Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable

How to obfuscate (mask) dimension values dynamically

I have quite an interesting request from our customer. We have a dashboard around physicians data with dimensions like physician, practice name, office name etc. They ask to implement security model as:

1) all physicians and her/his staff will see ALL data, even for other physicians

2) BUT they would not see real names of other physicians / practices / offices so they will be obfuscated.

3) corporate management will have access to all data and they will see all real names

That way a physician (or her staff) can compare data with peers but won't see their real names.

E.g.

I am physician Dr. Smith. When I open dashboard, I see data in listboxes and charts like that:

Physician    Collections

Dr. Smith     $10,000

Provider 1      $8,000

Provider 2     $12,000


I am an office manager working for both Dr. Smith and Dr. Moore. When I open a dashboard, I see data in listboxes and charts like that:

Physician    Collections

Dr. Smith     $10,000

Dr. Moore       $8,000

Provider 2     $12,000


I don't believe Section access can be used here so I was thinking about mapping windows IDs to physician dimension (and this mapping can be stored in Excel file) and then they open a document, kick off a trigger to select and lock specific physicians - I tried this and it works pretty well.


The part I am still trying to figure out is what is the best way to mask data like that - my plan is to

1) have fields with real names and obfuscated names (e.g. Physician Name and Physician Name Masked). The masked one will be created using Autonumber function like 'Physician ' & Autonumber ([Physician Name])


2) use calculated dimensions everywhere in listboxes, charts etc. and put a condition to check if user is allowed to see data for a physician and then show real name or show masked one.


Is there a better way of doing this? I really hate to use calculated dims everywhere


1 Solution

Accepted Solutions
sinanozdemir
Specialist III
Specialist III

Hi,

I did something similar, but I am not sure if it fits into your needs:

Capture.PNG

And my expression was this:

If(WildMatch(OSUser(), '*User names*'), 'Provider' & RowNo(), Physician)

Capture.PNG

You can Pick() alternatively if you have a lot of physicians to iterate.

View solution in original post

11 Replies
marcus_sommer

I could imagine that something similar to a language-translation like How to Handle Multi-Language Translations in QlikView.zip could work.

- Marcus

Anonymous
Not applicable
Author

thanks Marcus, it is similar approach using calculated dimensions which I was trying to avoid. I was hoping there would be a better way.

This dashboard has over 60 millions of rows and I am trying to get the best performance out of it and of course calculated dimensions are not a good thing when you deal with such volume.

sinanozdemir
Specialist III
Specialist III

Hi,

I did something similar, but I am not sure if it fits into your needs:

Capture.PNG

And my expression was this:

If(WildMatch(OSUser(), '*User names*'), 'Provider' & RowNo(), Physician)

Capture.PNG

You can Pick() alternatively if you have a lot of physicians to iterate.

Anonymous
Not applicable
Author

thanks Sinan - I wonder why you used physician name as an expression

sinanozdemir
Specialist III
Specialist III

You are welcome. No specific reason really. I could have used it in a calculated dimension.

marcus_sommer

Another way might be to use variables in those columns like $(vDimensionPhysican) and which returned for each user a different field - it's a bit cluttering but your Names/Offices comes probably from rather small dimension-tables so that it from a performance point of view could work.

Maybe you could respectively need to combine one or two methods to keep a usable performance.

- Marcus

effinty2112
Master
Master

Hi Boris,

If you first load tables of Staff, Physicians, Offices etc. that a user can know the identity of then the data can be loaded in two parts. One part loads full data where values of these fields exist, the other part loads where they don't exist and replaces the sensitive data with an alias.

This is the barest of bones of what I've got in mind.

[Visible Staff]:

LOAD * INLINE [

    Staff

    John

    Sally

    Peter

];

NoConcatenate

[All Staff]:

LOAD * Where Exists(Staff);

LOAD * INLINE [

    Staff

    John

    Sally

    Peter

    Bert

    Geddy

    Alex

    Neil

];

Concatenate([All Staff])

LOAD

'Staff' & Autonumber(Staff,'Staff') as Staff

Where Not Exists(Staff);

LOAD * INLINE [

    Staff

    John

    Sally

    Peter

    Bert

    Geddy

    Alex

    Neil

];

Gives a table

Staff
John
Peter
Sally
Staff1
Staff2
Staff3
Staff4
Anonymous
Not applicable
Author

good idea to use variables as dimensions, thanks Marcus

sinanozdemir
Specialist III
Specialist III

Hey Boris,

I have just registered for your readmission webinar. I am in healthcare as well and readmission is a hot topic.