Masking
Overview of Masking
The next step of the process is to Mask your Data Source. Masking obscures data to protect personally identifiable information (PII) and ensures sensitive information is anonymised. After successfully running a profile scan on a data source, a draft mask configuration file is automatically created for review prior to execution.
Mask Configurations
The tables and columns selected for masking and how they should be masked is configured in a Mask Configuration.
For DCS version 3.5:
Navigate to Data Management Hub > Manage Configurations > Mask Configurations. Here you can Add, Edit, Clone or Delete a Masking Configuration.
For DCS versions 3.4 and earlier:
Navigate to Masking > Mask Configurations. Here you can Add, Edit, Clone or Delete a Masking Configuration.
Editing a Mask Configuration
As the profiling process creates a draft Mask Configuration, click the Edit Mask Connection button on the masking configuration you want to edit. This will present the Mask Configuration form.
For DCS version 3.5:
For DCS versions 3.4 and earlier:
On the form you can edit the following configuration information.
Type | Description |
---|---|
Configuration Name | The mask configuration name. |
DB Source Connection | The data source the masking configuration is configured for. |
Description | The mask configuration description or long name. |
Notification | List of users who will be notified. |
Status | Set the masking profile to Active for use or Draft/Inactive to hide it from the Masking Execution area. |
Global Chunk Size | Default chunk size for all columns. (DCS3.5) |
Date Format | Default date format for all date columns. (DCS3.5) |
Disable Constraints | Disable constraints for all columns. (DCS3.5) |
Disable Indexes | Disable indexes for all columns. (DCS3.5) |
Disable Triggers | Disable triggers for all columns. (DCS3.5) |
Add/Edit Field(s) section: -
Type | Description |
---|---|
Category | The field masking category. (This filters the results visible in the Pattern drop list). |
Table Name | The table the column/field is on for masking. |
Column Name | The column/field for masking. |
PII Level | For viewing/setting the masking pattern as Primary PII, Secondary PII, or Other. |
Pattern | The pattern type (Masking function) as defined in the Data Library Administration area. |
Parameter | Some pattern types/masking functions may allow a parameter to be provided to customize the masking behavior. |
Lookup | Some pattern types/masking functions allow a lookup file to be selected to customize the replacement values. |
Column Disable Constraints | Disable constraints for specified column. |
Column Disable Indexes | Disable indexes for specified column. |
Column Disable Triggers | Disable triggers for specified column. |
Column Chunk Size | Chunk size for specified column. |
Flag Column | Column to be assessed for a condition. |
Flag Condition | The comparator that assess the condition. This is either "=" or "!=". |
Flag String | The value that the flag column should be compared to. |
Flag Table Name | Table to be joined for cross-table conditional masking. |
Join Column 1 | Column of the source table to be masked. The column to be joined with flag table. |
Join Column 2 | Column of the flag table to be masked. The column to be joined with source table. |
Date Format | Date format for specified column. |
Fixed Value | Value to replace all source values. |
Once complete, scroll to the bottom of the main window and click Save to Save the configuration or Close to Cancel out without saving.
Note: Please ensure the status is set to Active for the Mask Configuration to be selectable in the Execute Masking screen.
Conditional Masking
Conditional Masking can be utilised by setting up the conditional fields in the masking config. This contains features such as fixed values, flag conditions, chunking, DOB date format, and cross table masking.
For DCS version 3.5:
In DCS3.5, conditional masking can be perfomed either using the parameter field (as done in DCS3.4 and earlier):
OR using the new conditional settings form:
The above forms can be accessed by pressing Edit on a pattern in the Pattern Details section of the Masking config.
For DCS versions 3.4 or earlier:
Field Input Specifications
The following sections highlight how certain fields of the mask configuration requires to be formatted:
Fixed Value
A user specified value that will replace all values in the column. For example, "John" in this case.
