how-to/9-conclusion

Conclusion

Clean up !

DROP EXTENSION anon CASCADE;

REASSIGN OWNED BY jack TO postgres;
REVOKE ALL ON SCHEMA public FROM jack;

REASSIGN OWNED BY paul TO postgres;

REASSIGN OWNED BY pierre TO postgres;

DROP DATABASE IF EXISTS boutique;

DROP ROLE IF EXISTS jack;
DROP ROLE IF EXISTS paul;
DROP ROLE IF EXISTS pierre;

Many Masking Strategies

• Static Masking

  perfect for \“once-and-for-all\” anonymization

• Dynamic Masking

  useful when one user is untrusted

• Anonymous Dumps

  can be used in CI/CD workflows

• Generalization

  good for statistics and data science

Many Masking Functions

• Destruction and partial destruction
• Adding Noise
• Randomization
• Faking and Advanced Faking
• Pseudonymization
• Generic Hashing
• Custom masking

RTFM -> Masking Functions

Advantages

• Masking rules written in SQL
• Masking rules stored in the database schema
• No need for an external ETL
• Works with all current versions of PostgreSQL
• Multiple strategies, multiple functions

Drawbacks

• Does not work with other databases (hence the name)
• Lack of feedback for huge tables (> 10 TB)

Also…

Other projects you may like

• pg_sample : extract a small dataset from a larger PostgreSQL database
• PostgreSQL Faker : An advanced faking extension based on the python Faker lib

Help Wanted!

This is a free and open project!

labs.dalibo.com/postgresql_anonymizer

Please send us feedback on how you use it, how it fits your needs (or not), etc.

This is a 4 hour workshop!

Sources are here: gitlab.com/dalibo/postgresql_anonymizer

Download the PDF Handout

Questions?

:::

:::

:::

:::

:::

:::

:

::: {.cell .code}

:::