Transformations > Access Policy transformation > Unmasking protected data
  

Unmasking protected data

You can unmask consistently tokenized columns that you protected with an Access Policy transformation.
You might want to allow select users to reverse de-identifications and access identifiable data.
For example, when you perform anti-money laundering analysis, you might detect an anomaly. To follow up on the anomaly, you allow an authorized user to unmask the account and account holder information.
The following steps describe a project in which data is first protected and later unmasked:
  1. 1In Administrator, a platform administrator enables IDMC metadata for your organization in the catalog.
    2. For more information about enabling IDMC metadata, see Prerequisites.
  2. 2In Metadata Command Center, the Data Access Owner configures a catalog source from which to extract metadata that include the assets your organization wants to de-identify and unmask.
  3. 3On the Data Access Management page in Data Governance and Catalog, the Data Access Owner creates data access policies to de-identify data and policies to unmask data according to user, usage type, and business semantic metadata context.
    4. Note: If the Data Access Owner makes change to data access policies, Data Integration will not reflect those changes when running a mapping task. To reflect the changes, you must run the mapping task as part of a taskflow and create a parameterized dynamic mapping for masking data.
    For more information about creating policies for unmasking data, see Unmasking.
  4. 4In Data Integration, you create a mapping with an Access Policy transformation to de-identify data.
  5. 5In Data Integration, you create and run a mapping task to de-identify data and to capture the lineage information of the mapping and the data assets.
  6. 6Optionally, a data owner captures and scans IDMC metadata in Metadata Command Center, which captures the metadata from the Data Integration mapping and reference data set to trace the lineage and allow for unmasking.
    7. For more information about capturing metadata, see Create catalog sources in Metadata Command Center.
  7. 7When IDMC metadata is visible in the catalog in Metadata Command Center, a data owner reconciles the referenced data assets associated with the mapping and the data asset sources in the catalog to trace the lineage and allow for unmasking.
    8. For more information about reconciling reference data assets and physical assets, see Assigning connections.
  8. 8Previously, the Data Access Owner created data access policies for unmasking data according to user, usage type, and business semantic metadata context. In Data Integration, configure and run a mapping with an Access Policy transformation that uses these data access policies for unmasking protected data.
    9. Data that was consistently tokenized using the same policy and consistency seed is now unmasked.
You are now ready to view the unmasked data.