In a previous blog post Andrew Hindle discussed the difference between Data Access Filtering and Dynamic Data Masking. This blog post investigates the advantages of combining these two approaches. As of version 1.2, the Axiomatics Data Access Filter for Multiple Databases (ADAF MD) introduces masking capabilities. At the core, Data Access Filtering is an application of Attribute Based Access Control (ABAC) based on the expressiveness of the XACML language. The dynamic data masking capabilities in ADAF MD make use of the same XACML-powered authorization engine, which means data masking in this context can be made subject to complex business rules expressed in the XACML language. The expressiveness of this policy language enables the implementation complex business rules that are far more advanced than the relatively simple rules that data masking solutions typically are based on so far.
This post explains how to perform a custom data masking on a column using ADAF MD.