the text field.
| Property | Description | | Replace each Digit | Specify the replacement character. For example, if you use the template "FIRST_N_CHAR" and specify an *, a Social Security number would display as ***-**-1234. The first 5 digits are replaced with the specified character. | | Replace with Text | Applicable only if Replace each Character is blank.
Define text to replace the specified number of characters. The digits are replaced with the specified text, 555-123-[Restricted] (LAST_4_CHAR). |
| | ONLY INITIALS | The Split Delimiter field specifies the delimiter used to determine the initials, the default is " " (space). For example, if the data were "John Smith", the space between John and Smith is the delimiter and "JS" would display in the column. |
| | Condition | Determines whether "All" Alias Types or only "Selected Types" are masked. Defaults to "All". Define the specific Alias Types to be masked below. | | Alias Type | Applicable when "Condition" (above) is "Selected Types". Specify which Alias Types will be Masked. |
|
|