Bookmark and Share

Recent Posts

Column Masking With Fewer Restrictions

September 29, 2015

For at least as long as there's been a public Internet, there's been a need to mask sensitive personal data. Of course many different software solutions are available in the market today, including IBM's built-in column masking feature that was introduced with DB2 10 for z/OS.

DB2 11 for z/OS includes some enhancements to this feature, a clear sign that customers are taking advantage of these capabilities. The updated version removes some restrictions found in DB2 10, which I’m sure was driven by customer feedback.

Specifically, DB2 11 enables the use of the GROUP BY HAVING clause. In DB2 10 the semantics of the column mask could conflict with the semantics in GROUP BY HAVING. When these conflicts occurred, the MASK couldn't be applied, resulting in an error during BIND time. However, in DB2 11, the columns with a column mask can be referenced in the result set without any restrictions.

The latest DB2 version also corrects some data inconsistencies between the uses of SELECT DISTINCT and SELECT DISTINCT with an aggregate function. Now column masking for an aggregate function with a DISTINCT keyword is applied after duplicates are removed.

Do you use fine-grained access and masking? How do you feel about these enhancements? Please share your experiences in comments.

Posted September 29, 2015| Permalink

comments powered by Disqus