This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

SQL query masked value in Dynatrace Managed environment as admin user

rastislav_danis
DynaMight Pro
DynaMight Pro

‎28 Sep 2018 02:24 PM - last edited on ‎21 Apr 2023 09:23 AM by Community Team

We enabled bind variables capture at customer Dynatrace Managed environment. customer can now see values of bind variables. but in select there is also masked statement like:

 something='*****'

seen as admin user or as user with flag "View sensitive request data" enabled.

is there any other setup how to unmask this statement? f.e. in this example values of something can be null or 1.

Alanata a.s.
Reply
4 REPLIES 4

ChadTurner
DynaMight Legend
DynaMight Legend

‎12 Mar 2020 08:07 PM

I would reach out to support on this as some masking is set up as a safeguard

-Chad
0 Kudos
Reply

bayu_irsan
Observer
In response to ChadTurner

‎26 Jul 2024 09:08 AM

Hi Chad,
We have the same question about this masking, any updates we can try to config?

0 Kudos
Reply

dave_mauney
Dynatrace Champion
Dynatrace Champion

‎13 Mar 2020 02:07 AM

Is it a prepared statement or just an SQL query? My guess is that it's an SQL query and the value is being masked, rather than the question mark in a prepared statement.

0 Kudos
Reply

uros_djukic1
Dynatrace Mentor
Dynatrace Mentor

‎26 Jul 2024 11:02 AM

AFAIK the SQL sensor supports prepared statements, transactions and normal queries.
All depends on the result set correlation. The SQL sensor just associates contextual info such as driver type and DSN , with the DB object.
To make bind varible values visible :
1) Enable SQL Bind Value Capture : in Deep Monitoring 
2) Override Global Setup (if needed) with Process group "override".
3) Permissions (user account) as you mentioned above "view sensitive request data". Policy : environement:roles:view-sensitive-request-data. 

So the last point is essential. Always ensure if we are well migrated our ABAC (role-based permissions) https://docs.dynatrace.com/docs/shortlink/migrate-roles#attribute-based-access-control

The other thing is, even if you enable the capture of bind variable values, certain SELECT queries might still have masked data due to privacy and security measures. As an example, with multiple commands or using executeBatch() method.

Any update since please ?

Reply
Ask a question

Featured Posts