The Row Decryption decodes the value in the target file or object which is encrypted using the Row Encryption.
When decrypting the data in the file or object, encrypted using Row Encryption, it is a mandatory to add a role of the user in the Access Control. This step gives permission to the user to decrypt the file or object. In the Access Control, there are two steps that need to be performed.
In the Role Management screen, add a role of the user and check the checkbox next to the names of sensitive types that user wants to decrypt. In the same screen, specify the days and time intervals for decrypting the file.
In ACL Management screen, assign the roles to the users/groups which are associated to a specific Module and Cluster.
During the decryption process, it is necessary to add the directory in the domain. This specifies the source and destination path of the encrypted and decrypted file, respectively.
E.g., with the reference to below image, to decrypt the data in the email body using Decryption option, follow the below steps for implementing the same.
Add a role to assign to a user in Access Control. This provides access rights to the user for decrypting the file. In Access Control, add a role in the Role Management screen. Assign the role to the user/group in the ACL Management screen.
In the Role Management screen, after adding a role, select either Full Access for RegexGroups or select any of the listed sensitive types that user can decrypt. Give access rights permission for the days on which the decryption process can be triggered. The access right can be given either for the whole day or for a specific time interval.
In the ACL Management screen, assign the roles to the users/groups listed in the Groups/Users List panel to grant them access for executing decryption tasks. The role(s) along with their users/groups must be associated to the relevant Module and Cluster. Only then, the decryption process in the module can be executed successfully.
Once the role is defined, go to Role Management screen, select the Module from the drop-down and the role in Manage Roles panel. Click Update ACL button. This updated the current ACL with newly saved details of the user/groups in Access Control.
The next step is to add the directory in the domain. This specifies the source path of the encrypted file and the destination path of the decrypted file.
Select the directory from the Selected:<database_directory> drop-down in the bottom panel. Click the Add Directory button to add the directory where the source file is kept. The below window pops up.
Click Browse button to search for the source directory. The browser panel appears. Navigate to the directory where the file is kept for decryption. Click Select to select the directory path navigated on this screen, else click Cancel.
Once all the above steps are done, create a task in the Add New Task Definition screen. Enter the details such as Task Name, Task Description. Select the Decryption in the Task Type drop-down.
Select the file or object to include for decryption in the Manage Scan Locations panel by clicking on Select Directories button. On selecting, it displays the domain to which the selected file or object is associated.
The compliance policy automatically gets selected in the Select Policy panel when a file is selected in the Manage Scan Locations for encryption. The sensitive types associated with the policy are displayed in the Sensitive Data Types panel.
Click Save and Execute to save and execute the task.
Once the task has been executed successfully, you can view the decrypted file in the destination location specified in the domain. For the above example, the destination location of the decrypted file is ‘/tmp/decryptit’.
In the below image, the entire email body is decrypted to its original format using Decryption process.