Predefined Mask Types

Describes the predefined Dynamic Data Masks.

The following table describes the predefined masks that Dynamic Data Masking supports.

Mask Description Supported Data Types
mrddm_redact This data mask will mask all alphabetic characters with “x” and all numeric characters with “0” for Strings. For other data types, the mask replaces all values with whatever is equivalent to 0 for that data type. For dates, this will set the date to January 1, 1970. If the data type is a Timestamp, the mask will zero out the time to show 00:00:00. This will protect all data, except the general format and patterns of the data.

Examples

"mapr123" → "xxxx000"

12345 → 0

July 29, 2021 → Jan 01, 1970

Binary, Boolean, Byte, Int, Long, Short, String, Float, Double, Time, Timestamp, Date, Array
mrddm_last4 Displays only the last four characters and replaces everything else with *. This can be used in a wide number of applications, including credit card numbers, passport information, and social security numbers. If the string is four characters or less, all data for that column is masked.

Examples

"mapr123" → "***r123"

"310027890" → "*****7890"

 String, Array
mrddm_first4 Displays only the first four characters. This is very similar to the last4 data mask, but just shows the first characters instead.

Examples

"mapr123" → "mapr***"

"4400000000000008" → "4400************"

 String, Array
mrddm_first6last4 Displays only the first six characters and last four characters. This is very similar to the last4 data mask format.

Example

"4400000000000008" → "440000******0008"

 String, Array
mrddm_email Displays the first two characters and the last two characters of the user name, and the first character of the domain and the whole top-level domain. For example example@hpe.com will be masked to ex***le@h**.com. An email address with four or fewer characters in the name is fully masked. This mask format will work only for email formats, that is has a prefix with an “@” after, followed by a domain that is represented by a string with a dot, then another string. If the row has an incorrect format, xx*xx@xxx.badFormat will be displayed for that row in that column.

Examples

"bobb@snd.org" → "****@s**.org"

"helloword@hpe.com" → "he******ld@h**.com"

"helloworld123" → "x*x@x.badFormat"

 String (in format of email) , Array
mrddm_hash Displays the hash of the data. This is useful for verifying if two cells match but will not show the pattern or the length of the data.

Example

"helloworld123" → "A1FE8F79A121256842E7AAEF2AB1E339A553A74FE05834CA081259CF66AC5FB5"

 String, Array
mrddm_date Displays a generic date for all date fields but shows the correct year. This mask makes all months and days of the month into the value one.

Example

"March 21, 2021" → "Jan 1, 2021"

If the data type is a Timestamp, the mask zeroes out the time to show 00:00:00. 		Timestamp, Date
You can apply any data mask to arrays that contain elements of allowed datatypes for that specific DDM. The behavior of this will just mask each value inside the array individually with whatever mask was tagged to the column the array is in. Any values that have the incorrect type, or is a document inside the array, will not get masked. For example:
Unmasked Values:
  {"_id":"1","CC_Number":["4602991456888310","4485525035496110","4539575160102150"],
  "Email":["bob@hpe.com","alice@hpe.com","bill@hpe.com"],"Name":["Bob","Alice","Bill"],
  "SSN":["210549785","512491532","710254675"]} 

Masked Values:
  {"_id":"1","CC_Number":["460299******8310","448552******6110","453957******2150"],
  "Email":["***@h**.com","al*ce@h**.com","****@h**.com"],"Name":["xxx","xxxxx","xxxx"],
  "SSN":["*****9785","*****1532","*****4675"]}