<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:48:26 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-38264] Dynamic data masking at query time</title>
                <link>https://jira.mongodb.org/browse/SERVER-38264</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;OracleDB supports data redaction for data masking.&lt;/p&gt;

&lt;p&gt;Apache Ranger supports data masking for Hive.&lt;/p&gt;

&lt;p&gt;Is it possible to setup a filter function for a collection such that all query to this collection will have the returned records pass through this function for dynamic data masking ?&lt;/p&gt;

&lt;p&gt;This is an important feature when we need to prepare the data source for exploration by data scientists, but we cannot show them the sensitive data.&lt;/p&gt;

&lt;p&gt;Cloning the data for extra proprocessing for this purpose is too painful.&lt;/p&gt;</description>
                <environment></environment>
        <key id="638726">SERVER-38264</key>
            <summary>Dynamic data masking at query time</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="eric.sedor@mongodb.com">Eric Sedor</assignee>
                                    <reporter username="hake">Kevin Ha</reporter>
                        <labels>
                    </labels>
                <created>Tue, 27 Nov 2018 08:42:55 +0000</created>
                <updated>Thu, 3 Jun 2021 13:04:49 +0000</updated>
                            <resolved>Wed, 5 Dec 2018 18:03:31 +0000</resolved>
                                                                    <component>Querying</component>
                                        <votes>0</votes>
                                    <watches>10</watches>
                                                                                                                <comments>
                            <comment id="3857111" author="paul.done" created="Thu, 3 Jun 2021 13:04:49 +0000"  >&lt;p&gt;Also covered now in the Practical MongoDB Aggregations book in the chapter &quot;Mask Sensitive Fields&quot; at:&#160;&lt;a href=&quot;https://www.practical-mongodb-aggregations.com/examples/intricate-examples/mask-sensitive-fields.html&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://www.practical-mongodb-aggregations.com/examples/intricate-examples/mask-sensitive-fields.html&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3615149" author="paul.done" created="Sat, 13 Feb 2021 09:33:33 +0000"  >&lt;p&gt;In case it is useful,&#160; more examples of Data Masking in MongoDB are here: &lt;a href=&quot;https://pauldone.blogspot.com/2021/02/mongdb-data-masking.html&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://pauldone.blogspot.com/2021/02/mongdb-data-masking.html&lt;/a&gt;&#160;and&#160;&lt;a href=&quot;https://github.com/pkdone/mongo-data-masking&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/pkdone/mongo-data-masking&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3295878" author="george@qntify.co" created="Wed, 22 Jul 2020 04:08:35 +0000"  >&lt;p&gt;&lt;tt&gt;The new [$function|&lt;a href=&quot;https://docs.mongodb.com/master/reference/operator/aggregation/function/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/master/reference/operator/aggregation/function/&lt;/a&gt;] operator allows even more flexibility for this.&lt;/tt&gt;&lt;/p&gt;</comment>
                            <comment id="2074173" author="eric.sedor" created="Wed, 28 Nov 2018 16:39:30 +0000"  >&lt;p&gt;Hi Kevin, thanks for your patience. This sort of security is supported by MongoDB in a few ways. The most straightforward might be creating a &lt;a href=&quot;https://docs.mongodb.com/manual/core/views/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;View&lt;/a&gt; using &lt;a href=&quot;https://docs.mongodb.com/manual/reference/operator/aggregation/project/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;$project&lt;/a&gt;&#160;to omit sensitive fields.&lt;/p&gt;

&lt;p&gt;Then, you can offer read permissions for this collection to your data scientist users without offering read permissions to the backing collection.&lt;/p&gt;

&lt;p&gt;To explore this in more detail, we&apos;d recommend the &lt;a href=&quot;https://groups.google.com/group/mongodb-user&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongodb-user group&lt;/a&gt; or &lt;a href=&quot;https://stackoverflow.com/questions/tagged/mongodb&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Stack Overflow with the &lt;tt&gt;mongodb&lt;/tt&gt; tag&lt;/a&gt;. A question like this involving more discussion would be best posted on the mongodb-user group.&lt;/p&gt;</comment>
                            <comment id="2072542" author="hake" created="Tue, 27 Nov 2018 09:41:54 +0000"  >&lt;p&gt;Just got an idea:&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;MongoDB is opensourced.&lt;/p&gt;

&lt;p&gt;If I know which source files in the source code are responsible for touching the data right below the query layer,&lt;/p&gt;

&lt;p&gt;then maybe i can inject some code to check the required fields&apos; path/hierarchy for a query and add my data masking code,&lt;/p&gt;

&lt;p&gt;and then build my own customized version of MongoDB ?&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;If the above idea works then I can set up this customized MongoDB instance as a member of a production MongoDB replicaset,&lt;/p&gt;

&lt;p&gt;and let the data scientists only query this MongoDB which has the data masking code applied.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 27 Nov 2018 15:21:31 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 35 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>paul.done@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 35 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>eric.sedor@mongodb.com</customfieldvalue>
            <customfieldvalue>george@qntify.co</customfieldvalue>
            <customfieldvalue>hake</customfieldvalue>
            <customfieldvalue>paul.done@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hudpn3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hu3tw7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[eric.sedor@mongodb.com]]></customfieldvalue>
    

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hudbwf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>