clause of masked request statements to return the actual value stored in the database.
You can use the reverse masking function to prevent requests that use masked data. For example, you send a request to the database for an account number and the database returns a masked value. You send another request to the database. The request references the masked account number and the database returns an error message. The reverse masking function replaces the masked
clause with actual data and you do not receive an error message.
Reverse Masking Example
The following example shows how to create a reverse masking function. The reverse masking function uses the Search and Replace security rule action to replace the
clause in a request statement.
To create reverse masking functions, use nested security rules. The top-level folder uses the Any matcher, the Folder action, and the Continue processing action.
Create two security rules. The first rule performs reverse masking. If the request statement does not match the criteria for the first rule, the Rule Engine applies the second rule. The second rule masks the account information.
In the top level folder, create a security rule called Unmask. The Unmask rule rewrites the
clause with the reverse masked value by using regular expression. Configure the security rule to use the Any matcher and the Search and Replace rule action. In the Search Text field, enter
. Select the Regular Expression identification method. In the Replacement String field, enter