Secure Masking
With Secure Masking, we offer you the ability to specifically restrict access to sensitive information within documents. This ensures that certain user groups can only view redacted versions of these documents.
The feature works through the intelligent extraction of document content. Based on defined rules or by using artificial intelligence (AI), sensitive information is identified and automatically redacted. This applies to both the document preview and downloaded files. Users who are restricted according to the configuration of Secure Masking will only receive the redacted version of the documents.
Info
This feature is part of the Compliance Feature Bundle and must be licensed separately!
Currently, Secure Masking only supports PDF files. Other file formats are not currently considered.
Although the masking process is technically complex, it does not impair user-friendliness thanks to optimized performance measures; however, downloading and viewing may take longer depending on the document.
Setting Up the Feature
Navigate to the Compliance Setup page in Business Central. There you will find the option to open the Secure Masking List. You can create multiple setups – for example, one for redacting bank data and another for customer data.
| Configuration | Description |
|---|---|
| Setup Name | Unique name of the masking setup |
| Setup Description | Description of the purpose of the setup |
| Document Intelligence Service | A CORE AI service is required for document analysis. If no service is available yet, you can switch to the CORE AI Service list via "Select from Full List" and create a new service. This field is mandatory. |
| Masking Type | Selection of the masking type: Regex Rules (rule-based) or Intelligent Masking (AI). For more details, see below. |
| Active | Activates or deactivates the setup without deleting it |
| Masking User Group | Here, a Document Central User Group is defined. Only members of this group will have access to the redacted versions of the documents. |
Important
If a user is listed in multiple setups, only the first found setup will be selected. It is not possible to execute multiple setups sequentially per document. Therefore, ensure that you assign unique users to each setup. Otherwise, only the first found setup will be used.
Masking Types
With Regex Rules, you create targeted rules for redacting specific content. These are configured in the list section "Secure Masking Rules".
| Configuration | Description |
|---|---|
| Rule Description | Short description of the rule |
| Rule Input Data | Selection of the data source in the document: – Field-Value: Extracted value – Field-Key: The key/identifier of the field – Paragraph: Complete text sections |
| Regex Pattern | Regular expression for identifying sensitive data |
Example
- Rule description: Recognize bank account information
- Input Data: Field-Value
- Regex Pattern:
\bDE\d{20}\b(IBAN pattern for German bank accounts)
Note
This method is particularly precise but requires technical know-how in creating the regex patterns.
Intelligent masking is based on artificial intelligence and is particularly easy to set up. The contents of a document are analyzed via a CORE Azure AI service to automatically identify sensitive information.
| Configuration | Description |
|---|---|
| AI Service | Selection of a configured CORE – Azure AI service |
| Custom Prompt | Optional text field for fine-tuning the analysis: Indicate here which types of information should be classified as sensitive (e.g., "Personal data, account numbers, medical diagnoses"). If this field is disabled, the analysis will be based on a standard definition of sensitive information by OpenAI. This includes, among others: bank data, personal identification numbers, identification data, etc. |
Note
The AI-based method is more flexible but may be less consistent than strictly defined regex rules.
Summary
Secure Masking is a powerful tool for compliance with data protection and compliance regulations. It enables companies to effectively protect sensitive information – both when viewing and downloading documents. By combining rule sets and AI-supported detection, the feature offers maximum flexibility while ensuring high data security.