Custom Values

Problem

For a given application, we want to be able to define a generic anonymization policy by replacing certain fields with a static value.

For example, systematically replacing the "url" field of a "navigation_history" table with the address "https://wikipedia.fr ".

 
SECURITY LABEL FOR anon ON COLUMN navigation_history.url 
IS $$ MASKED WITH VALUE 'https://wikipedia.fr' $$; 

Since the application may be deployed in different countries, we want to be able to adapt these static values depending on the local context.

For example, if the same application is deployed in Italy, we would want to use the address "https://wikipedia.it".

Solution

To achieve this, we can declare a local variables in the database as a JSON dictionary containing the values to be overridden.

We can name this variable anon.custom_values and define it as follows:

 ALTER DATABASE mon_application SET anon.custom_values TO '{ "url": "https://wikipedia.it", "city": "Roma", "postcode": "OOO42"}'; 

Now, if we connect to the database, we can access the variable with SHOW or the current_settings() function:

 
SHOW anon.custom_values; 
anon.custom_values 
--------------------------------------------------------------------- 
'{ "url": "https://wikipedia.it", "city": "Roma", "postcode": "OOO42"} 
(1 row) 

SELECT current_setting('anon.custom_values'); 
current_setting 
--------------------------------------------------------------------- 
'{ "url": "https://wikipedia.it", "city": "Roma", "postcode": "OOO42"} 
(1 row) 

And to read the JSON dictionary we will use the "->>" operator:

SELECT current_setting('anon.custom_values')::JSON ->> 'url'; 
?column? 
-------------------- 
https://wikipedia.it (1 row) 

We can then create a function anon.custom_values(key, [default]) that retrieves this value, or uses the default value if it does not exist:

 
SELECT COALESCE ( NULLIF(current_setting('anon.custom_values'),'')::JSON ->> 'url', 'https://wikipedia.fr'); 
coalesce 
---------------------- 
https://wikipedia.it 
(1 row) 

And use this formula in the initial anonymization rule:

 
SECURITY LABEL FOR anon ON COLUMN navigation_history.url 
IS $$ 
  MASKED WITH FUNCTION anon.custom_value('url','https://wikipedia.fr')
$$; 

The custom_value getter function could also be used in custom masking function

 
CREATE OR REPLACE FUNCTION custom.fake_name() 
RETURNS TEXT AS 
$$ 
  SELECT anon.random_string(anon.custom_value('string_length'));
$$ LANGUAGE SQL; 

Security

• Declare the function as restricted to avoid a masked user from revealing the custom values.