![](https://www.iri.com/blog/wp-content/uploads/2024/07/Featured-image-Oracle-TLS-support-730x350.png)
Oracle TLS Support
To configure both JDBC and ODBC to support the Transport Layer Security (TLS) protocol, there are additional configuration steps that are needed when compared to this previous article. Read More
To configure both JDBC and ODBC to support the Transport Layer Security (TLS) protocol, there are additional configuration steps that are needed when compared to this previous article. Read More
Since SQL Server has changed the functionality and default behavior of their driver, this article will go over the basic ODBC and JDBC connections required for the IRI software backend (CoSort SortCL engine in Voracity) and job design front-end (IRI Workbench, respectively, to Microsoft SQL Server databases on-premise or in the cloud which use encrypted connections. Read More
IRI Voracity is a data management platform that we have previously talked about at some length. It offers capabilities for data integration, data governance, data masking, test data management, data quality, data cleansing, data migration, and so on (and on, and on). Read More
To help you learn where sensitive data is across the enterprise — and comply with the requirements of data privacy laws like the GDPR and DPDP Act — the IRI DarkShield data classification, discovery, and masking product records the search annotations and masking results for all the types of PII (data classes) it finds and obfuscates. Read More
Introduction: In past articles we have discussed the Data Class & Rules Library and how it can be used in the two IRI FieldShield data discovery and classification job wizards: Schema Data Class Search and Directory Data Class Search. Read More
The Schema Data Class Search wizard in the IRI Workbench GUI for FieldShield configures data discovery (search) jobs for PII or other data in relational database schemas. Read More
Editor’s Note: This article is part of a series of articles on using IRI DarkShield to find and mask personally identifiable information (PII) and other sensitive data in structured, semi-structured, and unstructured data sources. Read More
IRI DarkShield is a sensitive data masking tool for PII in databases, images, and files. It is called “dark” shield because it provides data privacy for what Gartner defines as “dark data.” Read More
Editor’s Note: This article addresses the migration of data class information between older and newer versions of the IRI Workbench graphical IDE for Voracity data management platform software and its component products. Read More
Abstract: HIPAA, GDPR, DPDP, CCPA, FERPA, and other data privacy laws require that personally identifiable information (PII) and related data considered sensitive be protected from disclosure or discovery. A list of sensitive items made up of PII can be abstracted into easy-to-understand groups — what IRI calls Data Classes — to produce groupings of PII such as emails, names, phone numbers, etc.
In this article, Data Classes and the Data Class & Rule Library are discussed in depth. It covers how Data Classes and (data masking) Rules are defined and stored inside the IRI Workbench Data Class & Rules Library. Once inside, that information can be accessed by IRI Voracity job-building wizards for NextForm, FACT , RowGen, FieldShield, and DarkShield — as well as the FieldShield Schema Data Class Search or Directory Data Class Search wizards.
Note that a Data Class & Rules Library is different from a Data Class Map, which would be the final product of a Schema Data Class Search or Directory Data Class Search wizard. Those wizards use a Data Class & Rules Library to perform data classification (data discovery), and produce a Data Class Map of rules to fields in RDB tables or flat files (which is then used in FieldShield data masking wizards).
Editors Note: The information in this article supersedes earlier documentation on data class creation in IRI Workbench versions downloaded prior to December 2023. To migrate the data classes you may now have stored in IRI preferences to this new, improved framework, see this article.
Depending on who you ask, the meaning of data classification may differ. At IRI, data classification refers to the act of defining and cataloging specific types of data – like email addresses, ID numbers, and company names – into unique, abstract categories of data called Data Classes, based on certain attributes or uses.
IRI considers data classification to be another important aspect of data governance because it is integral to data discovery, data security (via data masking), data quality, intelligent test data synthesis, and data catalog projects. The classes of data you define and associate with data rules per this article are either required or optional aspects of the IRI Voracity platform software products mentioned below.
