About JSON Masker Rules
Published 04 June 2019
This documentation is only suitable for Data Masker for SQL Server.
name: "Tom Smith",
address: "Apt 46a",
address2: "21 Main Street",
telephone: "123 456 789"
An Example of a JSON Masking Requirement
Consider the above simple example JSON data that holds the information for a customer. The JSON object clearly contains sensitive personally identifiable information (PII data). The entire JSON structure is stored in a column of the varchar datatype in a table named customer_data. In order to mask this information the rule must reach down into the JSON and modify the text under each field without changing anything else.
Fundamentally, there are two things which need to be specified when masking JSON data. First the rule needs to know how to find the JSON value to be masked. The the rule needs to know what dataset values are used to replace the original values.
The JSON Masker rule finds the data to be masked using a JSONPath (or JPath) statement. If just the name of a JSON object key is provided, a suitable wildcard JSONPath statement to locate the text data for any and every value associated with that key will be automatically generated. If the Full JSONPath option is chosen, then that specific statement will be used to locate the data to be masked.
For each row in the table (or a subset selected via the Where Clause and Sampling options) the JSON data content is located using the rule's JSONPath configuration. Then the text contents of that JSON value are replaced with new data derived from the specified dataset.
The dataset is specified separately in a dropdown located in the same tab as JSONPath configuration tab of the New JSON Masker rule form. To configure the dataset simply select it and configure its options as you would for a standard Substitution rule.
After the rule has executed, each JSON value to be masked will have its content updated with a suitable item from the datasets. Note that each row in the table will get a new value but if there are multiple matching values in the JSON of any one row, both of those elements will receive the same updated data. In order to configure a rule to modify only the contents of the second matching value in each row, a custom Full JSONPath to that value would need to be specified.
The configuration of a JSON Masker rule is straight forward. The target table and column is chosen and the section on How to Find the JSON Value is filled in. This can either be a wild card JSON object key name or a full JSONPath string. Next, the Dataset with repalcement values section needs to be filled in. The help file for the New JSON Masker rule form provides more details on the mechanics of this process.
Adding a JSON Masker rule