All rule sets need a name as well as the connector information you previously created. After you provide this information, you will see a list of tables that is owned by the schema owner defined in the connector. This enables you to select the tables you want to mask. Below is a step-by-step description for how to create a rule set.
Create a Rule Set
- In the Environments tab, click the Rule Set tab.
- In the upper right-hand corner of the Rule Set tab, click +Create Rule Set.
The Create Rule Set screen appears. This screen lets you specify which tables belong in the rule set.
A similar screen appears when you edit a rule set.
Edit a Rule Set
- Click the name of an environment.
- Click the Rule Set tab.
- Click the Edit (pencil) icon for the rule set you want to edit.
- Click Edit Rule Set.
- The Create Rule Set screen appears, allowing you to specify which tables belong in the Rule Set.
- Enter a Name for your rule set.
- Select a Connector name from the drop-down menu.
The list of tables for that connector appears.
- To select individual tables, click their names in the list to the right. Alternatively, click Select All in the bottom left to select all the tables.
- Click Save.
You are returned to the Rule Set screen.
- To see the list of tables that you selected, click the name of the newly-created rule set.
- Optionally, for each table, if there is no primary key for that table, click Edit Table and define the logical key, as seen in the screenshot below:
The following section describes how to define the columns to mask for each table in the rule set.
Review Masking Inventory, Configure Columns with Domains and Algorithms
After selecting tables (connectors) and defining a rule set, which you did in the preceding section, you are ready to configure the columns in the masking inventory. Navigate to the Inventory tab, which displays the list of rule sets and the corresponding tables. Because no domains (masking algorithms) are attached yet, this is an empty inventory, as shown in the screenshot below. Selecting the respective tables from the Contents window will show the columns associated with each table.
Manually edit the columns with sensitive data to assign a domain and algorithm by clicking the pencil icon at the end of the inventory row.
- Click Inventory.
- Select the rule set you want to mask.
- Click Contents to list all the tables or files defined for the rule set.
- Select a table. All the contents in the table will appear.
- If a column is a primary key (PK), a Foreign Key (FK), or an index (IDX), an icon indicating this will appear to the left of the column name. If there is a note for the column, a Note icon will appear. To read the note, click the icon.
- If a table, metadata for the column appears: Data Type and Length (in parentheses). This information is read-only.
- To mask or unmask a column, click Edit and choose the appropriate domain for the column.
- The selected domain will open a corresponding algorithm. If needed, you can select a different algorithm from the drop-down list. Based on the column you are masking, you may decide to choose one of the following three algorithms:
- Secure Lookup Algorithm
- Segment Mapping Algorithm
- Secure Shuffle Algorithm
- Complete the presented form to the right that corresponds to your selected algorithm.
- Click Save.
If you have already selected a column to be masked and you want to undo this:
- Click the pencil icon for that column.
- In the Edit Properties dialogue box, reset the DOMAIN element to Choose Domain. You will exclude that column from being masked. Please refer to the screenshot below:
Optional Steps (Not required)
Create a New Profile of Data Using the Masking Inventory
If you are unsure what data you want to mask, a good practice is to profile data by updating an inventory of your data with sensitive data elements identified. You can then review and edit that inventory.
- From your environment's Overview tab, click the Profile button.
The Create Profile Job screen will appear.
- Enter a Job Name.
- Select your rule set.
- Select a profile set, which will be created when you set up your masking security policy or one of the provided profile sets.
- Click Save. The job will appear on your overview screen.
- Create a profiling job using the steps above.
- Run the profiling job you just created. When you run this profiling job, it updates/populates an inventory.
- Click the Profile Job name to see the results.
- Click the Results sub-tab. You should see the name columns appear as sensitive.
- If you want to download a PDF report of the sensitive fields that have been profiled, click the profiling report.
- To view the inventory, click the Inventory tab while in an Environment Overview.
- Examine the inventory to ensure that the profiling job has included everything you want to mask. For example, if you selected a First Name field, you probably want the Last Name field as well. You can see which columns were selected for masking by selecting the associated rule set. Make sure that you have included all sensitive data elements, such as personal identifying information, from the table that you want to mask.
- Modify the inventory, if necessary.
When a profiling job runs, it automatically updates the inventory for the given rule set. If you do not want the Profiler to automatically update a particular item in the inventory, click on the pencil icon for that inventory item and change the ID Method to User.