Data classes and data (masking) rules are created and stored in an IRI Workbench project file called the IRI Data Class and Rule Library. Every new IRI Project created in IRI Workbench comes with an XML library file with the extension .dcrlib and a set of default classes and rules you can change.
Every IRI FieldShield or IRI DarkShield Job requires at least one Data Class in its project library. If you will use data classes in RowGen test data, NextForm data migration, or Voracity ETL, data quality, or Ripcurrent jobs, you will also need to define at least one data class, too.
Library Form Editor
To create, edit, and remove Data Classes and Rules, you must use the IRI Library Form Editor. The IRI Library Form Editor provides a non-modal graphical user interface that allows for the configuration of the IRI Data Class and Rules Library.
To open the IRI Library Form Editor, double-click on the iriLibrary.dcrlib file inside your project folder. This in turn opens the respective form editor attached to the iriLibrary.dcrlib file inside Workbench as a non-modal wizard page.
In the form editor, you can add Data Class Groups, Data Classes and their associated Search Matchers and default Rule, and also Rules not associated with any of the Data Classes. These unassigned Rules can later be used to overwrite the default Rule assigned to each Data Class.
Data Classes provide convenience, consistency, and the ability to support the needs of data architects and governance teams by providing a more granular level of control on what is considered, discovered, and treated as PII. Data Classes consist of Search Matchers, a default Rule, and RDB Column Type filters (only applicable to Relational Databases).
By default when a new IRI Project is created, a Data Class and Rules Library comes preloaded with several data classes and assigned Rules. They are provided for convenience, and should be reviewed and modified to suit your requirements.
To add a new Data Class to the library, double click the green tag at the top of the form editor to start creating a Data Class. After clicking the green tag, a page will appear to prompt the user with a unique name for the Data Class you are creating.
Note that there can not be multiple Data Classes with the same name. Click Ok and a new Data Class should populate the library.
For example:
A Data Class Group is a container for a group of data classes. Each Data Class Group can have a default Rule assigned by the user.
By assigning a default Rule to a Data Class Group, any Data Classes within a Data Class Group that have no default Rule assigned will instead inherit the default Rule of the parent Data Class Group. Otherwise, if the Data Class in a Group has a default Rule, that Rule will be used instead of the Data Class Group’s default Rule. Grouping Data Classes together can also be useful for categorization and logging purposes.
Another optional feature of Data Class Groups is the ability to further categorize Data Classes according to their level of sensitivity. Sensitivity level groups are Data Class Groups with an assigned priority level. Higher priority groups typically have more restrictive masking functions assigned to them.
Because only one Data Class can be matched to a given element of PII, the sensitivity level of a Data Class Group determines the order in which a Data Class that may be in a different group (using different masking rules) can perform its matching and masking operation against incoming data. Where two Data Classes with the same name and search matchers but different masking functions are defined, the sensitivity level should dictate which masking function takes priority.
In the example below, the License_Plate_Number data class might be found in both Proprietary and Sensitive groups. Sensitive is the higher priority sensitivity level group, so in this case the redaction rule would be applied even though the License_Plate_Number was also part of the Proprietary group which had a default encryption rule assigned.
To create a Data Class Group, double click on the multi green tag icon. From the pop up screen, provide a unique name for the object and indicate if you wish to have Sensitivity Levels generated inside the Group object. Lastly, click OK to finalize and generate a new Data Class Group.
Privacy Law Groups are pre-populated Data Class Groups that provide a launching board for business rules to adhere to different privacy law requirements. These privacy law groups have pre-populated data classes, search matchers, and masking functions.
Again, though there are out-of-the-box data classes, search matchers, and masking rules for laws like the GDPR, these specifications are provided for convenience, and may or may not identify every element or conform to your specific data protection requirements. Read more “PII Data Class & Rule Library in IRI Workbench” →
MariaDB and MySQL are relational databases that follow the same connection paradigm for running SortCL-powered data manipulations in Voracity component jobs designed in IRI Workbench. Read More