Secure Masking
With the Secure Masking feature, we offer you the ability to selectively restrict access to sensitive information within documents. This ensures that certain user groups can only view redacted versions of these documents.
The feature works through the intelligent extraction of document content. Based on defined rules or the use of artificial intelligence (AI), sensitive information is detected and automatically redacted. This applies to both the document preview and downloaded files. Users restricted by the Secure Masking configuration will receive only the redacted version of the documents.
Info
This feature is part of the Compliance Feature Bundle and must be licensed separately!
Currently, Secure Masking only supports PDF files. Other file formats are not yet supported.
Although the masking process is technically complex, it does not affect usability thanks to optimized performance measures. However, downloading and viewing may take longer depending on the document.
Setting Up the Feature
In Business Central, navigate to the Compliance Setup page. There you will find the option to open the Secure Masking List. You can create multiple setups – for example, one for redacting bank data and another for customer data.
| Configuration | Description |
|---|---|
| Setup Name | Unique name of the masking setup |
| Setup Description | Description of the setup’s intended use |
| Document Intelligence Service | A CORE AI service is required for document analysis. If no service is available, you can switch to the CORE AI Service list via “Select from Full List” and create a new service. This field is mandatory. |
| Masking Type | Selection of masking type: Regex Rules (rule-based) or Intelligent Masking (AI). See more details below. |
| Active | Activates or deactivates the setup without deleting it |
| Masking User Group | A Document Central User Group is defined here. Only members of this group will have access to redacted versions of the documents. |
Masking Types
With Regex Rules, you create targeted rules to redact specific content. These are configured in the “Secure Masking Rules” list section.
| Configuration | Description |
|---|---|
| Rule Description | Short description of the rule |
| Rule Input Data | Selection of the data source in the document: – Field-Value: Extracted value – Field-Key: The field’s key/identifier – Paragraph: Full text sections |
| Regex Pattern | Regular expression to identify sensitive data |
Example
- Rule Description: Identify bank details
- Input Data: Field-Value
- Regex Pattern:
\bDE\d{20}\b(IBAN pattern for German bank accounts)
Note
This method is especially precise but requires technical expertise in creating regex patterns.
Intelligent masking is based on artificial intelligence and is particularly easy to set up. The contents of a document are analyzed via a CORE Azure AI Service to automatically detect sensitive information.
| Configuration | Description |
|---|---|
| AI Service | Selection of a configured CORE – Azure AI Service |
| Custom Prompt | Optional text field for fine-tuning the analysis: Specify here which types of information should be classified as sensitive (e.g., “personal data, bank account numbers, medical diagnoses”). If this field is disabled, the analysis will be based on OpenAI’s standard definition of sensitive information, which includes, among others: banking details, personal identification numbers, identity documents, etc. |
Note
The AI-based method is more flexible but may be less consistent than fixed regex rules.
Summary
Secure Masking is a powerful tool for ensuring data protection and compliance. It allows companies to effectively protect sensitive information – both when viewing and downloading documents. By combining rule sets and AI-based detection, the feature offers maximum flexibility while ensuring high data security.