Add database views to the Baffle Privacy Schema (BPS)

A database view is a subset of a database that is based on a query that runs on one or more tables. Unlike ordinary database tables, a view typically does not have its own storage. Rather, the values are computed or collated dynamically from data in the database. 

Any database views that need access to decrypted values from base tables must be added to the Baffle Privacy Schema (BPS) configuration file. This has to be done manually, because Baffle Manager is unaware of all the views that may reference the encrypted tables.

 

Modify the BafflePrivacySchema for database views

This section demonstrates how to modify the BafflePrivacySchema file to add a database view so you can encrypt and decrypt data with the view.

IMPORTANT! Modifying the BPS file with the Configuration Editor is an advanced procedure that requires an understanding of the correct BPS structure and syntax. It is highly recommended that you use the Schema Selector if possible.

To add a database view to the BafflePrivaySchema file, do the following:

  1. Log in to Baffle Manager, click the Application icon in the left menu bar, then select the application for the BPS file that’s to be modified. Application details appear on the right.

    App_icon.png

  2. Select the Gear icon in the upper right corner, and then select Edit Configuration from the drop-down menu.

    BCC_EditConfiguration-option.png

     
  3. Select the Baffle Privacy Schema (BPS) on the left. The BPS TOML file appears on the right. If this is the first time you are specifying a BPS, the window on the right will look like it does in the following example.
    BPS_ConfigEditor-BPS.png
  4. For changes to column names in a view, map the name changes in the BPS, as shown in the following example. Otherwise, you can create a TOML format Baffle Privacy Schema for a table without any changes for a view.

    Note the change in the "name" field in the database.table.column section to match the view definition in this example.

    # TOML for encrypting FNAME, LNAME column in CUSTOMERS table
    [[database.table]]
       name = "CUSTOMERS"
       [[database.table.column]]
         name = "FNAME"
         type = "varchar"
         key = 2
         encMode = "fpe-alphanum"
         encType = "ENC_FPE"
         migrationStatus = "NONE"
         primaryKey = false
         nullable = true
         charset = "latin1"
         collation = "latin1_swedish_ci"
         precision = "8"
         unsigned = false
         zerofill = false
         [database.table.column.rbac]
           defaultPermission = "UNSPECIFIED"
       [[database.table.column]]
         name = "LNAME"
         type = "varchar"
         key = 2
         encMode = "fpe-alphanum"
         encType = "ENC_FPE"
         migrationStatus = "NONE"
         primaryKey = false
         nullable = true
         charset = "latin1"
         collation = "latin1_swedish_ci"
         precision = "8"
         unsigned = false
         zerofill = false
         [database.table.column.rbac]
            defaultPermission = "UNSPECIFIED"

    # TOML for decrypting a view on CUSTOMER table defined as SELECT FNAME as first_name, LNAME as last_name FROM CUSTOMERS;
    [[database.table]]
       name = "CUSTOMERS_VIEW"
       [[database.table.column]]
         name = "first_name"
         type = "varchar"
         key = 2
         encMode = "fpe-alphanum"
         encType = "ENC_FPE"
         migrationStatus = "NONE"
         primaryKey = false
         nullable = true
         charset = "latin1"
         collation = "latin1_swedish_ci"
         precision = "8"
         unsigned = false
         zerofill = false
         [database.table.column.rbac]
           defaultPermission = "UNSPECIFIED"
       [[database.table.column]]
         name = "last_name"
         type = "varchar"
         key = 2
         encMode = "fpe-alphanum"
         encType = "ENC_FPE"
         migrationStatus = "NONE"
         primaryKey = false
         nullable = true
         charset = "latin1"
         collation = "latin1_swedish_ci"
         precision = "8"
         unsigned = false
         zerofill = false
         [database.table.column.rbac]
           defaultPermission = "UNSPECIFIED"
  5. Copy and past your TOML format BPS into the BPS Configuration Editor window. 
  6. Choose one of the following options, then click Close Window.

    • Save to save the BPS changes without deployment.

    • Deploy the BPS changes without encryption.

    • Deploy & Migrate the BPS changes for encryption.
      You are returned to the Application page.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.