Step 2. Create sensitive data definitions
In order to anonymize data, you need to define which entities and attributes are sensitive, then add the validation rules based on which the sensitive data will be anonymized.
You can anonymize an entire chain of sensitive data starting with a found record from the main entity, by adding related sensitive entities to the master sensitive entity.
From each related sensitive entity, you can add one or more other linked entities and so on, like a tree with entities as nodes and sensitive attributes as leaves.
After you defined the sensitive entities and attributes, you have to define the validation rules.
Step 2.1. Define Sensitive Master Entity
To define an entity as being sensitive, on the main menu, click Data Governance > Sensitive Data Definitions. The at the top-right corner of the Sensitive Entities List page, click the Insert Icon. The sensitive entity configuration page appears. The Sensitive Entity Configuration tab is displayed.
In the Sensitive Entity section, provide the details described in the table below:
| Field | Description |
|---|---|
| Code | The sensitive context identifier. |
| Entity | The master entity that contains sensitive data. This field is mandatory. |
| Sensitive Context | The sensitive context. This field is mandatory. |
| Description | A description of how the configuration should work. |
At the top-right corner of the page, click the Save and reload icon. The page reloads. Continue to the next step.
Step 2.2. Define sensitive attributes
You can define specific attributes of the master entity as sensitive data. To do so, in the Sensitive Attributes section, click the Insert button. The Add Sensitive Attribute page appears.
Fill in the fields described in the table below:
| Field | Description | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Attribute | Master entity’s attribute which will be marked as sensitive data. This field is mandatory.. | ||||||||||||||||||||||
| Sensitive Type | Sensitive types allow you to group attributes and search records starting from the value given to these types. For example, there are several attributes which store the phone number in many business entities: Account.Phone, Account.MobilePhone, Account.Fax, Lead.Phone, Case.Phone, Case.MobilePhone, etc. You can group these attributes under the phone sensitive type. In an anonymization request, if the phone sensitive type is selected, the value will be searched in all phone attributes for all entities. NOTE Only those attributes with sensitive type will be searched on a sensitive request. |
||||||||||||||||||||||
| Sensitive Context | The sensitive context. This field is mandatory. | ||||||||||||||||||||||
| Description | A description of how the configuration should work. | ||||||||||||||||||||||
| To Be Anonymized | If selected, the value from the attribute will be anonymized based on attribute type, as follows:
|
At the top-right corner of the page, click the Save and close icon to save the save the selected attribute as sensitive data. The attribute will be listed in the Sensitive Attributes section.
Define as many sensitive attributes as best suit your needs.
Step 2.3. Define Related Sensitive Entities
You can anonymize an entire chain of sensitive data starting with a found record from the main entity, by adding related sensitive entities to the master sensitive entity.
From each related sensitive entity, you can add one or more other linked entities and so on, like a tree with entities as nodes and sensitive attributes as leaves.
You can define related sensitive entities only if there is at least one 1:N relationship defined on the master entity.
In the sensitive entity configuration page, click the Related Sensitive Entities tab. The list of entities which are linked to the master sensitive entity appears.
To add a new related entity to the master sensitive entity, click the Insert button. The configuration page for a sensitive child entity appears. The Child Entity Configuration tab is displayed.
Fill in the fields described in the table below:
|
Field |
Description |
|---|---|
|
Code |
The sensitive context identifier. |
|
Relation |
Select the link between the master entity and target entity (related entity). This field is mandatory. |
|
Description |
A description of how the configuration should work. |
The Sensitive Attributes section lists all master entity’s attributes defined as sensitive.
From each related sensitive entity, you can add one or more other linked entities and so on, by clicking the Related Sensitive Entities and providing the related entity details and so on.
Once you finished defining the (chain of) sensitive data, save the data by clicking the Save and close icon. The master entity configuration page appears.
Define the rules to be validated on the proposed sensitive data.
Step 2.3. Define Validation Rules
Once you defined which entities and attributes are sensitive, you need to define the rules which will be run over the sensitive data proposed for anonymization.
The data will be anonymized only if the validation rule returns true. For example, sensitive information from customer cannot be anonymized if there is at least one active contract for that customer.
To create validation rules, click the Validation Rules tab. The list of rules defined on the master entity appears. If there are no rules defined, the list is empty.
To define a new validation rule, click the Insert button. The rule configuration page appears. The Main tab is displayed.
Fill in the fields described in the table below:
|
Field |
Description |
|---|---|
|
Code |
The rule identifier. |
|
Name |
The name of the rule. |
|
Description |
Description of what the rule does. |
|
Success Message |
Provide the message returned by a successful rule. |
|
Failure Message |
The message returned by a failure rule |
Click the Rule tab. The Sensitive Validation Rule section appears.
In the Validation Rule field, provide the JavaScript code which will be used to validate specific business conditions based on your needs. The code will return true or false based on success of the rule. If the code execution returns true, all sensitive attributes from the entity configuration will be anonymized; otherwise, a failure message will be returned and the data will not be anonymized, it remains unchanged.
To save the master entity configuration, at the top-right corner of the page, click the Save and close icon.