Custom masking

Custom masking is a feature that extends the data protection capabilities of Protect. Protect offers a set of out-of-the-box masking options. Custom masking allows you to define your own data protection methods.

You can manage custom masking via API. For more information, go to the Collibra Protect API documentation.

Note

Custom masking functions are available only in Databricks and Snowflake. If you try to apply custom masking to a column in AWS Lake Formation or BigQuery, the out-of-the-box default masking is automatically applied to the column instead.
You cannot delete a custom masking function that is used in a data protection standard or a data access rule.

Example

The following is an example of a POST request for custom masking in Snowflake.

Copy

{
    "name": "My custom masking",
    "mappings": [
      {
        "provider": "Snowflake",
        "mappings": [
          {
            "dataType": "string",
            "functionName": "hash_my_string"
          },
          {
            "dataType": "number",
            "functionName": "hash_my_number"
          }                    
        ]
      }
    ]
}

If you apply My custom masking to a Snowflake column containing the value Collibra, the value is replaced by the result of the following Snowflake function: hash_my_string(Collibra). However, if you apply this custom masking to a date column, the default masking is automatically applied instead. This is because the POST request does not include any mapping for the date data type.

Important The functionName specified in the mapping cannot contain spaces and cannot exceed 255 characters. Ensure that the masking functions exist on your data source provider. If a function does not exist, synchronization fails.

Masking functions

The following is an example of the syntax for a custom masking function in Databricks.

Copy

create or replace function mydb.myschema.mystring_function(value STRING)
  RETURNS STRING
  RETURN concat("---", sha2(value, 0) , "+++");

The following is an example of the syntax for a custom masking function in Snowflake.

Copy

create or replace function mydb.myschema.mystring_function(value VARCHAR)
    RETURNS VARCHAR
    AS
    $$
       concat('---', sha2(value) , '+++')
    $$;

Compatibility between Protect and Edge capability

Protect and Edge capabilities use different delivery mechanisms, which can result in compatibility differences. For example, you might have a version of Protect that supports custom masking, and a version of the Edge capability does not support it. If you use custom masking in a standard or rule, and your installed Edge capability does not support custom masking, synchronization is not triggered.