Data Masking Support
If data within the object is considered a candidate for data masking, then the masking capabilities with the product can be used to mask the data in an appropriate fashion.
Note: The data is not stored in a masked fashion; it is configured to be displayed in masked format for users using Security Types.
To mask data using the internal data masking capability:
• An internal algorithm type of F1-MASK is supplied with the product to perform basic data masking.
• The following parameters are applicable to the algorithm:
• Configure an Algorithm entry of Algorithm Type F1-MASK for the desired masking configuration. Algorithm entries can be shared across fields to be masked using the Algorithm menu option on the Administration menu.
• Attach User Groups to the Application Service with the appropriate Authorization Level for the Security Type.
• Create or update a feature configuration with a Data Masking feature type by using the Feature Configuration menu option on the Administration menu.
• For each field to mask, add an entry to the Options section of Feature Configuration and configure the following settings:
• Option Type: Select Field Masking for Data Masking.
• Sequence: Specify a sequence number for sorting purposes.
• Value: Specify a tag string delimited by a comma to indicate the data masking definition.
• The supplied algorithm only supports fields defined as strings.
• Enter alg="algorithm name" to reference the masking algorithm. The corresponding Algorithm Type must reference the Data Masking algorithm entity.
• For data accessed via a scheme-based object call, reference a metadata field name from its schema definition. For example, to mask a credit card number with a schema of <creditCard mdField="CCNBR" mapField="EXT_ACCT_ID"/>, set the option value to field="CCNBR", alg="algorithm name".
• For data accessed through a page maintenance service call, indicate the table name and the field name where the data resides, for example table="table_name", field="fld_name", alg="algorithm name".
• A WHERE clause may also be specified, which is useful for data that resides in a child table where only data of a certain type needs to be masked. For example, table="CI_PER_ID", field="PER_ID_NBR", alg="algorithm name", where="ID_TYPE_CD='SSN'"
• For data stored as a characteristic, indicate the characteristic type as CHAR_TYPE_CD='char type', alg="algorithm name". This needs to be defined only once regardless of which characteristic entity the char type may reside in. Note that only ad-hoc characteristics are supported at the present time.
• For data displayed via a search service call, indicate the search name and the appropriate field to mask along with the masking algorithm. For example, search="SearchServiceName", field="PER_ID_NBR", where="ID_TYPE_CD='SSN'", alg="algorithm name". To find the search service name, launch the search in question, right-click the filter area, select View Source and search ServiceName. To find the field name to mask, return to the search window and right-click the search area then select View Source. Look for the Widget Info section and find the field name in the search results excluding the $. Note that the WHERE statement can only apply to fields that are also part of the search results.