Edit Field Rules Tab

The Edit Field Rules tab is where fields are selected to be protected by CS:Govern. There are two ways to add a table to CS:Govern:

  • Click on the Add Tables Manually button in the lower left corner. This button will launch a dialog where you can pick one or more tables to add to CS:Govern.
  • Click on the Discover Sensitive Fields button in the lower left corner. This button will launch a dialog that searches Salesforce field meta data looking for all fields which have Compliance Categories and/or are marked as encrypted. Once the search is complete, the dialog will ask if fields it found should be added to CS:Govern.

Edit Rules for a Table

When a table is selected from the left section of the tab, a listing of all encryptable fields in the table will be displayed.  By definition an encryptable field is one that is NOT included in the following list of named fields:

  • Id
  • IsDeleted
  • SystemModStamp
  • LastModifiedDate
  • CreatedDate
  • LoginTime
  • SentDate

Additionally an encryptable field is one that does not exist outside of the primary CopyStorm database (in other words, it is not a partitioned field.  Click here to learn more about partitioned fields.)

To add additional fields to CS:Govern protection:

  • Check the box in the Govern Enabled column for the field. Note that upon saving these changes, an Encrypt Custodian will be generated, and only when those Custodians are run will the CopyStorm data actually be encrypted. For more information about Custodians refer to our Custodians article.
  • Select one or more Compliance Categories for the field by clicking on the Compliance Category cell.
  • Optionally change the masking rule assigned with the field. The Masking rule determines what a user will see for the field when they do not have permission to access unencrypted data.  For more information about masking rules refer to our Field Compliance Categories And Masking article.  For more information related to choosing an appropriate masking rule please refer to our Choosing A Masking Rule article.

To remove a field from CS:Govern protection:

  • Uncheck the box in the Govern Enabled column for the field.  Note that upon saving these changes, a Decrypt Custodian will be generated, and only when those Custodians are run will the CopyStorm data actually be decrypted. For more information about Custodians refer to our Custodians article.

Deploy CS:Govern Changes to Enable Protection

Once CS:Govern field rules have been modified in the editor, they must be pushed to the corresponding CopyStorm database in order for them to take effect.  The Save & Protect button writes pending changes to the database AND enables protection for the changes.

Note that upon saving these changes, Encrypt or Decrypt Custodian will be generated, and only when those Custodians are run will the existing CopyStorm data actually be encrypted or decrypted. Newly inserted or updated data will continue to be placed into the CopyStorm database using CS:Govern protection (if encrypted) or in its unmasked form (if no longer being CS:Govern protected.) For more information about Custodians refer to our Custodians article.

For completeness, the Undo Changes button will throw away unsaved changes and restore the editor to match what is currently stored in the CopyStorm database.  No Custodians are generated when this action is taken.