Because Event log viewers may not have the same permissions as the Event log creator, it is sometimes necessary to obscure information and prevent accidental accessibility. Beginning in the 3.6 release, SightLane Data Policies enable teams to protect PII or other sensitive information that may be contained in Event logs.
Setting Up Data Policies
The first step to using Data Policies is to understand the Custom Metadata Type called "SightLane Data Policy." This governs the policies that will be applied to your SightLane Event logs. A Data Policy is either active or inactive and is automatically applied to all newly generated Event logs in the org. In other words, once it is turned on, all future Monitors will utilize the policy when generating new Events.
The following custom attributes describe a SightLane DataPolicy and govern runtime behavior and results.
Active - Determines whether the Data Policy will be applied to new Events. This attribute is NOT retroactive and policies are only applied to new Events.
Description - A text description of the purpose of the Data Policy.
Match Pattern - A RegEx expression describing text that should be masked. A full description of RegEx possibilities is (well) beyond the scope of this article, but it describes a text pattern to search for. Any instance of text that meets that pattern will have the data policy applied to it.
Privacy Pattern - An expression that describes the substitution pattern for the RegEx expression. It enables the SightLane admin to specify the characters involved in a Data Mask and the elements to be masked.
Type - Describes the type of Data Policy being applied. As of the 3.6 release, the only valid value is "Data Mask," but other types are expected in future releases.
Using Data Policies
As mentioned previously, active Data policies are applied to all Monitors (to all generated Events). To test a data policy, simply create any Event that contains the expected pattern. Type the following code into your Developer Console and execute it.
String ssn = '111-22-3456';
EventLogger logger = Logging.start('My Personal Info');
logger.log('Start Log...');
logger.log('My social security number is ' + ssn);
logger.reportToSightLane();
You will see that the resulting Event automatically replaces the social security number value with your designated Privacy Pattern.
Conclusion
With SightLane Data Policies, you can protect sensitive information no matter where it is at risk of exposure. Furthermore, it automatically applies to all future Events, whether for existing Monitors or newly created ones. This means you can implement new policies without touching any of your Flows or Apex code!
We're hungry for feedback on all our features, so if you think of something else Data Policies should do, email us at support@sightlane.com.