Skip to main content

Column-Based Access Policy

Important

This documentation is for the newly redesigned policy user interface. If you are looking for the former policy documentation, please refer to Column Access Policies.

Tip

Tag- and column-based policies are similar in the sense that they are ways to apply masking rules based on the type of information or sensitivity level of columns, but at different levels. Tag policy is applied to all columns with that applied tag to provide higher-level masking where a column policy is applied to the specific column at the column level.

If deciding between tag and column policies, our recommendation is to use tag policy because it is more scalable, flexible and easier to manage than column policies.

Column-based policy allows you to mask column values in query results by specifying individual column names. ALTR enforces column-based policies by failing, masking or NULLing query results for selected user roles.

Column-based policy is defined by a user, data and a masking policy to determine if and how query results are returned when data is accessed.

Create Column Policy

Column-based policy is defined by a user, data and a masking policy to determine if and how query results are returned when data is accessed.

  1. Ensure the column to which you are applying policy has been connected in ALTR. Learn more.

  2. Select Policy in the Navigation menu.

  3. Click Create Policy.

  4. Locate the Column Policy card and click Create Policy.

  5. Select the Column that the policy affects. The policy applies masking rules to values within this column.

    Note

    Only columns connected in ALTR display in the dropdown. If your column name does not display in the dropdown, ensure it has been connected to ALTR.

  6. Click Next.

  7. Create the policy rule statement by selecting the following options:

    1. Role that the policy affects, which is an ALTR user group. Learn more.

      Note

      Any roles not included in the policy receive NULL values when querying data protected by ALTR.

    2. Masking policy to determine what transformation, if any, occurs to query results when data is accessed. Learn more.

  8. (Optional) Click Add an alert to configure notifications and/or block users for this policy. Learn more.

  9. (Optional) Click + Rule Statement to add additional rules for this policy.

  10. Click Save.

Delete Column Policy

Delete a column policy to remove masking rules for the specified columns. Columns in query results based on the defined roles and column values will no longer be masked.

To delete a column policy:

  1. Select Policy in the Navigation menu.

  2. Click the column policy you wish to delete.

  3. Click Edit Policy.

  4. Click Delete Policy; the Delete column policy modal displays.

  5. Click Delete Policy to confirm.

In this section: