Re: Controlling access to sensitive data in Dynatrace: data masking and display permissions

jordan_rose · ‎07 Dec 2022

HI all,

I'm just now learning that there is a real challenge with controlling access to sensitive data in Dynatrace. Once you mask data URIs there is really no way to display it to authorized users.

I figured adding the data to a request attribute then ticking the "Request attribute contains confidential data (hides data from unauthorized users)." and the "Allow.... " option would allow only users with "View sensitive data" permission to view the unmasked data in the request attribute.

This does not seem to the case? All of my users can either see the data or they cannot based on ticking that first option - "Allow this request attribute to access unmasked personal data". Adding or removing the permission "View sensitive request data" has no affect?

What am I missing?

How do I allow only specific users access to masked data?

Thanks,

Jordan

josef_schiessl · ‎07 Dec 2022

Hi, its exactly how you described.

However, as far as I know, we have a few built-in rules (eg. Credit-Card Information is always masked regardless), etc. Can you maybe share an example, of where ticking this flag does not have the desired outcome?

Kind regards,

Josef

jordan_rose · ‎07 Dec 2022

I have created a request attribute with below options enabled. All of my users can see the value of this attribute in plain text, even though none of them have the "View sensitive request data" permission.

Request attribute settings -

This same data is masked by this setting and shows as <masked> in the purepaths.

My goal is to mask sensitive data but also give authorized users a way to access it. Per the doc this should be possible using request attributes and permissions.