/
Column-level Data Security
Document toolboxDocument toolbox

Column-level Data Security

Owned by sunny.gupta
Last updated: Jan 15, 2025
4 min read

Data masking feature in Kyvos Reporting is a way to prevent sensitive data to be exposed to end users. It is a data protection feature which hides sensitive data in the result set of a query.

A field can be completely masked, for example, Salary amount.  A field can be masked partially, for example, Credit card number.

Data Masking related activities are carried out on Secure Data tab.  Click Navigation > Administration > Secure Data > Data Masking.

Figure 1: Setting Column Masking

General steps to mask a column,

  1. Select a database connection.

  2. Select a data object.

  3. Select an Entity.

  4. Select column to mask.

  5. Specify masking details.

  6. Apply exceptions if any.

To get entities list

  1. Under Schema view, select a connection from Connection dropdown box.

  2. Select a database object. To do this, select the required database object from (select) Table, View, Procedure and Synonym. The list of ‘Entities’ will appear.

At a time, the list displays a pre-set number of entities.  If the entity you are looking for is not available in the list, use the drop-down box options to view another set of entities.  To get next list, click Next link.  To get previous list, click Prev link.

Getting a list of columns of a table or view

Figure 2: Selecting database objects

Getting a list of columns from a procedure or a synonym of procedure

  1. From Entities list, select a procedure or synonym.

  2. Click Get Columns Execute Procedure dialog opens up.

  3. Specify values for parameters and click Ok. List of columns returned by Procedure / synonym appears. You can also add new columns by typing in the column name and clicking the Add button.

How to mask columns

  1. From Columns list, check the check-boxes to apply masking.

The checked columns are masked for all the users by default..

To disable this masking for selected user(s) or role(s)

  1. Select the column of the entity.

From Exceptional Users And Roles list, select an organization.  Users and Roles in that organization are listed.

  1. Select user(s) or role(s).

  2. Click the Save button.

To remove masking

  1. Select the column of the entity. Uncheck the column check box. Click Save to save the changes.

The Mask character

Specify a mask character in Mask Character entry box.  This character will be used to mask (hide) the actual data.

Any character supported by your repository database can be used as masking character.  XML characters <, >, “, ‘ and & cannot be used as mask characters.

Mask for All Connections

By default, masked columns are masked for all connections.  This means, if that column name qualified by database entity name appears in an SQL for any data connection, that column will be masked.

To achieve connection-specific masking, clear (uncheck) Mask for All Connections checkbox.

Mask completely

A column can be masked completely or partially.

Figure 3: Masking completely

  1. Select the column.

  2. Select Mask for All Connections to mask the column for all the connections.

  3. Select Mask Completely

  4. Specify a Mask Character.

Mask partially

Fields like Credit card number may be required to be masked partially.

Figure 4: Masking partially

  1. Select the column.

  2. Select Mask for All Connections to mask the column for all the connections.

  3. Select Mask Partially option.

  4. In Mask Format, specify pattern of mask character and unmark data character.

  5. In Format Char for Unmasked Data Char, specify the character used in pattern that represents unmasked data.

Example

To mask a first 8 characters of a field with ‘*’ character and keep remaining 4 characters as unmasked characters, you need to specify following:

Mask Format: ********aaaa

Format Char for Unmasked Data Char: a

Here you can choose any other character in place of ‘a’.

Note: Masking is applied from left to right.  If a field has more characters than specified in Mask Format, they will continue to be unmasked.

To view a list of masked entities

List of masked entities can be viewed on Column View.  This view lists:

  • Entity name

  • Masked columns

  • Connections on which an entity is masked

  • Mask type (partial or complete)

Figure 5: Column View

From this view, you can delete masks too.  To delete a mask (to remove masking on an entity),

  1. Select a Connection.

  2. Click  icon in respective row in the list.  A confirm delete dialog box appears.

  3. Click OK to proceed with deletion.

Related content

Column-level Data Security
Column-level Data Security
Kyvos 2025.1
More like this
Column-level Data Security
Column-level Data Security
Kyvos 2024.12
More like this
How to Secure Data
How to Secure Data
Kyvos 2024.11.x
More like this
Data security for semantic models
Data security for semantic models
Kyvos 2024.1.x
More like this
Data Security in Kyvos Reporting
Data Security in Kyvos Reporting
Kyvos 2024.11.x
More like this
Data security for semantic models
Data security for semantic models
Kyvos 2023.5
More like this

Copyright Kyvos, Inc. All rights reserved.