Install and Configure Salesforce Data Mask

Now that you know your options for securing sandbox data, let's walk through how to install, configure, and use Data Mask. To install and use the Data Mask managed package in your production org, you must enable certain features in your production org and specify user permissions. Refer to Salesforce Help for details. Then, follow the standard process for installing a managed package. Once the package is installed, Salesforce automatically upgrades the package with new features and bug fixes.

After you install the managed package in your production org, launch Data Mask. When the application opens, you can choose a previously saved masking configuration or start from scratch.

You can configure the masking in one of two ways. Configure it in production, then when a sandbox is created or refreshed, the configuration appears in the sandbox. Or, configure the masking in an existing sandbox.

Give the mask a name, API name, and description. Then, you can choose whether to mask case comments or delete all emails and Chatter feeds.

After you set the general configuration options, choose which data to mask. From the list of all standard and custom objects in your production org, select all objects that contain sensitive data.

For each object you select, configure the masking rules for each of its fields.

• Replace with Random Characters or Numbers—Replaces sensitive data with random characters or numbers that are readable, but not recognizable. If replacing data with random numbers, specify and minimum and maximum value for the field.
• Replace from Library—Replaces sensitive data with random but recognizable data using one of these libraries that you choose:
  • First Name
  • Last Name
  • Company Name
  • Email
  • Street
  • City
  • Country
  • Country (Abbr.)
  • State
  • Postal Code
  • Phone Number
  • Social Security Number
• Delete—Deletes sensitive data entirely, leaving an empty data set.

Important

Checkbox, lookup, and picklist field types aren’t supported.

When configuration is complete, you can start to mask your sandbox data. Run the mask each time you want to replace or delete the data in your sandbox.

1. From the Data Mask Home tab of your sandbox, click the dropdown arrow for the masking configuration you want and select Run.
2. Monitor the progress of a run by viewing the status message in the list view for the mask job that is running.
3. To verify that the records are properly masked, manually spot check your sandbox data. Then you can grant more users access to the sandbox.

To see more information about the masking process for each job, refer to the Masking Execution Logs tab in Data Mask.

Once installed and configured, Data Mask lets you configure data masking to meet your security requirements for sensitive data in your sandbox orgs. You can be confident that users accessing your sandbox org for testing or development don’t have access to sensitive data and that your org complies with privacy regulations.