Managing Access Policy
Access policies are set of rules that define how the decrypted data will be revealed to the application users. Different users may want to reveal data differently. For example, user1 may want to reveal ciphertext and user2 may want to reveal masked value. These users are part of a user set. So, if the same user is part of different user sets, data reveal format will vary based on the access policy configured for that user set. Access policy acts different for different users sets. Each access policy has a default reveal format for the application users that are not part of any user set. The user set must be added in the priority order; the highest one is first and lowest is last. To know more about User Set, refer to Managing User Set.
Access Policies specify:
User Set: Contains the list of users who want to access data.
Reveal Format: Determines how the decrypted data will be revealed to application users. Following reveal formats are available:
Error Replacement Value: Client returns the
error_replacementvalue to the application users.
Ciphertext: Client returns the ciphertext to the application users.
Masked Value: Client first decrypts the data and then masks it and returns masked value to the application users.
Plaintext: Client decrypts data and returns the plaintext to the application users.
In this article you will learn how to: