Describe the issue:
When you create one role you can define an anonymization rule. Documentation says you can use one or more regular expressions and replacement strings to mask a field. The syntax is <field>::/<regular-expression>/::<replacement-string>.
The <field> part can contain wildcard *, but if it is one wildcard only it does not work.
For example: *e*:/<regular-expression>/::*
this works as expected, GET request obtains all the hits, string replacement is correctly applied in all the fields that contains an “e” in the fieldname
if I try to extend the rule to all fields, I assume I must use this: *::/<regular-expression>/::*
this rule is accepted when the role is created but it does not work, GET request obtains 0 hits
I think you have centered the point, the issue seems to occur only when you configure both masked_fields and DLS expressions at the same time.
I have removed the DLS expression and now the anonymization works perfectly. Is it a limitation?
According to tests in my lab, DLS query can’t read a value that was anonymized. In the order execution, field anonymization runs first, DLS query runs after field anonymization.
Hi @Eugene7,
what you write is correct, I would add that even when the value is left unchanged by the anonymization, DLS can’t read it and the response gives 0 hits.
In your opinion, would it make sense to ask for a fix?
