⛵Salesforce for Everybody! ☁️

Salesforce Data Mask

We do see people wearing masks now due to the recent Coronavirus Outbreak in the world. Masks provide protection or disguise your identity. Salesforce Data Masking is a similar masking approach for your Salesforce data in your  Sandbox instance which provides data privacy and protection.

Salesforce Data Masking
Image credits: cottonbro from Pexels

Salesforce Data Mask was announced in the week of Dreamforce '19. It is a new tool, once installed it helps to customize, build and test on the salesforce sandbox while protecting secure sensitive data. It meets all the compliance needs like personal information, personal identification information, and personal health information. Salesforce Data masking is not similar to Data encryption whereas in data encryption the data is encrypted at rest in the data center and in data masking the data is prevented to be viewed in plain text.

This feature is mainly for securing Salesforce sandbox sensitive data for Salesforce admins and Salesforce developers. Mask sensitive data in any full or partial sandboxes and configure different levels of masking depending on the sensitivity of the data.

How to configure Salesforce Data Mask

Salesforce data mask is a managed package that you can install in an Unlimited, Performance and Enterprise production org. Using this package, we can run the masking process for the sensitive data in the salesforce sandbox so that data is not readable and do note that once data is masked it cannot be unmasked. Also, Salesforce Data Mask is only available in English for now.

To Install the Salesforce Data Mask package these are the pre-requisites 

  • Enable My Domain in your production org.
  • Your Salesforce production org should be in Lightning Experience.
  • Enable Enhanced Email.
  • Chatter should be enabled.
  • Ensure you have Data Mask permission set licenses.
Once you install the package for Salesforce Data Mask, assign the below permissions and profile to a user.
  • Permissions >> Modify All Data user permission.
  • Permissions >> API Enabled user permission.
  • Profile >> Assign System Administrator user profile.
  • Permission Set License >> Data Mask User 
  • Permission Set >> Data Mask Permission 

Levels of Masking

Salesforce data masking keeps your data private in your sandbox and has multiple levels of masking with replacing, remapping and eliminating approach.

Level 1: Randomise the data 

This level of data masking randomizes the sandbox data with irregular characters. This helps to keep the business process and functionality for the environment intact. When randomizing the data both numbers and characters are used to scramble the data.

Level 2: Replace the data

Replacing data is another level of data masking technique to keep data confidential. This level uses libraries embedded in a managed package to replace data in your sandbox to random data which is recognizable data.
Enabling Unique for library words or random characters for text and text area field types makes the masked fields unique by appending the record id.

Level 3: Delete the data

This level of data masking deletes the sensitive data in your sandbox. If you mark fields for deletion, all sensitive data is eliminated leaving empty data. When using this level of data masking, checkbox, lookup, and picklist field types are not supported.


To conclude, the Salesforce Data masking feature is a neat feature that protects confidential sandbox data by masking sensitive readable data using the data mask job. 

Source: Trailhead

You can complete the trailhead Salesforce Data Mask module to know more about this. 


Post a Comment

Please do not enter any spam links in the comment box.



Twitter Feed

Translate this Blog