Sensitive data mapping security policies

When you model a sensitive data mapping, you can define these security policies on selected nodes:

  • Data masking - replaces the data value of an element or attribute in the output document with a string. If you use data masking, you must specify at least one character for the masking value.
  • Data removal - removes the value of an element or attribute in the output BOD. This produces an empty node with an empty string.
  • Node removal - removes the node and its children from the output document.

If a security policy is applied on a parent node, it removes the child elements of that parent node.

The masking table provides information about added nodes and the security policies applied on those nodes. For each added node, this information is shown:

  • Status.
  • Node name.
  • Node path.
  • Node data type.
  • Security policy.
  • Masking value of the data masking security policy.

You can filter the masking table using keywords in the masking table search field. For example, you can filter all the nodes that have a certain keyword as their masking value.

When the node is focused in the document tree, it is highlighted and expanded to show its children. This allows you to continue adding the parent, children or sibling nodes of the node that is in focus.