Sensitive columns

[kazhuravlev]

Administrators should have the ability to mark specific columns as sensitive. This allows users to query data from these columns, but the output will be masked to protect sensitive information.

This feature is designed for handling personal data.

When columns are marked as sensitive, users may still have permission to query these columns, but the output data will be masked. By default:

• Text and strings: Use the MaskingFirstLastSymbol algorithm.
• Numbers: Use the MaskingConstantlyHidden algorithm.
• Other types: Use the MaskingConstantlyHidden algorithm.

Additionally, administrators should be able to specify masking algorithms for each sensitive field in the table. The configuration must allow users to select specific masking algorithms and define options for those algorithms.

Available Masking Algorithms

1. MaskingFirstLastSymbol: Displays the first and last characters of a string with three stars (***) in between.

   • Example: "John Doe" becomes "J***e".

2. MaskingConstantlyHidden: Replaces all data with a constant string: ???.

   • Example: Any input (e.g., 12345, "email@example.com") becomes ???.

3. MaskingNumberRange: Displays numbers in predefined ranges, such as <100, 100-200, >200, or custom ranges specified by the administrator.

   • Example: 123 becomes 100-200.

The configuration should support assigning a specific masking algorithm to each field, along with options for customizing the behavior of the chosen algorithm. This ensures flexibility while protecting sensitive data appropriately.