Specify Object & Field Masking


Overview :

To achieve scalability and high performance, you can split records of the same objects into different chunks. 

For example, the Contact object contains 18 million records distributed evenly over three years. Suppose we then decide to split the Contact object into three unique mappings – this means that each mapping will now have six million records. This split allows the processing of all three batches of six million records simultaneously instead of processing one contact masking batch containing all 18 million records.

Solution :

After the creation of the Configuration record, you need to add objects and fields to the object masking and field masking records.

The following steps cover how to create these object-masking and field-masking records.

Object Masking

Step 1: Navigate to the ‘Configuration’ tab

Click on the ‘Configuration’. You will now see all of the configurations that you have created.

Step 2: Navigate to the ‘Object Masking’ section

Click on any configuration record and scroll down to the ‘Object Masking’ section.

Step 3: Create an Object Masking record

Click the ‘New’ button to add an Object Masking record.

You will then be prompted to select a record type: ‘Delete Records’ or ‘Mask Records’ 

Delete Records: If you want to delete records, select the ‘Delete Records’ button and click ‘Next’. By doing this, the Delete Records Page Layout will display.

Mask Records: If you want to mask records, then select the “Mask Records” radio button. By clicking on this, the Mask Records Page Layout will display.

Select an Object and determine Group, Sequence, Batch Size, and Filter Criteria, then select the ‘Use Bulk API’ checkbox. This allows you to process records in bulk and improve masking performance.

  • Group

The Group criteria decide on masking priority. That means objects that are added in Group 1 will be masked first, followed by objects in Group 2, and so on up to Group 10. You can add an unlimited amount of objects in a single Group and put Standard as well as Custom Objects in the same Group or a different Group

  • Sequence

The Sequence criteria work within different Groups. The Sequence criteria allow you to decide the priority for an object to be masked within a Group. For example – an object which has a Sequence value of 1 will be masked first, and so on for an infinite number of values. Manually, you may set as many sequences in a single group on both Standard and Custom Objects. 

  • Batch size

The Batch Size determines the number of records that should be processed in a single batch. You can set it from a minimum value of 1 to a maximum of 2000 records. 

  • Filter Criteria

You can use the Filter Criteria to filter records based on your own criteria. Everything that can fit into the SOQL WHERE clause can also fit into the Filter Criteria. Logical operators, Literals, LIMIT, and others can be utilized.

Here’s an example of how to mask all active Contacts with the record type of ‘Partner’ and where the Partner is based in the ‘United Kingdom’.



Step 4:
Save your changes

Click on ‘Save’. Likewise, you can create multiple records of object masking with different groups and sequences.

Field Masking

Step 4.1: Pick an Object

Click on the Object name for which the user wants to add Field masking. You will be redirected to the field masking component which allows adding multiple fields simultaneously.

Step 4.2: Choose Fields

Here users can select multiple fields at a time. Also, the user can specify the action which needs to be implemented for masking the field. To achieve this user

needs to select the fields by clicking the checkbox. Then further select ‘Action’,’ Replace with’, and ‘Replacing Value’.

Actions: – User can select two actions by clicking the dropdown –

1. Erase: To erase the field values.

2. Replace: To replace the field values with another value from the option provided by DataMasker.

If you select Erase, select the field from the dropdown list and click ‘Save’. This function is used to erase the field (e.g. name, number, email, address, etc.) 

Note – Never add mandatory fields under erase action.

If you select Replace, select one of the following further actions:

I. Random: Replace with randomized(autogenerated) text/string. 

II. Hardcoded: Replace with a hardcoded string.

III. Pattern: Replace with a custom list or Regex.

IV. Apex: Replace with specific characters.

Hardcoded Value: Hardcoded values are values where you can add any hardcoded text/string to replace the actual value with chosen one.

Select the field where you want to apply masking to and click ‘Save’. Repeat this until desired field maskings are set up.

Enter any String in the ‘Enter Value’ textbox field by which you want to hardcode the selected field. Make sure the value entered in the textbox is of the same data type of the field selected for masking.

In the following example, the output of the Account Description will be Hardcoded Value.

A Pattern – Custom List: – While selecting ‘Pattern – Custom List’ from further actions, choose the value by which you want to replace the selected field by using patterns. 

A Pattern – Custom List can be any combination of items or names from the default list or the lists created by the users.

Pattern – Regex:- While Selecting ‘Pattern – Regex’ from further actions, choose the value by which you want to replace the selected field by using patterns from your sandbox (e.g. email, phone number, etc.).

You can also add your own Masking Pattern.

Random:- While selecting ‘Random’ from further actions,  choose the field by which you want to replace the selected field with a Random text/string.

Apex:- While selecting ‘Apex’ from further actions, choose the field by which you want to replace the selected field with Apex texts/strings. For more information about Apex text strings, read this article.

After adding all fields, you can see a list of your field maskings as shown.

Formula Field:- The action ‘Formula Field’ is used to mask the records by formula field return values. Users can enter the API name of the Formula Field at the value in the Field Masking.

Initially, after post-install the action ‘Formula Field’ is hidden from the Data Masker field masking.

To use this action refer to the article – Data Masking by Formula Field.

Unique Checkbox– Unique functionality is used to create unique values for each field value that has been added into the field masking. User can check Unique checkbox in the Field Masking component to create unique values and after masking, the Data Masker will append the ID of that record next to the value.

Note – User can create Unique value for the fields with Text and Text area data types only.

After Masking with Unique Checkboc, the record value will append the User ID along with the value mapped by ‘Replace With’ action that makes the record value unique.

Middle Name and Suffix Fields- 

If the user wants to add a Middle name field and a Suffix field for masking, then two permissions need to be assigned to the user. 

Permissions –

  1. Enable Middle Names for Person Names
  2. Enable Name Suffixes for Person Names

Users can assign these permissions from ‘User Interface’. To assign those permissions follow the below path,

Setup -> Home -> User Interface ->Scroll Down and click on the ‘User Interface’ ->  Go to the section ‘Name Settings’

Users can check the two checkboxes and click on the Save button to assign these permissions as shown in the screenshot below.

Special Use Case – User Masking

Masking User records is considered one of the best ways to protect the personal information of org’s users. When utilized, Salesforce permanently scrambles the user’s object data and replaces it with random character strings. The user’s detail page exists, but all of its fields will contain meaningless strings of characters. Salesforce simply obfuscates or scrambles personal data because you can’t delete a user in Salesforce; you can only disable or deactivate a user. In other words, the user record still remains in the database, but this method performs a soft delete. This masking process does not work on Custom fields.

For further information on masking user record read this article.