2 Replies Latest reply on Aug 13, 2019 9:41 PM by Aryama Ivaturi

    How to do Persistent Data Masking in Secure@Source

    Aryama Ivaturi Seasoned Veteran


      Can someone help me with the steps on how to do PDM in Secure@Source.

      After I create a TDM extension, how do I implement it on a datastore and mask my sensitive PII data?

        • 1. Re: How to do Persistent Data Masking in Secure@Source
          Abishek M Active Member




          1. An active Test Data Management / Persistent Data Management Server to be present.
          2. An Extension of Type ‘Protection – Remote Domain’ to be created in S@S.
          3. Assigning the Protection Technique at Data Domain Level
          4. Creating Protection Task.
          5. Scheduling Protection Job.
          6. Viewing the Projects at TDM/PDM.
          7. Updating Protection Status.




          Create the following Extensions in the section.

          Protection: Remote



          1. Click New in Extensions workspace and create Protection – Remote Domain type in this section.
          2. Enter the details as per the table below.




          TDM 10.2.1 R1




          Persistent Data Masking - Remote Domain



          Mark column as protected after execution


          Configure Settings



          <TDM/PDM Host>


          < TDM/PDM Port>


          < TDM/PDM Server Admin User>


          < TDM/PDM Server Admin Password>

          SSL Enabled

          true /false


          Click Save.


          Manage Keys:


          By Default, S@S performs In-place masking where the source data will be masked by using Update. To achieve this, either of the following should be there:


          1. 1) Physical Primary should be present at the Source Database before scanning.
          2. 2) Logical Primary / Unique Key must be created at S@S.


          To Create Logical Primary / Unique Key do the following:

          1. Select the column from the Data Store Scan result window.
          2. Select Action > Manage Keys.




          1. Create A Logical Primary / Unique Key for Tables where you want to apply Masking.


          1. Save the Changes.


          Assigning the Protection Technique at Data Domain:


          Edit the Existing Data Domains to Update the Protection Extension Option. Under Add Protection Extension > Select the extension created above.                                                                                

          After selecting the extension, the list of masking/protection rules which are created in the PDM/TDM will be displayed.


          Select the appropriate rule/s, if you select multiple rules mark one among them as default.

          Similarly configure the necessary Data domains with the necessary rule from the PDM/TDM. If you create any new rule in PDM/TDM, refresh the S@S browser for fetching the latest updated result.


          Add the necessary Data domains to the Classification policy and execute the scan. After successful scan, go to Overview and select sensitive fields in Top Data Stores > Sensitive Field.


          The New window will display the list of Tables and Underlying Column which are identified as Sensitive for the Scanned Datastore.


          Select the Column where the Data Domain is applied > Select Action > Take Action > Protect Data.



          Creating Protection Task.

          In the new window will display the Protection Task Creation and select Save As Task.

          A Protection Task will be created and select Action > Configure Task or Open Task and select Configure Protection.





          Scheduling Protection Job


          In the Configure Task, select the TDM Extension necessary and Select the Fields for which the Rule must be applied, select the Masking rule from the drop down and select Save.


          If you have associated a Protection Rule at Data Domain, then default rule will be listed and select and save.


          If you have not associated a Protection Rule at Data Domain, select Show All Rules and select the appropriate rule from the Drop Down > Select Mark Configuration as Complete.


          The Status of the Task will not be updated as Configured > Select the Action > Schedule Protection Job.


          In the New Window, the TDM Plan Settings configuration will be opened and select the necessary configuration and run.


          The S@S will automatically create and execute the Mapping in PDM/TDM and you can verify the Project and Status from PDM/TDM Monitor. The Project which the S@S create in the TDM will start with the following Naming Pattern: SATS_<Data Store Details>




          Updating the Protection Status:


          Verify the Masked Result in the Source Database and do the below to update the sensitivity information in the S@S Risk Calculation.


          Upon the Protection Job Completion in the S@S > Select Task > Select ‘Mark Task as Completed’ and ‘Mark Task as Closed’


          Upon completion, the Task will be completed and will not appear in the Task Menu. In the Protection Status of the column will be updated to Protected in the TOP Datastore.




          KB’s to be referred for PDM / TDM Additional Configuration:







          If you face any difficulty with the above , raise a ticket with Informatica Technical Support for further assistance.

          1 of 1 people found this helpful