Protect protects your data through data protection standards and data access rules.
Standards create a primary layer of protection for similar types of data by masking the data wherever it is stored, whereas rules create an additional layer of protection by managing access and enhancing protection for specific usages.
This documentation explains when to create a standard over a rule and vice versa, and what to consider when creating them.
When to create a standard over a rule and vice versa
- Suppose that columns containing the first and last names are a part of the Personally Identifiable Information (PII) data category. Then, regardless of the databases, tables, and schemas to which those columns belong, you can create a standard that targets all of those columns by selecting the PII data category in the standard and masking it.
Then, you can create a rule that grants access to a specific group, for a specific data set, while knowing that all PII within this data set will be masked by the data protection standard. - Suppose that a standard is created to mask a column that is classified as PII for everyone. You, however, want to unmask that PII column for a specific group. You can do so by creating a rule for the same group to unmask the classified column. Rules take priority over standards.
- Suppose that you want to grant access to a group, but the protection from the standard is not enough because there might be other sensitive data within a supported asset. Then, you can create a rule to add additional layers of protection over the ones that were set by the standard. You can further protect the data by applying additional masking on the data or by filtering the data using the row-filtering option in the rule.
What to consider when creating standards or rules
When creating standards or rules for assets, consider how the assets are grouped. Suppose that you have a Business Process asset, BP, which contains the following Data Set assets: DS1, DS2, and DS3. Instead of creating a standard or rule for each of the three Data Set assets (DS1, DS2, and DS3), consider creating a standard or rule that targets the Business Process asset (BP), to save your time.