GDPR support to protect access to entity attributes


Given GDPR constraints and consideration, it would be great that Outsystems could support this natively.

This could be done in a way that entity attributes could be marked as sensitive data (works for GDPR and other data protection requirements) and additionally set a list of roles that could access them (kind of while list roles, or ACL - Access Control List - roles).

Attribute would be presented (or made available) if requesting user has a granted role and if not a specific tag would be presented, e.g. "<protected>" (to distinguish between protected data from empty/null data).

Note that attribute would not need to be encryted on the DB, that would easily allow for searches.

To sum up, requirement is to rapidly and with low (to none) code be able to restrict access to sensitive data, out of the box.

Created on 21 Feb
Comments (4)

Something like Dynamic Data Masking

Hi Rui.

Yes, something like that but based on platform roles and, eventually, at platform level. I say eventually because there are some support for this on some databases (like in the link you send), but it may be too dependent on a database vendor, and also because, to be based on platform roles, the data masking function would need to have some role segregation logic.

But again, bottom line is to have data unchanged at database level and handle data access at platform (or read) level.

Changed the category to Backend

Totally impractical, and has massive technical overhead. Plus, has little to do with the GDPR per se.