This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Enhancement? Data Masking at a Recipe Level and/or Connector Level

mroldanvega
Executive Chef I
Executive Chef I

โ€Ž10-05-2021 07:33 PM

It would be great if we could set up the data masking flag at a recipe leval, or at a connector level. In recipes with lots of actions, it is difficult to keep track and manage which actions were masked and which were not.


Anyone has any suggestions for this?

0 Kudos
13 REPLIES 13

steven-marissen
Executive Chef I
Executive Chef I

โ€Ž10-06-2021 07:17 AM

I assume it would also come in handy to have the main recipe provide context to underlaying (possibly shared) callable recipes whether to process that request confidentially or not depending on which main recipe it gets called from.

0 Kudos

deven-maru
Workato employee
Workato employee

โ€Ž10-06-2021 09:34 PM

hi Steven Marissens good question. Our approach has been to keep the settings at per recipe level for all recipe types (trigger based or callable). Since the callable recipe is also a recipe on its own, the recipe level settings are available there as well to provide maximum flexibility to the users. It becomes important in cases where the callable recipe is a shared recipe where the context could be different depending on the calling recipe. Since it's a recipe level setting it will apply to all jobs of the callable recipe regardless of which recipe called it.

0 Kudos

tridivesh
Workato employee
Workato employee

โ€Ž10-06-2021 10:29 PM

Manuel Roldan-Vega Steven Marissens Deven Maru :


Since turning on data masking turns off logging, you lose the access to the data for troubleshooting. If the primary purpose of data masking is to keep data protected/private from "unauthorized eyes", would a special permission to view logs suffice? Whether it be masking recipes, connections or steps in a recipe, it still does require a good amount of rigor/discipline to turn on masking.

It would be simpler to block users/roles from viewing log data, the same way network tracing access works today?


0 Kudos

mroldanvega
Executive Chef I
Executive Chef I

โ€Ž10-07-2021 06:58 PM

Tridivesh Sarangi - The only problem i see is that it would 'hide' all the logs, and not logs specific to a connection/application. So it is an all or nothing.

Also, will the role only prevent the user from seeing the data, but would still allow to see the execution table (job id, time, etc.), or would it hide the complete job tab in the recipe?


cc. Deven Maru Steven Marissens

0 Kudos

mroldanvega
Executive Chef I
Executive Chef I

โ€Ž10-12-2021 05:28 AM

Tridivesh Sarangi - one other consideration here is that with data masking you are not storing sensitive data in the logs, but with the permissions approach you are (just hiding it). I think this has can have implications from a compliance perspective. Yet again, for compliance we could set the masking at a step level.

0 Kudos
Copyright © 2024 Khoros, LLC