Data Masking Configuration Integration Point

This integration supports configuration of fields and their associated transformation functions for the Data Masking Process.

This integration point only supports message-based communication.

Endpoint
http://[hostName]:[portNumber]/[api-context-root]/datamaskingdefinitions/

Data Model

Each entry in the data masking configuration has:

Table 1. Data Model
Field Description

Entity Name

The name of the entity, for example, Person, Address, etc.

Object Usage Name

The usage name for a dynamic field, a dynamic record, or a fixed field on the entity.

Record Object Usage Name

The usage name of a field that is part of a dynamic record ( this is applicable when the object usage name is a dynamic record).

Transformation Category

The transformation function for the masking process.
The transformation category that you select must align with the data type of the object usage name or the record object usage name.

Supported Operations

This integration point supports:

  • Adding a new entity to the masking configuration using an HTTP POST request.

  • Updating the configuration for an entity using an HTTP PUT operation.

Add a New Entity

To add a new entry to the data transformation and masking process, send the following request and the sample request payload:

POST: http://[hostName]:[portNumber]/[api-context-root]/datamaskingdefinitions/

{
    "entityName": "Person",
    "objectUsageName": "medicareCard",
    "recordObjectUsageName": "cardNumber",
    "transformationCategory": "TXTHASH"
}

The above payload creates a configuration for the cardNumber field on the medicareCard dynamic record of the Person entity using the TXTHASH transformation function.

Update Configuration for an Entity

To update the configuration, send the following request and the sample request payload:

PUT: http://[hostName]:[portNumber]/[api-context-root]/datamaskingdefinitions/{id}

{
    "transformationCategory": "TXTHASH"
}

This is a sample payload, you need to create your own payload based for the fields you want to mask.

View Existing Configurations

To view the pre-existing configuration, send the following request with the generic endpoint:

POST: http://[hostName]:[portNumber]/[api-context-root]/generic/datamaskingdefinitions/search

Delete an Existing Configuration

To delete an existing configuration, send the following request with the generic endpoint:

DELETE http://[hostName]:[portNumber]/[api-context-root]/datamaskingdefinitions/{id}

Transformation Functions

The application provides several in-built transformation functions for the masking process based on the data type of the field:

Text Fields

Table 2. Text Fields
Transformation Function Name Description Before After

TXTHASH (Text hash with seed)

This function applies the SHA-1 hash algorithm and truncates the output to match the maximum length of the associated field.

For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function.

You can even use this function to replicate the transformation outside the Oracle Health Insurance application.

123456789

x8dtyqbfDPS[vub_EvtY4bdbvDsuFB3T

TXTRPL (Simple text replacement)

This function replaces the field value with the field name.

Only recommended for non-unique columns.

A dynamic record with column name as firstName and stored value as John.

Replaces the stored values with the usage name, like the firstName in the example.

TXTRNDPSF (Random replace, preserves size format)

This function replaces the field value with a random value in the same format. The function replaces letters with letters, numbers with numbers, and preserves special characters.

AA-A001B

TY-U765C

TXTRNDRPL (Text random replace)

This function replaces the field value with a random character string with a random character string of the same size

John

DSGadjgadv8eog90

Number Fields

Table 3. Number Fields
Transformation Function Name Description Before After

NUMHASHADD / NUMHASHCON (Hash with seed add/concatenate)

This function applies the SHA-1 hash algorithm and truncates the output to match the maximum length of the associated field.

For extra security, this function concatenates a user-configured seed value with the input text before passing the value to the hash function.

You can even use this function to replicate the transformation outside the Oracle Health Insurance application.

10

93275

NUMNP (Nearest Prime)

This function replaces the value with the nearest, smaller prime number.

20

17

NUMRNDPSF (Random preserve format)

This function replaces the number with a random number, preserving the format.

