Skip to main content

Static Masking - RDBMS

To access the Tasks/Templates Definitions screen, click RDBMS > Static Masking > Tasks/Templates. This displays the Tasks/Templates Definitions screen.

Select RDBMS in the Select Module drop-down.

To create a new task, click the Add New Task/Template Definition tab in the Tasks/Templates Definitions screen. The following screenshot shows the user interface for creating a task:

  1. In Task Details section, enter the unique task name in Task Name field and its description in Task Description field. Both these field supports numeric and character values. The Task Description can hold up to 254 characters.

  2. Select the attribute name from the Task Attribute drop-down. This option allows to add tags to the created task.

     

  3. Select either Task, define the protection options used for masking the Sensitive Types, or Template, that will use already defined protection options for the masking.
    If Template is selected, enter the unique template name in Template Name field and its description in Template Description.

     

  4. Click Show Advanced Options to view config parameters. This section displays the environment setting for the masking operations such as Enable Watermark, Commit Size, IsGlobal, Global Domain, Max Workers, and Package Schema. Based on the selected connection, the option changes in Show Advanced Options panel.

     

    1. The Max Worker setting enables the user to specify the number of tables on which you want to execute masking in parallel. For example, if you set the value for this setting to 8, it means first eight tables will be masked in parallel, then next eight tables will be masked and so on.

      If masking is completed on three of the first eight tables, the Masker IDP will pick three more tables to complete the set of and start masking the new set. It will not wait for masking to be completed on all eight tables of the previous set. This setting is available for all the supported databases in PK Protect. It is used when there are large number of tables to mask.

       

      On multi-cores CPU, setting the value for Max Worker setting to maximum will result in more utilization of CPU. So, the users must set the value, accordingly. This setting impact CPU consumption but do not have much impact on memory because Oracle keeps releasing memory once commit is done. Default commit size while masking the data is 100K. So, setting the value of max worker setting to 1 or 8 will not have much impact on memory consumption.

      There can be some factors that may play a role in memory utilization such as, commit size, number of columns in a table, amount of data available in the tables to mask etc. But, as Oracle keeps releasing memory after every commit, all these factors does not have much impact on memory consumption.

    2. The Parallel Level setting describes the number of threads that will work on a single table to mask it. For example, if you set the value for this setting to 4 that means four threads will work on a single table to mask it. This setting is used in case there are some large tables available to mask among many small tables. In this case, multiple threads can mask the large tables in parallel. This setting is enabled only for Oracle database.

       

      On multi-cores CPU, setting the value for Parallel Level setting to maximum will result in more utilization of CPU. So, the users must set the value, accordingly. This setting impact CPU consumption but do not have much impact on memory because Oracle keeps releasing memory once commit is done. Default commit size while masking the data is 100K.

      So, setting the value of parallel level setting to 1 or 8 will not have much impact on memory consumption. There can be some factors that may play a role in memory utilization such as, commit size, number of columns in a table, amount of data available in the tables to mask etc. But, as Oracle keeps releasing memory after every commit, all these factors does not have much impact on memory consumption.

    3.  The Package Schema setting enables the user to store the masking task metadata and status generated while the task is running. You can enter the name of the schema using this option. The default value of the Package Schema is set to DG. To know more about how package schema stores the masking information, refer Dg Schema.

  5. The Select Connections panel lists down all the available connections. To create a new connection for any data source, click the + Add New Connection button. To know more about how to create and manage connections, refer Connection Manager. Perform the below steps for selecting the connections:

     

    1. Click the Select Group drop-down and select the option to sort the available connections. It has five options:

       

      1. Connection IDP: Categorizes the available connections based on the types of IDPs available, i.e., Detection and Masking.

      2. Connection Type: Categorizes the available connections based on the type of server connected to, i.e., Oracle, Teradata, SQL server etc.

      3. Host Name: Categorizes the list of available connections based on Host Names.

      4. Location: Categorizes the available connections based on the location of the target source system server, i.e., On-Premises and Cloud.

      5. User Name: Categorizes the list of available connections based on the Usernames.

    2. The Select Group Value drop-down display the values based on the selection made in the Select Group drop-down. For example, if Connection IDP is selected in the Select Group field then the values displayed in the Select Group Value are Detection and Masking.

       

      To select a connection, check the checkbox available with the connection name. To edit a connection detail, click the Pen icon in the Actions column.

       

      The Test button lets you to test the connection before executing the task. It will show the pop-up on successful completion of testing. The Test button is enabled when you select a connection by checking the checkbox.

  6. Check the Incremental checkbox to apply incremental masking to the database. This feature is useful to mask new values added in a database after masking has been executed on it. Only the new entries will be masked, thus, the time taken for masking would be reduced. This option is available only for Oracle, Teradata, SQL Server, DB2 and DB2 Mainframe databases.

    *Note: When Incremental checkbox is selected, the CUPS options get disabled.

    1. On checking the Incremental Task checkbox, the Select Map panel is visible. Select the required map by checking the checkbox available with the ID column. The Select Map define incremental columns within a database which are considered for indexing the data to mask the new rows added to the database.

       

      To add a map, click + Add New Map button to define map manager for the connection. This opens side panel where map details can be entered.

       

      Alternatively, you can define a map using Add Map screen. A map can be defined for all three modules i.e., RDBMS, RDS and Azure. To access this screen, click RDBMS > Masking > Map Managers > Maps > Add Map tab. The following screenshot displays the Map Manager interface:

       

    2. Enter the name of the map in the Map Name. Select the connection in the Select Connection drop-down. The selected connection will display the list of all the database on which incremental masking has to be applied.

    3. Select the required Database/Schema and enter the name of the incremental column to the corresponding database and ensure that it is timestamp or date-time datatype.

