topic SQL query masked value in Dynatrace Managed environment as admin user in Dynatrace Managed Q&A

SQL query masked value in Dynatrace Managed environment as admin user

rastislav_danis — Fri, 21 Apr 2023 08:23:36 GMT

We enabled bind variables capture at customer Dynatrace Managed environment. customer can now see values of bind variables. but in select there is also masked statement like:

 something='*****'

seen as admin user or as user with flag "View sensitive request data" enabled.

is there any other setup how to unmask this statement? f.e. in this example values of something can be null or 1.

Re: sql query masked value in managed environment as admin user

ChadTurner — Thu, 12 Mar 2020 20:07:41 GMT

I would reach out to support on this as some masking is set up as a safeguard

Re: sql query masked value in managed environment as admin user

dave_mauney — Fri, 13 Mar 2020 02:07:53 GMT

Is it a prepared statement or just an SQL query? My guess is that it's an SQL query and the value is being masked, rather than the question mark in a prepared statement.

Re: sql query masked value in managed environment as admin user

bayu_irsan — Fri, 26 Jul 2024 08:08:19 GMT

Hi Chad,
We have the same question about this masking, any updates we can try to config?

Re: SQL query masked value in Dynatrace Managed environment as admin user

uros_djukic1 — Fri, 26 Jul 2024 10:02:52 GMT

AFAIK the SQL sensor supports prepared statements, transactions and normal queries.
All depends on the result set correlation. The SQL sensor just associates contextual info such as driver type and DSN , with the DB object.
To make bind varible values visible :
1) Enable SQL Bind Value Capture : in Deep Monitoring
2) Override Global Setup (if needed) with Process group "override".
3) Permissions (user account) as you mentioned above "view sensitive request data". Policy : environement:roles:view-sensitive-request-data.

So the last point is essential. Always ensure if we are well migrated our ABAC (role-based permissions) https://docs.dynatrace.com/docs/shortlink/migrate-roles#attribute-based-access-control

The other thing is, even if you enable the capture of bind variable values, certain SELECT queries might still have masked data due to privacy and security measures. As an example, with multiple commands or using executeBatch() method.

Any update since please ?