User Guide > Policies > Data Masking Rules
  

Data Masking Rules

A data masking rule is a data masking technique to mask a specific type of data. You can create a standard rule, advanced rule, or a rule that you import as a mapplet.
A data masking technique defines the logic that masks the data. Masking parameters are options that you configure for a masking technique. For example, you can define different dictionary files for substitution masking rules. Dictionary files contain the sample data for substitution. You might blur output results by different percentages for different columns. Most masking techniques have associated masking parameters.
You can enable users to override masking parameters for a rule. For example, you create a rule with the substitution masking technique to mask column data based on a flat file substitution source. You set the override option for the rule. When a developer assigns this rule to columns in a source, the developer can select a relational database as a substitution source rather than a flat file.
You can assign rules to source columns, data domains, policies, and plans.

Standard Masking Rules

A standard masking rule is a data masking rule that applies a built-in masking technique. A standard masking rule has one input column and one output column.
When you create a standard masking rule, you select the masking technique from a list. You can define one masking technique in a standard masking rule and you can apply the rule to one column.
Test Data Manager has masking techniques that you can select to create masking rules. You can use standard masking techniques based on the source datatype and masking type that you configure for a column. You can restrict the characters in a string to replace and the characters to apply in the mask. When you mask numbers and dates, you can provide a range of numbers for the masked data. You can configure a range that is a fixed or percentage variance from the original number.

Creating a Standard Masking Rule

Create a rule to define a masking technique, the datatype to mask, and masking parameters that define how to apply the technique.
    1. To access the Policies view, click Policies.
    2. Click Actions > New > Masking Rule.
    The Rule Wizard appears.
    3. Enter a name and optional description for the rule.
    4. Select the datatype of the column to apply the masking rule to.
    5. Select the Standard masking rule.
    6. To enable users to override masking parameters for a rule, select the Override Allowed option.
    7. Click Next.
    Note: The Masking Parameters dialog box changes based on the Masking Technique you select.
    8. Enter the masking parameters.
    9. Enter the exception handling options. Configure how to handle null or empty spaces. Configure whether to continue processing on error.
    10. Click Finish.

Rule Simulation

You can simulate the output of a standard rule to preview the output before you assign the rule to a column.
Use the Rule Simulator to view the output of a standard rule before you assign it to a column or add it to a plan. View the output of the rule and change the rule properties if required before assigning it to a column. You can choose to include data from a connection in the simulation. Alternatively, you can use default sample data or enter up to 100 rows of sample data on which to simulate the rule output. View the original data values and the masked values in the Rule Simulator tab.
The latest simulation configuration details are stored in the browser cache. You can edit the properties of a rule after viewing the simulation results, and run the simulation again on the same data with the updated rule. Clearing the cache deletes the configuration information.

Previewing Rule Output

Use the Rule Simulator to view the output of a standard masking rule on selected data. You can use data from a connection, use default sample data, or enter sample data on which to view the rule output.
    1. To access the Policies view, click Policies.
    2. Click a masking rule name to open the Rule Properties page of the masking rule.
    3. Click Rule Simulator to open the Rule Simulator configuration tab.
    4. Select the type of configuration from the Source Details list and click Edit. Select Default to use default sample data, My Test Data to enter sample data, or Connection to use data from a connection. The Configure Source Details page opens.
    5. On the Configure Source Details page, to use source data from a connection:
    1. a. Select the connection and owner from the lists.
    2. b. To select a table, type the table name, or click Browse to select the table from a list.
    3. c. Enter the number of rows to include in the simulation. The default value is 20. The maximum number of rows you can include is 100.
    4. d. Click OK to return to the Rule Simulator tab.
    6. To enter sample data:
    1. a. Enter the data in the data fields in the Configure Source Details window. Use the buttons to add or delete rows. You can enter a maximum of 100 rows.
    2. b. Click OK to return to the Rule Simulator tab.
    7. To use default sample data:
    1. a. Click Copy default data.
    2. b. Click OK to return to the Rule Simulator tab.
    8. On the Rule Simulator tab, click Go to start the simulation.
    View the original source values and the masked values in the Rule Simulator tab.

Advanced Masking Rules

An advanced masking rule is a combination of masking techniques that mask multiple source columns or a target column based on values of more than one input column.
For example, you can create a full masked name by masking the first name and last name input columns. Define variable columns to contain the masked names. Add an output column that contains a result of an expression that combines the first name and last name variable columns.
Create the following types of columns in an advanced rule:
Input
The source column that you want to mask.
Variable
A column that contains intermediate values in a calculation. The variable column receives a value from an expression or a masking technique. You can configure multiple variable columns in order to combine multiple masking techniques.
Output
The target column that receives the masked value. The output column type contains a masking technique and masking parameters.

Creating an Advanced Masking Rule

Create an advanced masking rule to combine more than one masking technique or to mask multiple columns.
    1. To access the Policies view, click Policies.
    2. Click Actions > New > Masking Rule.
    The Rule Wizard appears.
    3. Enter a name and optional description for the rule.
    4. Select the Advanced masking rule.
    5. Click Next.
    6. In the Input Columns section, click Add New.
    The Add Column dialog box appears.
    7. Enter the column properties, such as the name, datatype, precision, and scale. Select whether the column is mandatory to assign to a data source in all projects.
    You cannot enter masking properties for input columns.
    8. Click OK.
    9. To enter more input columns, click Create Input Column in the New Masking Rule dialog box.
    10. In the Variable Columns section, click Add New.
    11. Enter an expression, a masking rule, or a dependent column for each variable column that you define. If you apply a masking rule, configure the input column to create the variable column from.
    12. Click OK.
    13. In the Output Columns section, click Add New.
    14. Enter an expression, a masking rule, or a dependent column for the output column.
    15. Click OK.

Mapplet Rules

You can create rules from a mapplet. The mapplet contains the logic to mask the input columns and return data to the target columns. When you create a rule from a mapplet, you assign the mapplet column names to input and output columns when you assign the rule to a column in the data source.
Import a mapplet from an XML file that you exported from the Model repository or the PowerCenter repository. The mapplet can contain any passive transformations.
To perform TDM masking operations, you can import PowerCenter mapplets. To mask Hadoop data, you can import the mapplets that you create in the Developer tool. You cannot use sequence generator, lookup, and classifier transformations when you import mapplet to mask Hadoop data.
A mapplet can contain multiple input and multiple output columns. All columns might not be available in all projects. You must configure one input column and one output column as required columns. The mandatory columns must have source and target assignments when you assign the rule to a column in the data source. Test Data Manager has an interface to assign multiple columns to a rule from a mapplet.
The TDM repository stores the mapplet logic when you import the mapplet. You cannot change the mapplet in Test Data Manager.

Creating a Mapplet Masking Rule

You can create a data masking rule from a mapplet. The mapplet contains the logic to mask the source fields.
Export the mapplet to an XML file from the PowerCenter repository or the Model repository before you import it to Test Data Manager.
    1. To access the Policies view, click Policies.
    2. Click Actions > New > Masking Rule.
    The Rule Wizard appears.
    3. Enter a name and optional description for the rule.
    4. Choose the data type to mask.
    5. Select the Mapplet masking type.
    6. Browse for the XML file that contains the PowerCenter mapplet to import. To mask Hadoop data, select Hadoop and browse to the XML file that contains the Informatica Developer mapplet to import.
    7. Click Next.
    8. Select at least one input column and output column as mandatory columns.
    Select the column and click the mandatory column to change the value from No to Yes.
    9. Click Finish.