Data protection types

Important

In Collibra 2024.05, we launched a new user interface (UI) for Collibra Data Intelligence Platform! You can learn more about this latest UI in the UI overview.

Use the following options to see the documentation in the latest UI or in the previous, classic UI:

Latest UI Classic UI

Protect offers the following types of protection for the tables and columns in your databases through its data protection standards and data access rules.

Tip In the following documentation, the term data refers to the tables and columns in a database.

Protection type	Description	Availability
Access-based	Grants access to data.	Rules only
Column-based	Masks data based on Data Category or Data Classification.	Standards and rules
Row-based	Filters data based on Data Classification.	Rules only

Access-based protection

Access-based protection is the most basic type of protection that you can apply to your data. It involves granting the right group access to data based on the Collibra assets. It is available only in rules.

Example Suppose that you want the HR group to be able to access the data in the Sales data set. You can then create a data access rule to grant access to the HR group for the Sales data set.

Image of the Data Access Rule dialog box with access-based protection

Column-based protection

Column-based protection uses masking levels to protect data in specific columns based on the Data Category or Data Classification assigned to the columns. It is available in both standards and rules.

Protect offers the following levels of column masking, ordered from most masked to least masked.

Masking level	Restrictiveness scale	Description
Custom masking	Most restrictive masking	Shows the data as you define. For more information, go to Custom masking.
Default masking	Highly restrictive masking	Shows the data as 0.
Hashing	Moderately restrictive masking	Shows the data as a set of different letters, numbers, and symbols.
Show last	Less restrictive masking	Shows the last few characters of the data. You can choose to show the last 1 through 20 characters of the data, with 4 being the most common choice.
No masking	Least restrictive masking	Shows the original data. This masking level is available only in data access rules.

Example Suppose that you want the HR group to be able to access your source data, but you want to protect any data that is classified as personally identifiable information (PII) by masking it. You can then create a data protection standard to grant access to the HR group, and mask PII data by applying the required masking level. For more examples, go to Data protection standards and data access rules.

Image of the Data Protection Standard dialog box with column-based protection

Row-based protection

Row-based protection uses row filters to control which rows are visible in a table. It is available only in rules.

Protect offers the following row filters to manage data visibility:

Hide: This filter hides only specific rows in a table based on the Data Classification assigned to the columns, while showing the rest.
Show: This filter shows only specific rows in a table based on the Data Classification assigned to the columns, while hiding the rest.

These filters operate exclusively, meaning that you can't apply both filters simultaneously for the same Data Classification for the same group.

Example Suppose that you want the Sales group to be able to access the data set of only US-based customers. You can then create a data access rule to grant access to the Sales group, and show only the required rows by applying a row filter.

Image of a rule showing row-based protection

Example Suppose that you want the HR group to be able to access the data set of only US-based customers. You can then create a data access rule to grant access to the HR group, and show only the required rows by applying a row filter.

More information

Consider the Customer asset, which contains the following columns, where the Country column is classified as Region.

Customer ID	Name	Country	Amount
1	Anya A	US	1000
2	Bobby B	Canada	1500
3	Carol C	US	2000
4	Dora D	UK	3000

Without row-based protection in the rule, the HR group can see all the rows in the table. Howerver, with row-based protection, the HR group can see only those rows that contain the value US in the Country column.

Customer ID	Name	Country	Amount
1	Anya A	US	1000
3	Carol C	US	2000