SYSCAT.DM.MASK.
Data masking rules consist of individual rule types that define the
specific masking action or algorithm to apply to the data. The rules
in effect are as follows:
These rule types are valid for use in FedSQL queries
and are applied over literal values or individual columns to hide
personally identifiable information.
SYSCAT.DM.MASK function
accepts defaults configured as package options in addition to the
various arguments associated with each rule type. For example, the
KEY argument for the ENCRYPT rule type defaults to the value configured
as the ENCRYPT_KEY package option. To configure
default masking parameters as package options, use the ALTER
SERVER DDL command. The following example sets a default
encryption key used by the ENCRYPT and HASH rule types:ALTER SERVER {options PACKAGE(name 'DM',
ENCRYPT_KEY ’212e8ba6b7f84796a87a985d54277f2f’)}
DECRYPT rule
type.
SYSCAT.DM.MASK function
with the specified rule types and arguments to mask a value containing
PII. The rule type argument must be a string constant. Argument names
are not case sensitive. Here is the syntax:SYSCAT.DM.MASK( 'rule-type', value [, rule-arguments])Here is the syntax for the rule arguments:
[, 'rule-arg-name1', 'rule-arg-value1', [, 'rule-arg-name2', 'rule-arg-value2', ...]] )
SYSCAT.DM.MASK( 'ENCRYPT', value [, rule-arguments ] ), SYSCAT.DM.MASK( 'DECRYPT', value [, rule-rguments ] )
Argument type: Required. Case-insensitive string constant.
| AES/FIPS* | AES/FIPS: RSA licensed FIPS compliant AES encryption. |
| AES* | RSA-licensed AES encryption. |
| SAS002 | SAS Proprietary. |
| BASE64 | Base 64 encoding. |
| SAS004 | Alias for AES/FIPS. |
| SAS003 | Alias for AES. |
| SAS001 | Alias for BASE64. |
Argument type: Case-insensitive Boolean string constant or 1 or 0.
EXPAND_PREC is
active by default. If the encrypted value does not fit in the column,
this option returns an empty string for VARCHARor NVARCHAR,
or all-blank for CHAR or NCHAR.
SYSCAT.DM.MASK( 'HASH', value [, rule-arguments ] ),
SYSCAT.DM.MASK( 'DECRYPT', value [, rule-rguments ] )