|
|
|
|
|
|
|
|
- Overview
- Implementation in WINDEV
- Use conditions
- Principle
- Implementation in the analysis
- Modifying the analysis
- Enabling data file encryption
- Defining user permissions
- HFSQL Control Center
- Programming
- Managing data masking with SQL statements
- Data masking: specific features and limitations
- Adding and modifying records (HFSQL functions)
- INSERT and UPDATE SQL queries
Automatic data masking
 Available only with this kind of connection
Data masking is a process that transforms the data in an item that will be displayed to the user. This data can be partially or totally masked: data will not be readable. Data masking helps you prevent sensitive data exposure by hiding it from certain users. Data masking also makes it possible to secure information and prevent it from spreading. By masking a data file, you will replace all personal data. For example: - replace last names with XXX[..]XXX.
- replace city names with 1, 2, 3, 4, 5, ... to compile statistics on the number of inhabitants without being able to identify the cities.
There are two types of data masking: - static data masking, which is irreversible: data is permanently lost.
- dynamic data masking. This type of data masking is applied in near real-time by the database server: it is therefore reversible. Initial data is accessible depending the user privileges.
Both types of data masking are useful, but each in a specific context. - Static data masking eliminates all personal data: the file therefore falls outside the scope of the GDPR. The file can be processed, stored and shared without any restrictions.
- In the case of dynamic data masking, personal data is not eliminated: the file therefore remains subject to the GDPR (e.g. with regard to retention periods).
Use conditions Data masking can only be implemented in applications that use HFSQL data files in Client/Server mode. Principle Applying data masking on an item consists in: - defining data masking rules ("masks"). A rule defines the data masking mode used and its characteristics. These rules can be implemented: Caution: You can only define one rule per item. It is not possible to combine several rules.
- defining data masking user privileges. Users can be allowed or prevented from viewing masked items. These privileges can be defined:
By default, the item will be masked for all users. To allow a user or group of users to view an item, you need to grant them data unmasking permissions. Implementation in the analysis Modifying the analysis To mask an item in a data file: - Select the desired file in the data model editor.
- Right-click the data file and select "Description of items".
- Select the item you want to mask.
- Go to the "Data mask" tab. "No rule (the item is not masked)" is selected by default.
- Select and configure the desired rule:
- random text (lorem ipsum), to generate several random words,
- a constant value (to be defined),
- noise (a variation of plus or minus x %) for integer values,
- a value returned by a stored procedure, for a specific data mask (for example, to mask a section of code while preserving part of the data),
- partial scrambling, to keep some characters at the beginning and end of values, but replacing the rest with a given character.
- Confirm changes in the description window of items.
- Generate the analysis and run the automatic data modification.
Remarks: - The MaskingRule property gets the data masking rule defined for a given item. This rule is in SQL format.
- To find out which items have been masked and which rule has been used, go the "Analysis" tab, "Analysis" group, expand "Maintenance" and select "List of items with a masking rule".
Enabling data file encryption When using automatic data masking, it is advisable to enable data file encryption. This ensures that data remains unusable, even in the event of unauthorized access to the server or to a backup, To enable data file encryption in data model editor: - Select the data file.
- In the context menu, select "Data file description".
- Go to the "Details" tab, "Data protection" section and specify the desired encryption mode for the data file, index file and/or memo file.
The encryption algorithm to be used by default is RC5 (16 rounds).
Remark: For even greater security, check "Enable enhanced security". Defining user permissions To define which users can access actual (non-masked) data values, simply grant specific permissions Viewing permissions can be set at different levels: - for the database,
- for the data file,
- for the item.
Data unmasking (and other) permissions for an item can be set: - from the HFSQL Control Center,
- programmatically.
HFSQL Control Center To grant permissions at the database or data file level, simply click "Manage rights" in the HFSQL Control Center ribbon. To grant permissions at the item level, simply click the "lock" icon of the item in the "Description" tab. In the window that appears, you can change the permissions set on the item. Programming
HModifyDatabaseRights(ctMyConnection, "MARK", hRightsUnmask, hAllowed, "DataMasking")
HModifyFileRights(ctMyConnection, "MARK", hRightsUnmask, hAllowed, "DataMasking", "Address")
HModifyItemRights(ctMyConnection, "MARK", hRightsUnmask, hAllowed, "DataMasking", "Address", "PostalCode")
Remark: When your application shows masked data, it may be useful to inform users that this display is normal and that it requires advanced permissions. Simply use the WLanguage HInfoXXXRights functions to determine which permissions have been granted and display indications where necessary.
IF HInfoFileRights(gctConnection, sUser, hRightsUnmask,
DATABASE_NAME, Address, hEffective) = hForbidden THEN
RETURN False
END
Managing data masking with SQL statements The following SQL statements can be used manage data masking: - ADD MASKED: Combined with the ALTER TABLE SQL statement, creates a data mask for an item in a data file.
- DROP MASKED: Combined with the ALTER TABLE SQL statement, deletes a data mask of an item in a data file.
- GRANT: Enables a data mask.
- REVOKE: Disables a data mask.
Data masking: specific features and limitations When data masking is enabled for an item: - Unmasking permissions are required to:
- use HReadSeek on a masked key item.
- use a SQL query with a WHERE condition on a masked item.
- use an SQL query with a reference to a masked item in the ORDER BY clause.
- use HBackup and HCopyFile with data files.
- use data file replication.
- HCopyRecord function: original values cannot be retrieved. Masked values are buffered in the new record.
- You can apply data masks to key or non-key items. However, it is not possible to apply a mask to composite key items.
- If you apply a data mask to an item of type array, this mask applies to all the elements of the array.
- Materialized view:
- Unmasking permissions are required to to define a materialized view on a file.
- Even if unmasking permissions are granted, items remain masked in the materialized view.
- Regardless of the masking/unmasking permissions, it is not possible to create a materialized view with masked calculated items.
- Even if unmasking permissions are granted, it is not possible to make backup copies of files containing masked items.
Adding and modifying records (HFSQL functions) - When adding a new record with HAdd or HSave, items are initialized either with their default value, or with the specified value. Data masks are not applied.
- When modifying a record with HSave or HModify, only masked items on which the user has unmasking permissions will be modified.
INSERT and UPDATE SQL queries - In an INSERT SQL query, items without values are initialized with the default value defined in the analysis. Items with values are automatically initialized without applying the data mask.
- In an UPDATE SQL query, items with values are automatically initialized without applying the data mask.
Note: When using the RETURNING function, there are 2 possibilities: - If the item is masked and has values in the SQL query, the mask will not be applied to the returned value.
- If the item is masked and does not have values in the SQL query, the mask will be applied to the returned value.
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|