Masking Sensitive Data
TDM systems often handle sensitive data. To comply with data privacy laws and regulations, Fabric can mask sensitive fields — such as SSN, credit card numbers, and email addresses — before they are loaded either to Fabric or into the target database.
The TDM infrastructure controls whether masking is enabled or disabled based on the settings of global variables.
Integrating Catalog Masking
Fabric's Discovery and Catalog solution provides an insight into the Fabric interfaces. The Fabric Catalog supports a Catalog-based masking of PII fields.
From TDM V8.1 onwards, the TDM templates add the CatalogMaskingMapper Actor to LU population flows in order to integrate with Catalog masking. This Actor applies Catalog-based masking to detected PII fields before loading them into the LU table.
TDM Processes that Mask Sensitive Data
LU population flows — the TDM templates add the CatalogMaskingMapper Actor to LU population flows to apply Catalog-based masking on detected PII fields before loading them into the LU table. It is possible to edit the population flows to override the Catalog’s masking for certain PII fields. To do this, add masking Actors after the CatalogMaskingMapper Actor and link them to the relevant fields in the DbLoad Actor.
- If the masked field is used as an input argument linked to another LU table, add the masking population — which masks the fields in all LU tables — to the last executed LU table. This ensures the original value is available when populating the LU tables.
Load flows — the TDM templates add the HandleMaskAndSeqFields flow to the load flows. This flow is invoked for each record to mask its PII fields and replace its sequences if needed. Masking is performed using the CatalogMaskingRecord Actor.
Table-level flows — the TDM table-level extract flow uses the CatalogMaskingMapper Actor to mask sensitive data.
Overriding Catalog Masking
Overriding Catalog masking may be necessary when PII fields are dependent on each other, as Catalog masking handles each field separately.
If a dependency between PII fields is required (as in the following examples), you can override Catalog masking for those fields.
Examples:
Address — the masked city, street name, and zip code values must be related.
Email — the masked email address contains the masked first and last name values.
LU populations: Add the masking Actors after the CatalogMaskingMapper Actor and link them to the relevant fields in the DbLoad Actor in order to override Catalog masking.
Load flows: Add the masking Actors after the HandleMaskAndSeqFields flow and link them to the relevant fields in the DbLoad Actor in order to override Catalog masking.
If you need to send the original (source) values to the Masking Actors in LU population or load flows, first move the Query result to an ArrayBuilder Actor. Then, connect the ArrayBuilder output to the CatalogMaskingMapper Actor (for LU population flows), or to the HandleMaskAndSeqFields flow (for load flows), instead of connecting the Query result directly. This setup allows the Query output to be used twice: once by the CatalogMaskingMapper/HandleMaskAndSeqFields and once by the Masking Actors.
If your flows mask a PII field using the masking Actors (overriding Catalog masking), it is recommended to remove the PII classification in the Catalog for that field in order to prevent unnecessary double masking.
TDM — Masking Categories
One of the masking Actors' input parameters is named category. This parameter specifies when the masking Actor should generate a new value, for example, when masking sensitive data or replacing an ID (sequence). The following values can be set for the category parameter:
- enable_sequences, which generates a new ID value
- enable_masking, which masks sensitive data
- Any custom string value
A new custom value, enable_masking_uniqueness, was introduced in TDM V8.1. This category parameter is set to true if either the enable_sequences or enable_masking category parameter is set to true by the TDM task execution process.
By default, the category parameter is set to enable_masking for all masking Actors, except for the MaskingSequence Actor, where it is set to enable_sequences. The enable_masking_uniqueness category parameter is primarily used for PII fields that require unique values, such as SSNs. For these fields, it is recommended to set the masking Actor's category parameter to enable_masking_uniqueness.
Masking Category Settings in TDM Execution
TDM execution processes set the masking categories to true or false according to the task execution settings:
|
Category |
LU Population (extract part) |
Load Process |
|
enable_masking |
This attribute is set based on the source environment's setting. |
Will be set to true for the following tasks:
|
|
enable_sequences |
N/A |
Will be set to true for the following tasks:
|
|
enable_masking_uniqueness |
Set to true if the enable_masking or enable_sequences are true. |
Will be set to true for the following tasks:
|
Notes:
TDM's entity cloning task creates X clones for a single LU Instance (LUI). To allow both data protection and uniqueness, masking must be applied during both the extract and load processes: extract masking secures sensitive data when the LUI syncs, while load masking assigns different masked values to each cloned LUI, ensuring different masked values across all clones. The clone_id can be found in the masking caching key.
TDM V8.0 added root_iid to the caching key to maintain referential integrity on PII fields across different LUs within a task’s BE.
For example, CRM and Billing LUs keep the Customer data. To ensure the customer name is identical in both LUs for a given customer, the root_iid can be set using the customer ID. This preserves referential integrity between the CRM and Billing LUs. It is recommended to set the useInstanceId input argument of the masking Actors to true to maintain referential integrity of PII fields within Business Entity LUs.
Click here to learn how to use masking Actors.
Click here to learn how the TDM task execution process builds the entity list.
