Data Obfuscation Profiles

The data obfuscation profile contains information about which data to mask. It also tracks the keystore that is required to decrypt the data.

• Enabled profiles--Enable a profile only when you are sure that the expressions correctly target the data that you want to obfuscate. If you want to test the regular expression before you enable the data obfuscation profile, you can create a regex-based custom property.

  A profile that is enabled immediately begins obfuscating data as defined by the enabled expressions in the profile. The enabled profile is automatically locked. Only the user who has the private key can disable or change the profile after it is enabled.

  To ensure that obfuscated data can be traced back to an obfuscation profile, you cannot delete a profile that was enabled, even after you disable it.

• Locked profiles-- A profile is automatically locked when you enable it, or you can lock it manually.

  A locked profile has the following restrictions:

  • You cannot edit it.

  • You cannot enable or disable it. You must provide the keystore and unlock the profile before you can change it.

  • You cannot delete it, even after it is unlocked.

  • If a keystore is used with a profile that is locked, all other profiles that use that keystore are automatically locked.

  The following table shows examples of profiles that are locked or unlocked:

  Table 1: Locked Profile Examples

  Scenario	Result
  Profile A is locked. It was created by using keystore A. Profile B is also created by using keystore A.	Profile B is automatically locked.
  Profile A is created and enabled.	Profile A is automatically locked.
  Profile A, Profile B, and Profile C are currently locked. All were created by using keystore A. Profile B is selected and Lock/Unlock is clicked.	Profile A, Profile B, and Profile C are all unlocked.