Managing Access Policy
Access policies are set of rules that define how the decrypted data will be revealed to the application users. Different users will reveal data differently. These users are part of user sets.
Let's take an example where there are two user sets named userset1 and userset2. user1 belongs to userset1 and user2 belongs to userset2. For user1 data will be revealed as ciphertext and for user2 data will be revealed as masked value.
If the same user is part of different user sets, the reveal will depend on the user set that was first configured for that user. The user set must be added in the indexing order. The user set with index 0 will have the highest priority, then user set with index 1 and so on.
Each access policy has a default reveal format for the application users that are not part of any user set.
To know more about User Set, refer to Managing User Set.
Access policies specify:
User Set: Contains the list of users who want to access data.
Reveal Format: Determines how the decrypted data will be revealed to application users. Following reveal formats are available:
Error Replacement Value: Client returns the
error_replacement
value to the application users.Ciphertext: Client returns the ciphertext to the application users.
Masked Value: Client first decrypts the data and then masks it and returns masked value to the application users.
Plaintext: Client decrypts data and returns the plaintext to the application users.
In this article you will learn how to: