You can translate the question and the replies:

Role Based Access Control - Masking

I do have few questions around masking fields using Role -> Add restrictions -> Mask sensitive fields. 1. Is there a way to manage governace in denodo as in to define these sensitive fields (PII/SPI) at view level and let those fields automatically show up in masking section? 2. Also, how does Denodo actually mask these fields, does it add * with some data or altogether replace all the values with NULL? 3. How do we see the VQL generated for the role level restriction added basis the masking?
19-01-2022 02:21:32 -0500

1 Answer

Hi * Denodo allows masking for a specific user/role for a view (row-restriction) at a time. Therefore, currently, Denodo does not provide features for managing or governing row restriction(masking) for multiple views at once and also it does not provide features to view the rows which have been masked to appear automatically. * The masking mechanism which Denodo follows currently for restriction condition is **<null>**. It replaces all the values which satisifies the masking condition with **<null>** filter. * After the masking filter has been applied for a view, you can use any one of the following methods to view the information related to masking in the VQL. * Open the VQL shell by naviagting to Tools->VQL shell and execute the below query "DESC USER <user_name>" or "DESC ROLE <role_name>" * **[Export a view](** or the database in which the view has been masked.To do that right click a view -> export and select the option include users and privileges before exporting and click on export. **Note :** To manage view restrictions(both column and row), Denodo offers feature called **[Global Security Policies](** which is available in the Beta update. Hope this helps!
Denodo Team
19-01-2022 06:21:46 -0500
You must sign in to add an answer. If you do not have an account, you can register here