Column-Based Access Policy

Tip

Tag- and column-based policies are similar in the sense that they are ways to apply masking rules based on the type of information or sensitivity level of columns, but at different levels. Tag policy is applied to all columns with that applied tag to provide higher-level masking where a column policy is applied to the specific column at the column level. Choose to apply tag or column policy but not both. If deciding between tag and column policies, our recommendation is to use tag policy because it is more scalable, flexible and easier to manage than column policies.

Column-based policy allows you to mask column values in query results by specifying individual column names. ALTR enforces column-based policies by failing, masking or NULLing query results for selected user roles.

Column-based policy is defined by a user, data and a masking policy to determine if and how query results are returned when data is accessed.

Create Column Policy

Column-based policy is defined by a user, data and a masking policy to determine if and how query results are returned when data is accessed.

1. Ensure the column to which you are applying policy has been connected in ALTR. Learn more .
2. Select Policy in the Navigation menu.
3. Click Create Policy .
4. Locate the Column Policy card and click Create Policy .
5. Select the Column that the policy affects. The policy applies masking rules to values within this column.
6. Click Next .
7. Create the policy rule statement by selecting the following options:
   1. Role that the policy affects, which is an ALTR user group. Learn more .
   2. Masking policy to determine what transformation, if any, occurs to query results when data is accessed. Learn more .
8. (Optional) Click Add an alert to configure notifications and/or block users for this policy. Learn more.
9. (Optional) Click + Rule Statement to add additional rules for this policy.
10. (Optional) Disable Policy State to deactivate the policy if you want to create the policy now and activate it later. The policy can be activated at any time. To deactivate after the policy is created, first resolve all alerts. Deactivating a policy stops applying controls to your data.
11. Click Save .

Edit Column Policy

Edit a column policy to update masking rules on specified columns or to activate/deactivate the policy. The policy can be activated at any time. To deactivate, first resolve all alerts.

To edit a column policy:

1. Select Policy in the Navigation menu.
2. Expand the policy to edit.
3. Click Edit Policy .
4. Update the policy as needed.
5. Click Save .

Delete Column Policy

Delete a column policy to remove masking rules for the specified columns. Columns in query results based on the defined roles and column values will no longer be masked.

To delete a column policy:

1. Select Policy in the Navigation menu.
2. Expand the policy to delete.
3. Click Edit Policy .
4. Click Delete Policy ; the Delete column policy modal displays.
5. Click Delete Policy to confirm.