You need to make customer data available to a colleague in your bank's marketing department for customer analysis. As part of their role and the needs of their project, your colleague in the marketing department has limited access rights to customer data.
Use an Access Policy transformation to ensure that your organization complies with data privacy regulations while allowing your colleague to gain valuable insights. At run time, the transformation hides or obscures the information for which your colleague does not have access rights based on metadata and the properties that you set on the Access Policy tab.
The following table shows part of a table called BANK_CUSTOMERS, which includes contact details, birth dates, and other items of personally identifiable information:
CUSTOMER_NAME
ADDRESS
POSTAL_CODE
PROFESSION
EMAIL_ADDRESS
CUSTOMER_TYPE
DAY_OF_BIRTH
Brayden Combs
7776 Proctor Drive
48089
Associate Marketing
brayden.combs@organization.com
1
03/14/1990
Osvaldo Patton
63 Rosewood Court
64051
Project Manager
osvaldo.patton@organization.com
5
01/13/1988
Alivia Oneal
64 East Thorne Court
30043
Business Analyst
alivia.oneal@organization.com
3
06/22/1956
Skyla Weeks
7556 South Shore Drive
48045
Operations Manager
skyla.weeks@organization.com
4
10/08/1961
Justice Cobb
9136 S. Lafayette St.
60187
Financial Controller
justice.cobb@organization.com
1
02/23/1963
Braxton Kramer
7 Hill Field St.
28376
Restaurant Manager
braxton.kramer@organization.com
5
11/01/1969
Erin Ryan
20 Lakeshore Street
20706
Project Manager
erin.ryan@organization.com
2
07/23/1959
To configure the mapping, complete the following tasks:
1Add a Source transformation that reads the BANK_CUSTOMERS source table.
2Add an Access Policy transformation to the mapping canvas, and connect it to the data flow.
3On the Access Policy tab, take the following actions:
aIn the Consumer field, select your marketing department colleague.
bIn the Usage field, select "customer analysis" as the usage context.
Users create and manage usage context in Data Marketplace. To learn more, see Working With Data Collections in the Data Marketplace help.
cIn the Data Asset field, select the BANK_CUSTOMERS table as the source data asset.
dTo use consistent tokenization, enter a consistency seed from another Access Policy transformation. Otherwise, generate a new consistency seed.
eClick Synchronize Access Policy.
4Add other transformations to the mapping as required.
5Add a Target transformation to the mapping and connect it to the upstream transformation.
6Click Run.
The mapping task applies the policies to the data, protecting it.
The following table shows the protected data:
CUSTOMER_NAME
ADDRESS
POSTAL_CODE
PROFESSION
EMAIL_ADDRESS
CUSTOMER_TYPE
DAY_OF_BIRTH
access_policy_filter
ACCESS_DENIED
Osva
64051
Project Manager
yojniw.sdfhihd@organization.com
5
Aliv
30043
Business Analyst
25dxk7og.x9jneyc@organization.com
3
Sky
48045
Operations Manage
oeunx.ed7uncr@organization.com
4
ACCESS_DENIED
Brax
28376
Restaurant Manager
zdkljvkr.xbei@organization.com
5
Erin
20706
Project Manager
0ick.39ft@organization.com
2
The Access Policy transformation protects the data in the following ways:
•It retains only the first four characters of the customer names.
•It replaces the street address and day of birth data with null values.
•It assigns random characters to the customer email addresses, but it keeps the addresses in a valid email format.
•It removes the data in the first and fifth rows.
•It adds a new access_policy_filter field that indicates whether data filter policies have denied access to the data.
To learn how to to filter out that field, see "Data filter policy best practices."
The ZIP codes, professions, and customer types remain unaltered.