Auto-Masking user names for data privacy

The Message > Config > Overrides > Text tab permits the operator to override specific text in messages, useful for masking items that might be of a highly sensitive nature (such as credit card info, user passwords, etc.) This facility eliminates certain text from incoming messages upon their arrival.

As a special extension of this function, BMC Defender Server contains a special auto-mask function that hides user names from the administrator. (In this case, the user name is still saved on the disk, but is otherwise hidden from operators.) This special function is useful for promoting data privacy, and removing potential operator bias when watching the BMC Defender Server screens for threats.

The Auto-Mask User Names function is controlled by various parameters, accessed via the Advanced option on the Messages > Config > Overrides > Text screen:

• Auto-mask user name enable—This setting is set to Yes to enable the user masking features. Subsequently, a unique identifier (such as USER012817) replaces any user name appearing on any screen. 

• User mask prefix—This setting allows the operator to specify the prefix to the user mask. The prefix (and unique user identification number) appears in place of each username on the system throughout the BMC Defender Server. 

• User mask seed value—This setting allows the operator to specify a new seed value or offset that changes all the user identification numbers. This setting is useful if a masked user name is discovered. Adjusting this setting shifts all the user name identifiers to some new value. 

• Audit account name—This setting is the name of the single account that is given permission to see the user names on the system. The operator can specify and BMC Defender Server user name. If there is no user with the specified name, this setting is ignored. 

• User mask exclusion list—This button accesses a list of user names that are excluded from the masking process, such as Administrator, root, or other common names that are not necessarily associated with a particular user of the system. 

To enable user name masking, the operator sets the value of Auto-Mask User Names to be Yes.  Optionally, the operator can also modify the mask prefix (that appears in the place of the masked user name), and establish an audit account that is used to see the unmasked user names. Additionally, the operator can specify an exclusion list of user names that are not masked (such as Administrator, root, etc.) 

User Name Auto-masking, configured by this screen, does not actually override the data within the message database, but simply masks the user names depicted on BMC Defender Server screens and contained in BMC Defender Server reports. (This is different from the main Text Override facility, described before, that actually modifies message content before it is written to the disk.)  In addition to masking user names on the system, user names are also masked in reports and any notifications and tickets generated by the system.