Column masks #

Starburst Galaxy’s column masks let you control how a column’s value is displayed to affected users. A column mask can be added to a policy. Column masks are created from the Column masks pane.

See Policies > Column masks for more details.

Column masks pane #

Use the Column masks pane to view the list of column masks and their properties, as well as to create, edit, and delete column masks.

The Column masks navigation menu link is only visible to users whose active role set includes the MANAGE_SECURITY account privilege.

View column masks #

The Column masks pane lets you view a list of your column masks including useful information such a description, use count, and ownership.

Use the Search column masks field to find column masks that match your search term. For example, you can search accountadmin to find column masks owned by the accountadmin role.

×

The following columns are displayed:

• Column mask name: The name given to the column mask.
• Column mask type: The data type selected for the column mask.
• Column mask expression: The expression that describes how a column’s value should be displayed to the affected users.
• Use count: The number of times the column mask is in use.
• Description The description given to the column mask.
• Owning role: The role that owns the filter.
• Created: The timestamp when the filter was created.
• Last updated: The timestamp when the filter was last updated.

To reorder the column mask view, click a column name to sort by that column. Click the column name again to reverse the sort order.

Create column masks #

To create a column mask:

1. Click Create column mask.
2. In the dialog, enter a name in he Name field.
3. Use the Column mask type menu to select the data type. VARCHAR is selected by default.
4. Enter a description for the column mask in the Description field.

5. Enter an expression in the Column mask expression field. This expression is the output that appears to users when the mask is applied, written as a regular expression. You can write a string in double quotes such as "String contents" to mask all values as that string, or you can write a statement using @column to extract the value and wrap it in a series of functions and operators to customize the output that appears to the user.

   For example, a column mask expression to hide string values with a SHA-256 hash can be done using the following expression:

    lower(to_hex(sha256(to_utf8(cast("@column" as varchar)))))
   

6. Click Create column mask.

Edit column masks #

To edit an existing column mask:

1. Click the ( ) options menu on the column masks list.
2. Select Edit column mask settings.
3. Make your changes to the Name, Column mask type, Description, and Column mask expression fields.
4. Click Save column mask.

To change the column mask’s owner:

1. Click the ( ) options menu on the column masks list.
2. Select Change owner.
3. Select a new owner in the New owner drop-down menu.
4. Click Change owner.
5. Click Change in the confirmation dialog.

Delete column masks #

To delete a column mask:

1. Click the ( ) options menu on the column masks list.
2. Click Delete column mask.
3. Click Yes, delete in the confirmation window.

Deleting a column mask cannot be undone.

Apply column masks to policies #

Column masks are applied to policies upon policy creation or when editing a policy.

See Access control > Roles and privileges > Policies tab for more information.