Data Discovery API
Classify API.
Running the sample application
A sample application to use Developer Edition.
In the Developer Edition, a user uploads a file using the sample application, which is processed by the Data Discovery container. The containers detect sensitive data. A Python module then redacts, masks, or protects and unprotects the data. The sanitized file is saved to a configured location. For more information about the sample application, refer to Sample application.
Use the steps provided here to run the application end-to-end. If required, run the APIs and functions provided for performing specific tasks. For more information about the identification APIs, refer to Data Discovery API.
Running the applications
Applications are provided out-of-the-box to test and understand the capabilities of Developer Edition.
Running the sample find application
Open a command prompt.
Navigate to the directory where Developer Edition is cloned.
Run the sample application using the following command.
python samples/sample-app-find.pyView the output of the files processed on the screen. The output displays a list of sensitive items in the source file.
- View the processed output file in the output directory.
Running the sample find and redact application
Open a command prompt.
Navigate to the directory where Developer Edition is cloned.
Run the sample application using the following command.
python samples/sample-app-find-and-redact.pyView the output of the files processed on the screen. The output displays a list of sensitive items in the source file. It also displays the location and name of the output file with the redacted output.
- View the processed output file in the output directory.
Running Semantic Guardrail
- Open a command prompt.
- Navigate to the directory where Developer Edition is cloned.
- Run the following command to test Semantic Guardrail. The following command submits a multi-turn conversation for analysis. One for semantic and a second one for PII processing.
python semantic-guardrail/sample-guardrail-python.py
Running the sample find and protect application
Ensure that the required credentials are obtained and environment variables specified, using the steps from Optional - Obtaining access to the Developer Edition API Service.
Open a command prompt.
Navigate to the directory where Developer Edition is cloned.
Run the sample application using the following command.
python samples/sample-app-find-and-protect.pyView the output of the files processed on the screen. The output displays the protected data and unprotected data.
View the processed output file in the output directory. The
samples/sample-data/output-protect.txtfile is generated with the protected, that is tokenized-like, values.To obtain the original data, run the following command.
python samples/sample-app-find-and-unprotect.pyThis reads the
samples/sample-data/output-protect.txtfile and produces thesamples/sample-data/output-unprotect.txtfile with original values.
Running the script for protecting data
The sample-app-protection.py showcases the various scenarios for protecting, unprotecting, and reprotecting data.
Understanding Users and Roles
The users and roles are built-in for impersonate testing. Leverage any of the preconfigured users to showcase Protegrity’s Role-Based Access Controls. Using a different user will result in distinct views over sensitive data. Some users will only be able to protect data but will not be able to reverse the operation. Some users will only be able to re-identify selected attributes.
To use any of the roles, simply pass the chosen value to the payload in the user attribute during the protect or unprotect operation. If the user is not specified, the request will default to superuser.
The following roles and users have been configured and are available for use:
| Role | User | Description |
|---|---|---|
| ADMIN | admin, devops, jay.banerjee | The role can protect all data but cannot unprotect. Upon an unprotection attempt they will be displayed protected values. |
| FINANCE | finance, robin.goodwill | The role can unprotect all PII and PCI data. The role cannot protect any data. When attempting to unprotect data without authorization, they will be displayed nulls. |
| MARKETING | marketing , merlin.ishida | The role can unprotect some PII data that is required for analytical research and campaign outreach. When attempting to unprotect data without authorization, they will be displayed nulls. The role cannot protect any data. |
| HR | hr , paloma.torres | The role can unprotect all PII data but cannot view any PCI data. When attempting to unprotect data without authorization, they will be displayed nulls. The role cannot protect any data. |
| OTHER | superuser | The role can perform any protect and unprotect operation. The role has been made available for testing only – we strongly advise against creating superuser roles in your environments. |
Additionally, you may type in any user name to simulate unauthorized user behavior.
Understanding the Data Elements
A list of supported data element is provided here. For a mapping of the Data Element and the Entity Type, refer to Supported Sensitive Entity Types.
| Name | Description |
|---|---|
| name | Protect or unprotect name of a person |
| name_de | Protect or unprotect name of a person in the German language |
| name_fr | Protect or unprotect name of a person in the French language |
| address | Protect or unprotect an address |
| address_de | Protect or unprotect an address in the German language |
| address_fr | Protect or unprotect an address in the French language |
| city | Protect or unprotect a town or city |
| city_de | Protect or unprotect a town or city name in the German language |
| city_fr | Protect or unprotect a town or city name in the French language |
| postcode | Protect or unprotect a postal code with digits and characters |
| zipcode | Protect or unprotect a postal code with digits only |
| phone | Protect or unprotect a phone number |
| Protect or unprotect an email | |
| datetime | Protect or unprotect all components of a datetime string date, month, year, and time |
| datetime_yc | Protect or unprotect a datetime string. Year will be in clear. |
| int | Protect or unprotect a 4-byte integer string |
| nin | Protect or unprotect a National Insurance Number UK |
| ssn | Protect or unprotect a Social Security Number US |
| ccn | Protect or unprotect a Credit Card Number |
| ccn_bin | Protect or unprotect a Credit Card Number. Leaves 8-digit BIN in the clear. |
| passport | Protect or unprotect a passport number |
| iban | Protect or unprotect an International Banking Account Number |
| iban_cc | Protect or unprotect an International Banking Account Number. Leaves letters in the clear. |
| string | Protect or unprotect a string |
| number | Protect or unprotect a number |
| text | Protect or unprotect text using encryption |
Testing the sample file
Ensure that the required credentials are obtained and environment variables specified, using the steps from Optional - Obtaining access to the Developer Edition API Service.