10.99

24.65

Date Fields

Table 4. Date Fields
Transformation Function Name Description Before After

DATEDMYS (Day, month and year shift)

Day - Sets to 1
Month - Nearest quarter
Year - Nearest decade

2022-05-26

2020-06-01

DATEDMS (Day and month shift)

Day - Sets to 1
Month - Nearest quarter
Year - No change

2022-05-26

2022-06-01

DATEMPS (Day with partial month shift)

Day - Sets to 1
Month - Adds 1 if the day is the 16th or after
Year - No change

2022-04-26

2022-05-01

DATEDS ( Day shift)

Day - Set to 1
Month - No change
Year - No change

2022-04-26

2022-04-01

DATERNDS (Random Date)

Day = 1-28 Month = 1-12
Year = Adds or subtracts up to 50 years from the current year

2022-04-26

2032-01-24
The values for Before and After columns under the Text, Number, and Date fields are sample values.

Other Functions

Table 5. Other Functions
Transformation Function Name Description

SETNULL (Set to Null)

Sets the value to Null to use with any field

SETDEFAULT (Set to Default)

Only available for Gender field, sets the value to unknown
We recommend use of the TXTHASH for string fields and NUMHASHADD or NUMHASHCON for number fields to mask data from unique fields like code on a Person, Policies, and so on. This prevents any unique constraint errors during the masking process. It also keeps the values consistent while masking data for the same fields across multiple entities, for example, policyCode for Policy, PolicyEnrollmentEvent, and EnrollmentFilePolicy.

Native Fields

To protect the integrity of the application, only the native fields listed below are part of the masking process.

All the dynamic fields and dynamic records are part of the masking configuration. We recommend exclude any dynamic fields for the tables to be purged as part of the Data Masking Process.
Table 6. Native Fields
Entity Name Object Usage Name Data Type Mandatory/Unique

Person

dateOfBirth

Date

Mandatory

Person

endDate

Date

Person

code

String

Unique

Person

emailAddress1

String

Person

emailAddress2

String

Person

faxNumber

String

Person

firstName

String

Person

gender

String

Person

initials

String

Person

middleName

String

Person

name

String

Mandatory

Person

namePartner

String

Person

phoneNumberBusiness

String

Person

phoneNumberMobile

String

Person

phoneNumberPrivate

String

Person

policyGid

String

Person

suffix

String

Address

additionalPart1

String

Address

additionalPart2

String

Address

additionalPart3

String

Address

city

String

Address

numberAddition

String

Address

postalCode

String

Address

street

String

RelationIdentifier

identifier

String

Mandatory

BankAccountNumber

bankAccountNumber

String

Mandatory

BankAccountNumber

bankAccountNumberDebit

String

BankAccountNumber

specialName

String

TaskAttribute

valueChar

String

TaskAttribute

valueDate

Date

Policy

code

String

Mandatory

PolicyEnrollmentProduct

startDate

Date

Mandatory

PolicyEnrollmentProduct

endDate

Date

InterfacedMessage

correlationId

String

PolicyEnrollmentEvent

policyCode

String

GroupClientEvent

policyCode

String

EnrollmentFilePolicy

policyCode

String

Mandatory

PolicyIdentifier

identifier

String

Unique

Response Messages

The application creates the response messages in response to the request messages it receives from external interfaces. Please refer to the "Response Messages" section in the HTTP API/IP Concepts as part of the Developer Guide for more details.

Error Messages

The following error messages are specific to the data masking definition integration point.

Table 7. Error Messages
Code Severity Message Text

DID-IP-CNFG-001

Fatal

Invalid entity name {entityName}

DID-IP-CNFG-002

Fatal

For the {entityName} entity name, invalid object usage name {objectUsageName} defined or the object usage name {objectUsageName} cannot be part of the data masking process

DID-IP-CNFG-003

Fatal

Invalid record object usage name {recordObjectUsageName} for the {objectUsageName} object usage name

DID-IP-CNFG-004

Fatal

{recordObjectUsageName} cannot be added as a record object usage name for {objectUsageName} object usage name as {objectUsageName} is not a dynamic record

DID-IP-CNFG-005

Fatal

Record object usage name is required for {objectUsageName} object usage name, record object usage name must be defined for a dynamic record

DID-IP-CNFG-006

Fatal

{objectUsageName}/{recordObjectUsageName} cannot be added, flex codes, start dates and end dates not allowed

DID-IP-CNFG-007

Fatal

Transformation category does not match the attribute definition

Authorization

A user authorization configuration protects access to this integration point. The relevant access restriction is datamaskingdefinition IP.