Skip to main content

Mask sensitive data in custom fields

Zuora

Mask sensitive data in custom fields

  1. Last updated
  2. Save as PDF

Zuora allows you to mask data stored in custom fields on custom objects to enhance security for sensitive information such as personal identifiers or financial details. Unauthorized users cannot view masked data through the Zuora UI or API.

Data masking is different from data encryption. For more information about data encryption in Zuora, see Zuora Protect.

Prerequisites

  • The Zuora Protect feature is enabled in your tenant.
  • You must have the Sensitive Data Management user permission. For more information about platform user permissions, see Platform roles.
  • Ensure that the data to mask is stored in a text custom field on a custom object. You cannot mask data of other types or data stored on standard objects.

Mask a custom field

To mask a custom field that stores sensitive information, perform the following steps:

  1. Click the object name in the Custom Objects section in the left navigation menu. The custom object detail page opens.
  2. Click Edit Object Definition.
  3. Click the Create icon icon-create.png to create a new custom field or click the Edit icon icon-edit-gray.png to edit an existing text custom field.
  4. If creating a new custom field, select Text from the Field Type list and specify other settings accordingly. For more information, see Custom field types and settings.
  5. Configure data masking settings:
    1. Toggle on Mark as Sensitive.
    2. Select a mask type from the Mask Type list:
      • Fixed Mask: Masks the entire field regardless of the character length. Select this type if the data is highly sensitive and does not need identification or a lookup by unauthorized users.
        Suppose that the value is 12345678. Unauthorized users will see ******** through the UI or API.
      • Variable Mask: Masks the first few characters of the value. Other characters of the value are visible to anyone. Select this type if the data needs partial identification or to be looked up by users, such as support agents, for mapping customer information.
        See step c for specifying the mask length.
    3. If you select Variable Mask type in the last step, enter a mask length in the Mask Length field. It indicates the number of characters that will be masked from the beginning of the value.
      For example, if the mask length is 5, the first five characters of the field value will be masked while other characters will be visible. Suppose that the value is 12345678. Unauthorized users will see *****678 through the UI or API.
  6. Click Save & Close or Save depending on whether you are creating a new field or editing an existing one.

Enable users to view masked data

Add the Sensitive Data Access permission for users who need to view masked data. When users get permission, they can view masked data through the Zuora UI or API.

For more information about platform user permissions, see Platform roles.