# Masking Policies

Data masking in TrustLogix allows organizations to protect sensitive information by obscuring data based on defined access policies. This document outlines the steps for creating data masking access policies, including defining conditions, applying masking techniques, and selecting available options.

The **Condition Builder** simplifies policy creation for non-technical users, while the **SQL Builder** offers advanced customization for precise control over data masking rules.

### Steps to Create Data Masking Policies

#### Navigate to Data Masking Policy Configuration

* Log in to **TrustLogix.**
* Click on **Data Sources**.
* Select the relevant **Data Source** (e.g., Health Care Services).
* Click on **Access Policies**.
* Click **Create Policy**.

#### Define Data Masking Policy

* Select **Data Masking** as the policy type.
* Enter the policy name (e.g., `Mask_Sensitive_Data`).
* Click **Next**.

#### Configure Policy Conditions

* Select **Named As** or **Classified As** options to define data classification.
* Click on **Tags** and enter classification keywords (e.g., `SEN` for sensitive data).
* Drop down will list all the tags available in data souce which are tagged at column level.
* Click **Close** after selecting the relevant tag.

#### Apply Masking Techniques

* Select the **Masking Type** from the dropdown options:
  * `Hashing (SHA2)`
  * `Partial Masking`
  * `Null Replacement`
  * `Regular Expression`
  * `Plain Text`
* Click **Next**.

> Masking patterns vary based on the data source type. Not all masking patterns supported across data source type.

#### Define Conditions to Unmask the data for users

* Click **Use SQL Editor** or **Use Condition Builder**.
* Click **Add Condition**.
* The Attribute drop down will list all available principal type options along with entitlement attributes.
* Choose one of the option based on the condition wanted to be built.
* Select the appropriate operator (`Equals`, `Not Equals`, `Contains`, `Starts With`).
* Based on the attribute chosen Match with drop down will show up with available option
* Choose the option from the Match with drop down. Value option will be provided with additional options based on selected Match with option
* Select or enter the value
* Click **Add Condition** or **Add Nested Condition** to add multiple criteria.
* Click on Save
* Modal window popup to show policy generation progress. If there are no errors policy is created and ready to be deployed
* If required, **review and update** conditions before deployment.
* If there are any validation error due to duplicate policy or column conditions mismatch correct them get the policy created and ready to be deployed
* Click on Deploy button to deploy the policy from the modal.

#### Understanding Condition Builder and SQL Builder

* **User-friendly interface** for defining access conditions without requiring SQL knowledge.
* **Attribute Selection:**
  * `Role Name`
  * `User Group`
  * `Department`
  * `Geographical Region`
  * `Country`
* **Operators:**
  * `Equals`
  * `Not Equals`
  * `Contains`
  * `Starts With`
  * `Ends With`
  * `In List`
  * `Not In List`
* **Logical Operators:**
  * `AND`
  * `OR`
  * `Nested Conditions`
* **Value Assignment:**
  * Static values (e.g., `USA`, `EU`, `APAC`).
  * Dynamic values based on user attributes.
* **Advantages**:
  * **User-friendly interface** for defining access conditions without having SQL Knowledge.
  * Allows **nested conditions** for complex policies.
  * Provides **drag-and-drop options** to select attributes, operators, and values.
  * Best suited for **non-technical users** who prefer a guided configuration.
  * Supports logical operators like **AND**, **OR**, and grouping conditions.

**SQL Editor Options:**

* **Advanced tool** for writing custom conditions in SQL syntax.
* **Allows for:**
  * Fine-grained control over policy conditions.
  * Using `JOINs`, `subqueries`, and `complex expressions`.
  * Applying row-level security based on dynamic queries.
* **Example Query:**

```sql
SELECT * FROM HEALTH_CARE.PATIENT_SCHEMA
WHERE STATE IN (SELECT STATE FROM USER_ATTRIBUTES WHERE USER_ID = CURRENT_USER());Condition Builder
```

**Advantages :**

* **Advanced tool** for writing custom conditions in SQL syntax.
* Allows **fine-grained control** over policy conditions.
* Supports **JOINs, subqueries, and complex expressions**.
* Best suited for **technical users** familiar with SQL.
* Provides **query validation** to ensure correctness before applying conditions.