Open a command prompt.
Navigate to the directory where Developer Edition is cloned.
Protect data using the following command.
python samples/sample-app-protection.py --input_data "John Smith" --policy_user superuser --data_element name --protectUnprotect the data obtained from the earlier step using the following command.
python samples/sample-app-protection.py --input_data "<protected_data>" --policy_user superuser --data_element name --unprotectView the protected and unprotected output.
Encrypt data using the following command.
python samples/sample-app-protection.py --input_data "John Smith" --policy_user superuser --data_element text --encDecrypt the data obtained from the earlier step using the following command.
python samples/sample-app-protection.py --input_data "<encrypted_data>" --policy_user superuser --data_element text --decView the encrypted and decrypted output.
Use the help command for more information about using the sample file.
python samples/sample-app-protection.py --help
Additional use cases for user role behavior for data protection
This section demonstrates the expected behavior of various user roles when running the sample-app-protection.py. Each section describes the permissions and restrictions for a role, followed by example commands and their outputs.
ADMIN
Users: admin, devops, jay.banerjee
This role can protect all data but cannot unprotect. When attempting to unprotect, protected values are displayed.
python sample-app-protection.py --input_data "4321567898765432" --policy_user admin --data_element ccn --protect --unprotect
Protected Data: 2839874358655598
Unprotected Data: 283987435865559
python sample-app-protection.py --input_data "4321567898765432" --policy_user devops --data_element ccn --protect --unprotect
Protected Data: 2839874358655598
Unprotected Data: 283987435865559
python sample-app-protection.py --input_data "4321567898765432" --policy_user jay.banerjee --data_element ccn --protect --unprotect
Protected Data: 2839874358655598
Unprotected Data: 283987435865559
FINANCE
Users: finance, robin.goodwill
This role can unprotect all PII and PCI data. The role cannot protect any data. When attempting to unprotect data without authorization, the value Null is displayed.
python sample-app-protection.py --input_data "Protegrity$" --policy_user finance --data_element name --protect
Error: 3, The user does not have the appropriate permissions to perform the requested operation.
python sample-app-protection.py --input_data "Protegrity$" --policy_user robin.goodwill --data_element name --protect
Error: 3, The user does not have the appropriate permissions to perform the requested operation.
python sample-app-protection.py --input_data "1998/10/11" --policy_user finance --data_element datetime --unprotect
Unprotected Data: None
python sample-app-protection.py --input_data "1998/10/11" --policy_user robin.goodwill --data_element datetime --unprotect
Unprotected Data: None
MARKETING
Users: marketing, merlin.ishida
This role can unprotect some PII data that is required for analytical research and campaign outreach. The role cannot protect any data. When attempting to unprotect data without authorization, the value Null is displayed.
python sample-app-protection.py --input_data "Washington, D.C." --policy_user marketing --data_element city --protect
Error: 3, The user does not have the appropriate permissions to perform the requested operation.
python sample-app-protection.py --input_data "Washington, D.C." --policy_user merlin.ishida --data_element city --protect
Error: 3, The user does not have the appropriate permissions to perform the requested operation.
python sample-app-protection.py --input_data "DnZQHKcpVJ, J.G." --policy_user marketing --data_element city --unprotect
Unprotected Data: Washington, D.C.
python sample-app-protection.py --input_data "DnZQHKcpVJ, J.G." --policy_user merlin.ishida --data_element city --unprotect
Unprotected Data: Washington, D.C.
HR
Users: hr, paloma.torres
This role can unprotect all PII data but cannot view any PCI data. The role cannot protect any data. When attempting to unprotect data without authorization, the value Null is displayed.
python sample-app-protection.py --input_data "John Doe" --policy_user hr --data_element name --protect
Error: 3, The user does not have the appropriate permissions to perform the requested operation.
python sample-app-protection.py --input_data "John Doe" --policy_user paloma.torres --data_element name --protect
Error: 3, The user does not have the appropriate permissions to perform the requested operation.
python sample-app-protection.py --input_data "CIF123654987" --policy_user hr --data_element passport --unprotect
Unprotected Data: None
python sample-app-protection.py --input_data "CIF123654987" --policy_user paloma.torres --data_element passport --unprotect
Unprotected Data: None
OTHER
User: superuser
This role can perform any protect and unprotect operation. The role is only made available for testing. It is strongly advised against creating superuser roles in an environment.
python sample-app-protection.py --input_data "4321567898765432" --policy_user superuser --data_element ccn --protect --unprotect
Protected Data: 2839874358655598
Unprotected Data: 4321567898765432
Semantic Guardrail APIs
Using the Semantic Guardrail API
Application Protector Python APIs
The various APIs of the AP Python
Feedback
Was this page helpful?