Author a Reveal Policy

Click the Policies icon in the navigation menu and select Data Policies. Click New data policy and complete the Policy name field.

Select Reveal as the policy type.

Select one of the following options:

• columns tagged: Select this option and then add tags from the subsequent dropdown.

• columns with any tag

• columns with no tags

• all columns

• columns with names spelled like: Select this option and then enter a regex and choose a modifier in the subsequent fields.

Complete the for everyone who condition to specify who the data should be revealed to. For details about the behavior of these options, see the Masking policies reference guide.

• is a member of group: Select this inclusion and then one of the following options to complete the condition:

  • name: Select name and then enter the group name. If a user is a member of this group, they will see the masked data in the clear.

  • name that matches any column tag: If a user is a member of a group whose name matches any tag on the column, they will see the masked data in the tagged column in the clear.

  • name that matches any data source tag: If a user is a member of a group whose name matches any tag on the data source, they will see the masked data in the tagged data source in the clear.

• possesses attribute: Select this inclusion and then enter the attribute key. Select one of the following options to complete the condition:

  • value: Enter the attribute value. If a user possesses this attribute key-value pair, they will see the masked data in the clear.

  • value that matches any column tag: If a user possesses an attribute with a key and value that matches any tag on the column, they will see the masked data in the tagged column in the clear.

  • value that matches any data source tag: If a user possesses an attribute with a key and value that matches any tag on the data source, they will see the masked data in the tagged data source in the clear.

• is acting under purpose: Select this option and then search for and select the purpose name in the next field. If a user is acting under this purpose, they will see the masked data in the tagged column in the clear.

You can add more than one condition by clicking + New Condition. The dropdown menu in the policy builder will then contain conjunctions for your conditions. If you select or, only one of your conditions must apply to a user for them to see the data. If you select and, all of the conditions must apply.

Opt to complete the Enter Rationale for Policy field, and then click Add.

Click the dropdown menu beneath Where should this policy be applied and select When selected by data owners, On all data sources, or On data sources. If you selected On data sources, finish the condition in one of the following ways:

• tagged: Select this option and then search for tags in the subsequent dropdown menu.

• with columns tagged: Select this option and then search for tags in the subsequent dropdown menu.

• with column names spelled like: Select this option, and then enter a regex and choose a modifier in the subsequent fields.

• in server: Select this option and then choose a server from the subsequent dropdown menu to apply the policy to data sources that share this connection string.

• created between: Select this option and then choose a start date and an end date in the subsequent fields.

  You can add more than one circumstance by clicking + New circumstance. The dropdown menu in the policy builder will then contain conjunctions for your circumstances. If you select or, only one of your circumstances must be true for the policy to apply to a data source. If you select and, all of the circumstances must be true for the policy to apply.

To limit this policy to data sources within specific domains, enter the domains the policy should be restricted to in the Select Domains field.

Click Activate Policy or Stage Policy.