Data Obfuscation is a Perspectium function that allows users to specify obfuscation rules for data shared using Dynamic and Bulk Shares as per General Data Protection Regulation (GDPR).
There are several different types of obfuscation rules. Users can apply any number of these rules to a dynamic or bulk share by checking the “Advanced” box and then under the “Advanced” tab checking “Enable data obfuscation”. After updating or saving the form, a related list of obfuscation rules will appear at the bottom of the form. If no obfuscation rules have been created yet it will be empty. Obfuscation rules can be named and must be given an order, which determines the order in which the rules are run (ascending).
To create a new rule press “New”. A form for creating a new rule will change based on what type is selected. There are three types of obfuscation rules to choose from:
The Field obfuscation rule allows a user to choose a field to obfuscate in their outbound message. The field will be replaced by an equal number of masking characters.
Pattern and Replacement rules directly modify the entire XML payload of the outbound record. Be careful not to write a regular expression or replace something in a way that creates invalid XML or unintentionally changes the XML structure (which can cause unintended errors or consequences). Pattern and Replacement rules also modify most related records such as child table, audit log, journal field, attachment, and history set records if they are shared out.
The Replacement obfuscation rule allows a user to specify search values which will be replaced by a masking value. To create a Replacement obfuscation rule first insert a new obfuscation rule with Type selected as “Replacement”. Fill out the rest of the form then press “Submit”. A related list of search value records will appear at the bottom of the form. Each search value will be replaced with the masking value if found in an outbound message.
A masking value (the value to replace with) cannot be longer than a corresponding search value (the value to replace). This is to prevent writing past ServiceNow's maximum length for a field.
Users can quickly add a large number of search values to replace by uploading a CSV file. The CSV file should be a list of comma separated search values which will be added to the Replacement rule.
Users can visit the Data Obfuscation Dashboard to easily view information about their data obfuscation rules. To get to the dashboard search for the module “Data Obfuscation Dashboard” under “Perspectium” in the left hand navigation bar and click on it.
The top widget contains two tables containing information on each dynamic and bulk share with active data obfuscation rules. The first column shows the name of each share which will take users to the respective share when clicked on. The table specifies which table each share is targeting. The last three columns show each type of data obfuscation (Field, Pattern, or Replacement). A green check indicates at least one data obfuscation rule of that type is active for that share, whereas a red X indicates no data obfuscation rule of that type is active.
The dashboard also shows the total number of records obfuscated from each table as well as the total number of obfuscation rules on each table.
If you delete any of the widgets on the dashboard page you will not be able to get them back unless you reinstall the ServiceNow core update set. Accidentally deleting the widget will not affect your Data Obfuscation rules.