Data Mask Best Practices
We recommend that you mask fields that typically contain personally identifiable information (PII) or other sensitive data. These fields are a good place to start.
Required Editions
| Available in: Lightning Experience |
| Available in: Professional, Enterprise, Unlimited, and Developer Editions with the Salesforce Data Mask or Data Mask & Seed add-on licenses |
Note This content relates to Salesforce Data Mask. Read
about Accelerate and Anonymize in Own from Salesforce.
These Data Mask guidelines help you to implement features efficiently and securely while optimizing performance.
Guidelines
Example
- Create Data Mask configurations in production orgs. While Data Mask can’t run in your production org, install and configure it there so that your policies are easily manageable. When a sandbox is refreshed, Data Mask configurations are automatically pushed to the sandbox.
- To improve performance and manageability during masking processes, divide large objects into smaller configurations. Dividing them up helps to prevent row locking and traversal issues on complex objects. For example, objects such as Contact, Account, Case, and Opportunity with more than 20 million records, more than 400 custom fields, or thousands of parent-child relationships.
- Avoid executing resource-intensive actions such as large data loads or complex queries in sandboxes concurrently with Data Mask processes to prevent performance degradation.
- By using data filters to target subsets of records or new data consumption, you avoid redundant masking operations. This use case is especially helpful if Data Mask runs into a the limitation issue and only a few records remain unmasked.
- To ensure that all records are masked as planned, use the Dev Console to query them after running Data Mask. Querying records post-implementation validates the effectiveness of the masking process and ensures all targeted records are appropriately masked.
- Only mask the fields or objects that you need. Selectively masking only the fields and objects that contain sensitive data necessary for testing minimizes unnecessary processing and potential performance impacts.
- Only copy over data from production that you must test. Transfer and mask data from production environments selectively, focusing only on datasets essential for testing scenarios to streamline data masking efforts.
| Object | Example Configuration |
|---|---|
| Account |
|
| Contact |
|
Did this article solve your issue?
Let us know so we can improve!
