Step 2. Create a Security Rule Set to Process the Result Set
Create a security rule set to process the result set. Give the rule set the name that you provided in Step 1. as the "Ruleset Name for Resultset" parameter. Then create the rule or rules to match the columns in the result set that you want to mask, and configure the type of masking on those columns. Finally, you must create a rule within this rule set to apply the masking function.
To create a security rule set, click on a domain node in the rule tree.
Click
Tree
Add Rule Set
.
The
Add Rule Set
window appears.
Enter the name of the security rule set that you gave as the
Ruleset Name for Resultset
property in the previous step. For example, "MaskEmpResultSet."
Click
OK
.
Within this rule set, create a rule or rules to match the column name in the result set that you want to mask, and specify the masking action.
In the Management Console, click the security rule set that you created in the previous step.
Select
Tree
Security Rule Set
.
The
Rule Editor
appears.
Click
Action
Append Rule
.
The
Append Rule
window appears.
Enter a name for the rule, for example, "MaskEmpName."
For the
Matching Method
, select
Metadata
.
For
Content Type
, select
Column Name
.
In the text box, enter the column name and select
String
as the identification method.
Alternatively, you can configure the wildcard or regular expression options as identification methods. Dynamic Data Masking cannot distinguish between a result set that is part of a stored procedure call and a result set that is part of other system calls. As a best practice, do not use multiple generic regular expressions to define the column metadata matcher.
For
Action Type
, select
Masking
.
For
Data Type
, select the type of data in the result set that you want to mask. You can choose from string, numeric, or date.
For
Masking Type
, select the type of masking that you want to apply to the data. For numeric and string data types, you can choose from pattern, redaction, or constant masking. For the date data type, you can select only constant masking.
For more information about the Masking action, the masking types, and their parameters, see the chapter "Security Rules."
For the
Processing Action
, select
Continue
.
Click
OK.
Select
File
Update Rules
to save the rule in the rule tree.
Optionally, you can create additional rules within this rule set on other columns in the same result set.
When you are finished creating the rules that match the result set columns and mask the column data, create a final rule to apply the masking. This rule is mandatory and must be the final rule in the rule set.
Select
Tree
Security Rule Set
.
The
Rule Editor
appears.
Click
Action
Append Rule
.
The
Append Rule
window appears.
Enter a name for the final rule, for example, "ApplyMasking."