For DCS version 3.5:
Fixed value can be specified by either using the parameter field:
OR by using the Fixed Value field in the Additional Configuration form:
For DCS versions 3.4 or earlier:
Example:
John
Flag Conditions
Setup values to either be equal to or not equal to the user specified value. This enables masking to either mask focused data or ignore it.
How to use:
Flag column name|flag condition|flag string
For DCS version 3.5:
Conditional values can be specified by either using the parameter field:
OR by using the Conditional Settings form:
For DCS versions 3.4 or earlier:
Example:
email|=|sam@email WHERE:
- Flag column name is 'email'
- Flag condition is '='
- Flag string is 'sam@email'.
This example translates to only masking values where the string in the 'email' column equals to 'sam@email'.
Chunking
Limit the amount of data per query by specifying a chunking value. This limit is beneficial when masking large databases. By default, columns over a million rows will be masked.
For DCS version 3.5: Chunking can be specified by either using the parameter field:
OR by using the Column Chunk Size field in the Additional Configuration form:
For DCS versions 3.4 or earlier:
Example:
John||||10000
Note: Fixed value or conditional values are not required for chunking. The chunking parameter can be used with/without either, for example, '||||1000'.
DOB date format
Specify the date format when performing masking so date format can be either changed or preserved.
For DCS version 3.5:
For DCS versions 3.4 or earlier:
Example:
%Y-%m-%d
Cross Table Masking
Masking based on cross table relationships. This will join two columns to mask the correct PII. However, the conditions will be user specified and enable masking to be completed using information from other tables. This feature can be used by providing external table information in the parameter field.
How to use:
flag column name | flag condition| flag string | chunk size (optional) | flag table name | join column 1 | join column 2
For DCS version 3.5: Cross table masking can be performed using either the parameter field:
OR by using the Conditional Settings form:
For DCS versions 3.4 or earlier:
Example:
ContactType|=|Email||EntityContact|EntityID|EntityID
Adding a Mask Configuration
On the Mask Configurations screen, click the Add Mask Configuration button. This will present a new Profile Configuration form
Once complete, scroll to the bottom of the main window and click Save to Save the configuration or Close to Cancel out without saving. For DCS3.5, the save/close buttons are at the top of the config window.
Cloning a Mask Configuration
On the Mask Configurations screen, click the Clone button on the Mask Configuration you want to duplicate. This will present the Mask Configuration form with a duplication of all data for saving as a new Mask Configuration.
Once complete, scroll to the bottom of the main window and click Save to Save the configuration or Close to Cancel out without saving. For DCS3.5, the save/close buttons are at the top of the config window.
Deleting a Mask Configuration
On the Mask Configurations screen, click the Delete button on the Mask Configuration you want to remove. This will present a confirmation window confirming that you want to delete the Mask Configuration or not.
Comparing Mask Configurations
Tick on the check boxes in front of the two configurations which you want to compare and then press the Config Comparison button to view the comparison report. The text highlighted in red marks the differences in the two configurations.
Execute Masking
For DCS version 3.5:
To execute a new masking request, navigate to Data Management Hub > Execution Console.
Here, you can select your data source then press View. Scroll down to the Execution Details section, select Mask in the first dropdown menu, and your chosen mask configuration in the second dropdown menu. The Execute button can be used to then run a mask job or View Results to simply view the results from the previously ran masking jobs.
For DCS versions 3.4 or earlier:
To execute a new masking request, navigate to Masking > Execute Masking
Here you can select a data source connection and Masking Configuration for execution. Press Run button to run the selected masking configuration. On Run button press, the table list down will be refreshed with past executions and will also show the status of current execution request.
Masking Log
In the table below, Log Button can be used to view logs for the execution.
Note: The Log window refreshes every 15 seconds if the mask is currently executing.
A currently executing Mask can also be Cancelled by clicking the Cancel button.
Masking Report
Successfully completed masks will generate a Mask Report which can be viewed by clicking the Report button.
This can also be searched on or exported out to Excel or CSV.