Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking
  3. Rules
  4. Connection Rules
  5. Security Rules
  6. Security Rule Set Simulator
  7. Masking Functions
  8. XML Functions Reference
  9. Glossary

Step 2. Create a Rule Set or Rule Sets to Process the Result Set

Create a security rule set to process the result set. Give the rule set the name that you provided in Step 1. as the "Ruleset Name for Resultset" parameter. Then create a rule to match the columns in the result set that you want to mask, using the Metadata matcher. For the rule action, select Content Masking. When you select the Content Masking action, provide the name of the third rule set that you will create in the next step, the XML masking rule set. Finally, you must create a rule within this second rule set to apply the masking function.
If you want to mask multiple columns in a result set that contain XML data, you can define individual rule sets for each column.
  1. To create a security rule set, click on a domain node in the rule tree.
  2. Click
    Tree
    Add Rule Set
    .
    The
    Add Rule Set
    window appears.
  3. Enter the name of the security rule set that you gave as the
    Ruleset Name for Resultset
    property in the previous step. For example, "MaskEmpXMLRS."
  4. Click
    OK
    .
    Within this rule set, create a rule or rules to match the column name in the result set that you want to mask.
  5. In the Management Console, click the security rule set that you created in the previous step.
  6. Select
    Tree
    Security Rule Set
    .
    The
    Rule Editor
    appears.
  7. Click
    Action
    Append Rule
    .
    The
    Append Rule
    window appears.
  8. Enter a name for the rule, for example, "MaskEmpXML."
  9. For the
    Matching Method
    , select
    Metadata
    .
  10. For
    Content Type
    , select
    Column Name
    .
  11. In the text box, enter the column name and select
    String
    as the identification method.
    Alternatively, you can configure the wildcard or regular expression options as identification methods. Dynamic Data Masking cannot distinguish between a result set that is part of a stored procedure call and a result set that is part of other system calls. As a best practice, do not use multiple generic regular expressions to define the column metadata matcher.
  12. For
    Action Type
    , select
    Content Masking
    .
  13. For
    Ruleset Name for Content Resultset
    , provide a name for the third and final rule set that you will create in the next step, the XML masking rule set. For example, "MaskEmpXMLData."
  14. For the
    Processing Action
    , select
    Continue
    .
  15. Click
    OK.
  16. Select
    File
    Update Rules
    to save the rule in the rule tree.
  17. Optionally, you can create additional rules within this rule set on other columns in the same result set.
    When you are finished creating the rules that match the result set columns, create a final rule to apply the masking. This rule is mandatory and must be the final rule in the rule set.
  18. Select
    Tree
    Security Rule Set
    .
    The
    Rule Editor
    appears.
  19. Click
    Action
    Append Rule
    .
    The
    Append Rule
    window appears.
  20. Enter a name for the final rule, for example, "ApplyMasking."
  21. For the
    Matching Method
    , select
    Any
    .
  22. For
    Action Type
    , select
    Apply Masking
    .
  23. For the
    Processing Action
    , select
    Stop if Applied
    .
  24. Click
    OK
    .
  25. Select
    File
    Update Rules
    to save the rule in the rule tree.