Data blinding and authorization
The system supports blinding sensitive data at several levels: whole tables, whole columns, or whole rows or cells meeting specified criteria. You can specify masking values for blinded data.
You define blinding in input data models either manually or when you create tables using metadata files. You can then cascade blinding and masking attributes to downstream tables as part of defining transformations.
If a transformation reads from a blinded source table, you must either blind the target table or, if you are sure it does not contain any data that should be blinded, authorize it. If a target table has a blinded source table and is not authorized or explicitly blinded, the system completely blinds the target table. Only users with Blind Break privileges can see any data in the table.