       

    4. Click Save button to save the map details. It will be available in the Select Map panel on the Add New Task/Template Definition screen. Click Cancel if you do not want to save the changes.

      *Note: To apply incremental masking the following criteria must be met:

      1. Create a map to execute incremental masking and apply it to the task.

      2. Relational tables cannot be included.

      3. Column holding date, timestamp or a numeric incremental value should be added as a incremental column.

      4. The incremental column cannot be masked.

  7. Select either Policy-based Masking (Recommended) or Column-based Masking (Advanced) in the Select option.

  1. If Policy–based Masking (Recommended) is opted, then data can be masked with or without running a detection result.

    1. With Detection Results – If you opt this option, a detection task on the database needs to be executed before executing a masking task. Perform the below steps: 

       

      1. Select a policy in the Compliance Policy panel. Click the View icon in the Actions column to view the list of masking and the CUPS option applied on the selected Sensitive Type in the policy.

      2. Select the database in the Select Schema/DB panel by checking the checkbox available with the database name.

      3. Click the Apply Policy button. This applies the details of masking options opted while creating a policy. On clicking the Apply Policy button, the Selected Columns for Masking panel displays the list of all column names in which data need to be masked.

    2. Without Detection Results – If you opt this option, you need to define structure and domain for the database before executing a masking task. If this option is opted, then you can mask the data without executing a detection task. To know more, visit Structure Management and Domain. Perform the below steps:

       

      1. Select a policy in the Compliance Policy panel. Click the View icon in the Actions column to view the list of masking and the CUPS option applied on the selected Sensitive Type in the policy.

      2. Select the database in the Select Schema/DB panel by checking the checkbox available with the database name.

      3. Click the Apply Policy button. This applies the details of masking options opted while creating a policy. On clicking the Apply Policy button, the Selected Columns for Masking panel display the list of all column names in which data need to be masked.

  2. If Column-based Masking (Advanced) option is opted, then masking can be applied on the selective columns of the database by specifying the type of masking or encryption option.

     

    1. Apply masking options based on Templates: You can select a template from the Select Template drop-down. This option provides a list of templates that have been created for masking.

      *Note: Templates are connections specific and only one template can be selected at a time.

       

      The option is greyed out if no templates has been created. To create a template, click the Add Template option and follow the same steps for creating a task, for creating a template. Save the template. 

      Once a template is created, it appears in the Select Template drop-down on the Add New Task/Template screen.

      *Note: Set the value of Check_Data_Auto property to ‘Y’ in dbProp.properties file at location ‘…/Dataguise/DgSecure/Agents/DgMaskerAgent/expandedArchive/WEB-INF/classes/config/db2mf’. This property verifies the referential integrity on the tablespace. By default, the value is set to Yes.

      Click the Apply Template button to apply the template selected in Select Template drop-down.

       

    2. Apply masking options based on Columns: If you do not want to apply templates, then you can apply masking options on the selective columns of the database by specifying the type of masking or encryption. Perform the below steps: 

       

      1. Select a database in the Select Schema/DB panel. This panel displays the list of all databases for the selected connections.  

         

      2. On selecting a database, the list of tables gets populated in the Select Table panel. This section displays all the available tables for the selected database. 

         

      3. On selecting a table, the list of columns gets populated in the Apply Masking panel. This panel displays the names of the columns and their datatypes. In this panel, you can select the Masking Options and the CUPS, KN, SL options also.

        *Note: To apply Random: ZIP masking on MySQL data source, change the packet size in my.cnf file. Range for the packet size is 10 MB to 256 MB.

        For detailed information on all the available masking options in PK Protect refer to Protection handbook Masking Options.  

         

      4. Select the masking option from the drop-down against the column entry. You can apply the masking to the selected column by checking the checkbox corresponding to the column name.

        *Note: Stateless masking cannot be performed on the following databases:

        1. Postgres

        2. MySQL

        3. MariaDB

          Stateless support on RedShift is limited to FPM and Names masking.

          *Note: Intellimask and NPI masking options are disabled for the following databases:

          1. AuroraDBPostgres in AWS

          2. MariaDB in RDBMS and RDS

          3. SQL Server and Postgres in Google Cloud

  3. The columns selected for masking are displayed in the Selected Columns for Masking panel. This panel display the list of all columns and the masking options selected for each column based on which data will be protected. To view any foreign key reference for masking, click the downward arrow next to the checkbox.

     

    Select the option from the Show Columns drop-down. There are four options:

     

  4. Click Save button to save the task. To execute the task instantly after saving, click Save and Execute button. Click Save As button, if you want to save the task with the same configuration but with different name.
    To edit a task, select the task from the Tasks/Templates Definitions tab. Click Pen icon in the Actions column to edit the task.

*Note: In Teradata, masking occurs at the table level. All columns within a table will skip null, blank, or space values. Masking will be skipped for the following masking options if any of the conditions below are true for all the columns of a table.

  1. Null, blank or space values within a column will not be masked if user opts for FPM (Format Preserve Masking), Partial FPM (Format Preserve Masking), FP Encryption and FP Decryption protection options.

  2. Null or blank values within a column will not be masked if user opts for AES and Character protection options.

  3. If SL (Stateless) option is enabled for the following protection options i.e., NPI, Regex, Telephone, CCNO, SSNO, Number, Date, Random String, and Intellimask then null and blank values will not get masked.

  4. Null, blank or space values within a column will not get masked, If Keep Null and SL (Stateless) option is enabled for any protection options.

There are few common controls through which you can sort the values in the column header, hide and unhide the column headers, filter the data, etc. To know more, visit RDBMS Common Controls.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.