Flow of Custom masking:
Applying Custom Masking option through Policy:
Create a Policy and select Custom option to mask the detected column.
Drop down in custom function screen will load all functions from back-end database with which connection is created in connection manager. User can type the name of the function to load or search the function.
After selecting the function, the list of parameters will be displayed.
Assign static value or column properties against the parameter.
Apply detection through the created policy.
Create masking task by selecting the above created policy.
Execute the task to mask the data.
Applying Custom Masking through Masking screen.
Go to Masking > Tasks/Templates screen.
Select masking type as - ‘custom’ Drop down in custom function screen will load all the functions from the back-end database with which connection is created in connection manager. User can search a function by its name.
After selecting function, the parameters list is displayed.
Assign column name, static value, or column properties against parameter. User can enter the value in single Column only.
User can test the function. Results will be displayed on UI.
Impacts, if any, of the design on:
High Availability in the PK Protect system: No
Web Services with Other Components: Earlier there was only one web service which was able to create and test custom function. Now there are 2 web services:
Yes – A new web service has been added to the masker IDP which can be called from DSM Administrator. This web service will return a list of all functions with which connection has been created from the Connection manager in PK Protect UI. Prefix of the function can be used to filter functions.
Test Custom Function web service is required to test the function call by database. This web service will return the function result.
Encryption in the Controller Repository, Results Database: No
Audit Reports in PK Protect: No.
PK Protect RBAC – Changes needed for RBAC with this feature: No.
Controller Snapshots – Feature requires an addition to the fields saved in the Task Instance snapshot in the Controller: YES. (Following tables are required to increase the size of the column ‘param2’
DDL Changes – Captures DDL changes: Yes.
Alter the table ‘dg_columns’ –
Set the size of columns param2 and param3 to 2000. Save the json of parameters as param2 and save the function call as param3 column.
Logging – especially overly verbose logging and leakage of sensitive data in logs: