Data Masker

Sync. Manager Rules

Sync. Manager Rules is used to keep denormalized data across multiple tables where the existing Table-To-Table Synchronization Rules and Table-Internal Synchronization Rules are not sufficient:

  • Modifying the primary key of a table all associated columns in other tables.
  • To mask unique combinations data consistently, i.e. every "Alan Smith" becomes "Anita Radcliffe" in all tables, regardless whether there is a specific link between the tables.
  • To ensure all data is masked across multiple tables when there is no single table that contains all of the so cannot act as the source for a Table-To-Table Synchronization Rule.

However, the approach to creating a Sync. Manager Rule is always the same:

  • Creating either a Substitution Rule,  or a Row-Internal Rule, for the column, or columns that you wish to synchronize. 
  • Ensure that the rule does not have a WHERE clause.
  • Go to the Change Managers tab and select Convert to Sync. Manager Rule.

Example

Given name information is scattered among multiple tables (Customers, Orders, Employees), but most of the information is contained within the Customers table the best place to start is a Substitution Rule on the Customers table:

  • Mask the CustomerName column with Names, First+Last, Male+Female.
  • Go to the "Where Clause and Sampling" tab and select "No Where Clause".
  • Go to the "Change Managers" tab and select Convert to Sync. Manager Rule.

Open the resulting Sync. Manager Rule and go to the "Rule Generation By Column":

  • Search for the column name: %Name.
  • Select the Employees.EmployeeName and Orders.CustomerName columns and click "Add Marked".
  • This will result in new rules in the "Sync. Rules" page.
  • Save the Sync. Manager Rule.

After running this masking set the tables might look like:

Customers


BEFOREAFTER
ID...CustomerNameCustomerName
676...Stephen SmithMark Walsh
12361...Alice JonesHannah Fehrs
12678...Lisa RobertsonMary Wise

Orders


BEFOREAFTER
ID...CustomerNameCustomerName
123543...Stephen SmithMark Walsh
213123...James StoneCraig Anderson
345673...Leigh StephensonJune Gray


Employees


BEFOREAFTER
ID...CustomerNameCustomerName
123...James StoneCraig Anderson
167...Alice JonesHannah Fehrs
230...George KirkBarry Davidson


Core concepts

The structure of a Sync. Manager Rule

When you create a Sync. Manager Rule you will see that it is a collection of other rules:

  • Command Rules that create a populate a temporary table to hold the distinct values to mask. These are not editable.
  • Either a Substitution Rule or a Row Internal Rule, based on the rule that was converted into the Sync. Manager Rule.
    • This applies the mask that was configured in the original rule but on the new temporary table.
  • A Foreign Key Manager rule to disable foreign keys (if the rule is changing part of a primary key)
  • A Table-To-Table Synchronization rule that copies the data from the temporary table back to the original table. 
    • It is not possible to edit the "Columns to Synchronize" or the "Join Columns" in this rule.
  • A Foreign Key Manager Rule to enable the keys that were disabled earlier. 
  • A Command Rule to drop the temporary table at the end. This is not editable.

The temporary table that is constructed consists of:

  • DMSIdentityCol - a primary key for the table so subsequent rules will work correctly against the table.
  • The column name(s) that have been selected from the source table.
    • These represent the original values and will not be masked.
    • Use these if joining to another table. 
  • The columns to mask with a suffix of _DMSTMP which contains the data to mask.

Manually adding rules to the Sync. Manager

Command Rules

You can add a Command Rule via the "Add Rules" tab. As with a normal Command Rules, you can add any SQL statements you wish here, including modifying the contents of the temporary table, though it is advised that you do not alter any of the columns that have been created. 

Table-To-Table Rules

If you want to just take the masked data and move it across to a new table (ignoring any unmatched rows in the target table) then add a Table-To-Table Rule. The rules will be restricted so the columns containing the masked data are the source for the "Columns to Synchronize" (and cannot be removed) and the columns containing the original data are the "Join Columns" (and cannot be deleted).

Table-To-Text Rules

A Table-To-Text Rule will ensure that the contents of text fields do not contain the sensitive data that matches the columns being altered as part of this Sync. Manager Rule. It will modify the contents of a free-text column in the target table by replacing the original data (found in the source columns) with the matching masked value.

Cross DB Table-To-Table Rules

To mask the data in another database consistently, with the changes being made in the Sync. Manager Rule, use the Cross DB Table-To-Table Rule. As with the standard Table-To-Table Rule the source "Sync. Columns" and "Join Columns" have been preset based on the contents of the temporary table and cannot be changed. 

Generating rules by foreign key

If the columns that are being masked in the original table would invalidate a Foreign Key relationship the "Rule Generation By FK" tab provides a quick and easy way to generate the rules. The "Tables With Invalid FK Relationships Because of the Actions of This Rule" table contains all of the affected foreign keys, select the appropriate tables and click on the "<<<" button below to add them as "Secondary Fan-Out Tables" and Data Masker will generate the appropriate rules to ensure they are masked properly. 

Adding rules by column name

If you are masking only a single column you will see the "Rule Generation by Column" where you can search for matching columns within the current schema and generate rules to correctly mask them.

The search for columns using wildcards:

  • The "%"  character matches any number of characters
    • e.g. %NAME would match
      • LASTNAME
      • LNAME
      • FIRSTNAME
      • FNAME
      • MIDDLENAMES
  • The "_" character matches only a single wildcard character
    • e.g. _NAME would match
      • LNAME
      • FNAME

Once you have found the columns you wish to mask select them in the table and click on "Add Marked" to generate appropriate rules within the Sync. Manager. 



Didn't find what you were looking for?