Welcome to CASI Software - Innovations in Mainframe Information Delivery
Skip Navigation Links

Mask Sensitive Report Data WITHOUT Application Changes

With the need to protect sensitive data (SSNs, Account Numbers, logons/passwords, etc.) the JES2Mail (JES2FTP) powerful Report Processing Language (RPL) can remove or mask sensitive data before reports are delivered without changing your underlying application.

This example is a payroll register report. To distribute this to one who needs data from the report, but does not need to know employee names or employee numbers (SSNs), we can simply mask the relevant data using RPL. This is an image of the report as it is originally produced:


The following JES2Mail (JES2FTP) ruleset is used to mask both employee names and numbers: 

ID: PayReg1
To: &Userid;@&OurDomainName;
From: jes2mail@&OurDomainName;
Subject: Payroll Register
PackageType: PDF
PageSize: Letter
Orientation: Landscape
Font: Courier
FontSize: medium
Script: dd:Script

This ruleset packages the report as a PDF document and uses symbolic substitution for the addressing parameters.

"&Userid;" represents the user submitting the job and "&OurDomainName;" comes from parameters in the JES2Mail configuration file. More importantly, it specifies the script (DD:SCRIPT) which contains the following statements: 

)OnEachPage
Define(P1, pos)
P1 = LocateText("EMPL: ")            ; Find "EMPL:" on line
While (P1 != 0)                       ; Loop
    P1 = P1 + 0:6;                    ; Skip Over "EMPL: "
    UpdatePage(P1, 35,"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")   ; Erase
    P1 = P1 + 1:0 - 0:6;             ;Backup Column and go down 1 line
    P1 = LocateText("EMPL: ", P1, 99:132);      Find next on page
EndWhile
OutputPage()                          ; Output the page

This script searches for the literal EMPL: on each page of the report. It skips over 6 columns from that position and then masks the employee name number with Xs. Since there can be more than one employee on each page of the report, it uses a While loop to search the remainder of the page masking names/numbers until it finds no additional instances of the EMPL: literal. (Note: After locating an instance and masking data on one line of the report, the position variable is repositioned to the next line and back to the original column in order to find all instances of EMPL: on the page. Once the end of page is reached it outputs the page and is then ready for the next page of the report.

When the recipient opens the resulting PDF file, they see the following:

Now the names and employee numbers no longer appear. This same technique can be used for any report containing sensitive data.



© 2010 Computer Application Services, Inc. - All Rights Reserved