Dynamic Masking¶
Dynamic Masking allows you to apply masking rules at runtime, ensuring that sensitive data remains protected based on user or group policies while maintaining usability for authorized users.
Steps to Configure Dynamic Masking¶
-
Create a Masking Scheme
- Refer to Creating Masking Schemes.
-
Define a Scheme Policy
- Navigate to Access Management > Scheme Policies.
- Create a policy for the required scheme (e.g.,
privacera_peg). -
Configure the following policies:
-
Access Policy: Grants access to the scheme.
- Policy Details: Provide a policy name and description.
- Protect Scheme: Select Masking Scheme and provide the masking scheme created in Step 1.
- Grant Permission(s): Assign Get Scheme and Mask permissions to the required users, groups, or roles.
-
Masking Policy: Overrides the original masking scheme for specified users or groups, enabling dynamic control.
- Policy Details: Provide a policy name and description.
- Protect Scheme: Provide the masking scheme created in Step 1.
- Masking Permissions: Choose the required masking technique under Apply Mask for the appropriate users, groups, or roles.
-
-
Validation
- Generate or use an existing token
- Self Managed: Navigate to Settings > Token Management.
- PrivaceraCloud: Navigate to Encryption & Masking > JWT Tokens.
- Generate a new token for the user specified in the access and masking policies. Provide a Token Name and Expiry.
- Authorize the token using the API (e.g., PEG Server API) and validate that the masking policies are applied correctly.
- Generate or use an existing token
- Prev topic: Scheme Policies
- Next topic: Users and Roles