3 Replies Latest reply on Aug 24, 2015 10:52 PM by muthukumars@hcl.com

    Dynamic data masking

    New Member

      Hi ,

       

      Can anyone please confirm if it is feasible to capture client (source login detail) while taking information from one application to other thru technical/common database/application user and based upon source client, dynamic masking can be applied where needed.

      The challenge here is for different application users we have 1 common database user to retrieve the data from database and we have provide masking based on application user access roles. Can you please suggest how can we achieve this using dynamic data masking?

        • 1. Re: Dynamic data masking
          Seasoned Veteran

          Hi Sudhakar

           

          We can detect the OS user (LDAP login). i.e if user1 and user2 are using different LDAP login's and using same DB user to access a DB. You can identify  the LDAP user and design the rule accordingly.

           

          By the way which application are you trying to access the Db. is it packaged application or standard client software.

           

          I did the same some time back. Let me get the exact command for the same.

           

          Thanks

          Muthu

          • 2. Re: Dynamic data masking
            New Member

            Hi Muthu,

             

            Thanks a lot for the swift response. Can you please suggest how we can identify the OS users who initiated the request from application front as we might also have a middleware application inbetween before it reaches the db with a common user, any specific matchers & security rules to be applied. The applications are package as well as custom web portals with client software.

            Appreciate your support.

             

            Thanks

            Sudhakar

            • 3. Re: Dynamic data masking
              Seasoned Veteran

              Hi Sudhakar

               

              .Try using Symbol matcher with symbol name "AUTH_SID"  and pass the authorized OS users as comma separated values in text .

               

              Thanks

              Muthu