ANO Tasks Overview
Goal
An ANO Tasks consists of two levels:
- Task Groups - top level
- Work Tasks - Secondary level
Task Groups are collections of Work Tasks. Work Tasks are collections of anonymization rules. A Work Task points to a specific table. A rule within points to a specifc column.
Work Task Types
Considerations
- Task Groups can be nested
- Work Tasks can not be nested
- Work Task can be run by Task Group name or by Work Task name
- Naming two Tasks the same renders them indistinguishable when running
- Two Tasks of the same name will both be run when a Task is run by name
- The order of Tasks run is the same as the order of the Tasks in the ANO file
ANO Structure
- Structure
- Nested Task Groups
task <TaskGroupName>
{
update <table> <WorkTaskName>
mask <column> <RuleName>
<rule-logic>
randomize <column> <RuleName>
<rule-logic>
shuffle <column> <RuleName>
<rule-logic>
create <table> <WorkTaskName>
mask <column> <RuleName>
<rule-logic>
mask <column> <RuleName>
<rule-logic>
mask <column> <RuleName>
<rule-logic>
}
task <TaskGroup2Name>
{
...
}
task <TaskGroupName>
{
task <NestedTaskGroupName>
{
update <table> <WorkTaskName>
mask <column> <RuleName>
<rule-logic>
randomize <column> <RuleName>
<rule-logic>
shuffle <column> <RuleName>
<rule-logic>
}
create <table> <WorkTaskName>
mask <column> <RuleName>
<rule-logic>
mask <column> <RuleName>
<rule-logic>
mask <column> <RuleName>
<rule-logic>
}
Work Task Types
A Work Task is organized by database table. The Work Task type defines what kind of Rules can be applied.
Each Rule in a Work Task applies to one of the columns of a table.
Work Tasks can adhere to table constraints such as
- Foreign keys using
propagateordistribute - Unique keys using the
uniquekeyword - Cross-database anonymizations using
map
- Update
- Create
- Delete
- Erase
update lets you write Rules that anonymizes (changes or replaces) the values in table columns.
The same anonymizations can be applied to columns of child tables (i.e., using foreign keys).
See update for more details.
Use Cases
This is the standard way of anonymizing the data of an entire database for testing and development purposes.
Common implementation strategy:
- Dump the whole database from production to development environment
- Do update Work Tasks to anonymize sensitive columns in development environment
- Grant developers and testers access to the anonymized data in the development database
create lets you write Rules to insert rows of synthetic data, and also create rows for child tables that are linked together by foreign keys.
See create for more details.
Use Cases
If the organization does not allow production data to be copied into testing and development environments, you may want to create synthetic (or fake) data for the testing and development databases.
With the create type Work Task, you can insert rows into database tables with sample data and also create records for child tables that are linked together by foreign keys.
delete lets you write Rules to delete rows from existing data-sources, and also delete data .
See create for more details.
Use Cases
When creating a test or development environment, it is often necessary to perform a full copy of the production database in order to acquire a proper data set. This may result in a data set that is too large and unmanageable, often requiring an analysis of the data content and structure to delete data in order to shrink the database size. This is often called database subsetting.
With the create type Work Task, you can insert rows into database tables with sample data and also create records for child tables that are linked together by foreign keys.