Transformations > Access Policy transformation > Unmasking
  

Unmasking

You can unmask previously consistently tokenized columns that were protected using the Access Policy transformation.
You might wish to allow select users to reverse de-identifications applied through the Access Policy transformation and access identifiable data.
For example, when you perform anti-money laundering analysis, you might detect an anomaly. In order to follow up on the anomaly, you allow an authorized user to unmask the account and account holder information.

Unmasking protected data

To unmask previously consistently tokenized columns that were protected using the Access Policy transformation, users in your organization perform tasks in Data Governance and Catalog, Metadata Command Center, and Data Integration.
To unmask protected data, users in your organization perform the following tasks:
  1. 1Optionally, in Administrator, a platform administrator enables IDMC metadata for your organization in the catalog.
    2. For more information about enabling IDMC metadata, see Prerequisites.
  2. 2In Data Integration, create a mapping with an Access Policy transformation to de-identify data.
    3. For more information about the Access Policy transformation, see Access Policy transformation configuration.
  3. 3In Data Integration, create and execute a mapping task to de-identify data and to capture the lineage information of the mapping and the data assets.
    4. Note: To unmask the previously masked data, the mapping must be executed through a mapping task, which is required to capture the underlying lineage.
    For more information about mapping tasks, see Mapping tasks.
  4. 4Optionally, a data owner captures and scans IDMC metadata in Metadata Command Center, which captures the metadata from the Data Integration mapping and reference data set.
    5. Note: This step is not required if a platform administrator enabled IDMC metadata for your organization in the catalog.
    For more information about capturing metadata, see Create catalog sources in Metadata Command Center.
  5. 5Once IDMC metadata is visible in the catalog, in Metadata Command Center, a data owner reconciles the referenced data assets associated with the mapping task and the data asset sources in the catalog.
    6. This reconciles the reference data asset and the physical asset that exists in the Data Governance and Catalog catalog.
    For more information about reconciling reference data assets and physical assets, see Assigning connections.
  6. 6In Data Integration, configure and run a mapping for unmasking protected data.
    7. For more information about mappings, see Mappings.
    Data that was previously consistently tokenized using the same policy and consistency seed is now unmasked. The Data Access Owner created data access policies for unmasking data according to user, usage type, and business semantic metadata context.
You are now ready to view the unmasked data.