Masking Sensitive Data
TDM systems often handle sensitive data. To comply with data privacy laws and regulations, Fabric can mask sensitive fields — such as SSN, credit card numbers, and email addresses — before they are loaded either to Fabric or into the target database.
The TDM infrastructure controls whether masking is enabled or disabled based on the settings of global variables.
Integrating Catalog Masking
Fabric's Discovery and Catalog solution provides an insight into the Fabric interfaces. The Fabric Catalog supports a Catalog-based masking of PII fields.
From TDM V8.1 onwards, the TDM templates add the CatalogMaskingMapper Actor to LU population flows in order to integrate with Catalog masking. This Actor applies Catalog-based masking to detected PII fields before loading them into the LU table.
TDM Processes that Mask Sensitive Data
LU population flows — the TDM templates add the CatalogMaskingMapper Actor to LU population flows to apply Catalog-based masking on detected PII fields before loading them into the LU table. It is possible to edit the population flows to override the Catalog’s masking for certain PII fields. To do this, add masking Actors after the CatalogMaskingMapper Actor and link them to the relevant fields in the DbLoad Actor.
- If the masked field is used as an input argument linked to another LU table, add the masking population — which masks the fields in all LU tables — to the last executed LU table. This ensures the original value is available when populating the LU tables.
Load flows — the TDM templates add the HandleMaskAndSeqFields flow to the load flows. This flow is invoked for each record to mask its PII fields and replace its sequences if needed. Masking is performed using the CatalogMaskingRecord Actor.
Table-level flows — the TDM table-level extract flow uses the CatalogMaskingMapper Actor to mask sensitive data.
Overriding Catalog Masking
Overriding Catalog masking may be necessary when PII fields are dependent on each other, as Catalog masking handles each field separately.
If a dependency between PII fields is required (as in the following examples), you can override Catalog masking for those fields.
Examples:
Address — the masked city, street name, and zip code values must be related.
Email — the masked email address contains the masked first and last name values.
LU populations: Add the masking Actors after the CatalogMaskingMapper Actor and link them to the relevant fields in the DbLoad Actor in order to override Catalog masking.
Load flows: Add the masking Actors after the HandleMaskAndSeqFields flow and link them to the relevant fields in the DbLoad Actor in order to override Catalog masking.
If you need to send the original (source) values to the Masking Actors in LU population or load flows, first move the Query result to an ArrayBuilder Actor. Then, connect the ArrayBuilder output to the CatalogMaskingMapper Actor (for LU population flows), or to the HandleMaskAndSeqFields flow (for load flows), instead of connecting the Query result directly. This setup allows the Query output to be used twice: once by the CatalogMaskingMapper/HandleMaskAndSeqFields and once by the Masking Actors.
If your flows mask a PII field using the masking Actors (overriding Catalog masking), it is recommended to remove the PII classification in the Catalog for that field in order to prevent unnecessary double masking.
TDM — Masking Categories
One of the masking Actors' input parameters is named category. This parameter specifies when the masking Actor should generate a new value, for example, when masking sensitive data or replacing an ID (sequence). The following values can be set for the category parameter:
- enable_sequences, which generates a new ID value
- enable_masking, which masks sensitive data
- Any custom string value
A new custom value, enable_masking_uniqueness, was introduced in TDM V8.1. This category parameter is set to true if either the enable_sequences or enable_masking category parameter is set to true by the TDM task execution process.
By default, the category parameter is set to enable_masking for all masking Actors, except for the MaskingSequence Actor, where it is set to enable_sequences. The enable_masking_uniqueness category parameter is primarily used for PII fields that require unique values, such as SSNs. For these fields, it is recommended to set the masking Actor's category parameter to enable_masking_uniqueness.
Masking Category Settings in TDM Execution
TDM execution processes set the masking categories to true or false according to the task execution settings:
|
Category |
LU Population (extract part) |
Load Process |
|
enable_masking |
This attribute is set based on the source environment's setting. |
Will be set to true for the following tasks:
|
|
enable_sequences |
N/A |
Will be set to true for the following tasks:
|
|
enable_masking_uniqueness |
Set to true if the enable_masking or enable_sequences are true. |
Will be set to true for the following tasks:
|
Notes:
TDM's entity cloning task creates X clones for a single LU Instance (LUI). To allow both data protection and uniqueness, masking must be applied during both the extract and load processes: extract masking secures sensitive data when the LUI syncs, while load masking assigns different masked values to each cloned LUI, ensuring different masked values across all clones. The clone_id can be found in the masking caching key.
TDM V8.0 added root_iid to the caching key to maintain referential integrity on PII fields across different LUs within a task’s BE.
For example, CRM and Billing LUs keep the Customer data. To ensure the customer name is identical in both LUs for a given customer, the root_iid can be set using the customer ID. This preserves referential integrity between the CRM and Billing LUs. It is recommended to set the useInstanceId input argument of the masking Actors to true to maintain referential integrity of PII fields within Business Entity LUs.
Click here to learn how to use masking Actors.
Click here to learn how the TDM task execution process builds the entity list.
