Skip to main content

Privacera Documentation

Create tag masking policies

Conditions are evaluated sequentially as listed in the policy.

  1. From the homepage, click Access Management > Tag Policies.

  2. On the Tag Policies page, click a service in a service group panel.

  3. Select the Masking tab.

  4. Click Add New Policy.

  5. Configure the masking policy general settings.

    • Policy Type: Accept the default value (Access).

    • Policy Name: Must be unique among all policies.

    • Normal/Override: If you select Override, this policy takes precedence over other policies.

    • Add Validity Period: Select the start and end time of the policy along with the timezone and save.

    • Policy Labels: Enter the label for this policy. This helps during search reports and filter policies based on the labels.

    • Tag: Enter the applicable tag name.

    • Policy Conditions: Click Add Conditions+ to add policy conditions (This is applied at the policy level).

    • Audit Logging: Enable/disable Audit Logging. Toggle to 'No', if this policy doesn't need to be audited. By default, it is selected as 'Yes'.

  6. Apply masking conditions.

    1. Under Masking Conditions, click Add (+).

    2. Select the roles to which this policy applies. To assign a role as an Administrator for the resource, add component permissions and define admin permissions. The administrator can create sub-policies based on the existing policies.

    3. Select the groups to which this policy applies. To assign a group as an Administrator for the resource, add component permissions and define admin permissions. The administrator can create sub-policies based on the existing policies. The public group contains all users, so setting a condition for the public group applies to all users.

    4. Select the users to which this policy applies. To assign a user as an Administrator for the resource, add component permissions, and define admin permissions. The administrator can create sub-policies based on the existing policies.

    5. Click Add Conditions+ and configure the policy conditions.

      1. Set Accessed after... to Yes or No and click Syntax Check.

      2. Enter a boolean expression. This option is applicable to allow or deny conditions on tag-based policies.

    6. Click Add Permissions+ and configure the Component Permissions.

    7. Click Select Masking Option and select a masking type.

    8. Default: Accept the masking scheme applied by the system.

    9. Custom: Enter a custom masked value or expression. Custom masking can use any valid Hive UDF (Hive that returns the same data type as the data type in the column being masked).