Skip to content

Expunge Policy#

This policy works on look-up principle and removes the sensitive information such as username/email id. Such information is moved into a quarantine folder.

This policy supports scan for JDBC, FileSystem and No-SQL applications.

The Expunge policy has the following fields:

  • Name: This field indicates name of Expunge Policy.

  • Type: This field indicates type of policy.

  • Alert Level*: This field indicates alert level: High, Medium or Low.

  • Description: This field indicates description for Expunge Policy.

  • Status: This field indicates the status of policy i.e. enable/disable. By default it is disable.

  • Application: This field indicates the name of application.

  • Lookup File Location: Resource files records are looked up against the fields given in the lookup file. If the tag is matched, then the value of the field in the resource file will be encrypted. Ensure that the header of the lookup file must be the header of the tag to be searched.

  • Quarantine Location: This field indicates location where the input file containing the records which are removed.

  • Archive Location: This field indicates location where a copy of the input file is kept before any tagged records are expunged from it.

  • Search for tags: In this field, policy will find the data based on added tags.

  • Auto Run: If Auto Run is enabled, then the Expunge Policy is executed after a given interval of time.

Here is an example of the Expunge Policy:

  • Lookup File Location: In this field, add the .csv file and it should include which sensitive data need to expunge from resources based on tags. For example: File name is input.csv file with EMAIL tag (sample@gmail.com). Now, while scanning if “sample@gmail.com” tagged with EMAIL tag then this row will be expunged/removed.

Consider the following:

  1. The following test_file.csv is added in the data zone.

    We have added Search for as EMAIL tag.

  2. Next, the scheduler will be triggered and system will apply the Expunge policy on the resource (test_file.csv) which we have attached to the Data Zone.

  3. After applying the Expunge policy, the row 'alex' will be moved to the specified Quarantine Location.

  4. Now, the final test_file.csv will not have the row with 'alex'. The Expunge policy will remove the entire row from the test_file.csv.


Last update: July 23, 2021