I am looking for guidance on ensuring automatic data masking/hiding during data exports to csv/excel files based on Data Protection Classification in Ataccama ONE. From the documentation, it appears that access to sensitive attributes (ones tagged with terms that have data classification tags applied to them) can be restricted for unauthorized users, but I would like to confirm: 1. How can we configure permissions to ensure that unauthorized users can still export data but only receive masked/hidden values for classified attributes? What permissions do we give them? 2. Is it possible to automatically apply masking transformations based on classification tags, so that even authorized users exporting data only receive masked values instead of raw sensitive data? 3. Are there any recommended workflows for enforcing automatic masking at the export level while leveraging Data Protection Classification?
Thank you,
Karine
Best answer by anna.spakova
Hello @karine.davtyan ,
thank you for your questions.
The export should be possible for anyone with the View Data permissions or higher on the catalog item you want to export: https://docs.ataccama.com/one/latest/sources/data-export.html. The application takes care of the data masking so if the user cannot see some hidden attributes in the web application, the masking will be automatically applied to the export as well. Please note that while the access of the users to the catalog item can be View Data, the access to the tag must be View Metadata Access as a maximum (anything higher would basically disable the tag for the group/user), see.https://docs.ataccama.com/one/latest/user-access-management/data-protection-classification.html
AFAIK this is not possible to do, users can only uncheck the attributes during the export and will not receive them at all. I can only advise to create a feature request. A workaround is (for those users that can export the data) to use the ONE Desktop tool to hide the data after the export.
The data hiding during export is automatic so no workflow is needed at the moment.
Please let me know if this answers your questions or if further clarification is needed.
The export should be possible for anyone with the View Data permissions or higher on the catalog item you want to export: https://docs.ataccama.com/one/latest/sources/data-export.html. The application takes care of the data masking so if the user cannot see some hidden attributes in the web application, the masking will be automatically applied to the export as well. Please note that while the access of the users to the catalog item can be View Data, the access to the tag must be View Metadata Access as a maximum (anything higher would basically disable the tag for the group/user), see.https://docs.ataccama.com/one/latest/user-access-management/data-protection-classification.html
AFAIK this is not possible to do, users can only uncheck the attributes during the export and will not receive them at all. I can only advise to create a feature request. A workaround is (for those users that can export the data) to use the ONE Desktop tool to hide the data after the export.
The data hiding during export is automatic so no workflow is needed at the moment.
Please let me know if this answers your questions or if further clarification is needed.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
