CAST AIP Extensions
Page tree
Skip to end of metadata
Go to start of metadata

Target audience:

Users of the extension providing data column access support for the SQL Analyzer extension.

Summary: This document provides basic information about the extension that provides data column access support for the SQL Analyzer extension (from version ≥ 2.4)

What's new 1.0.0-beta2:

  • Added "Not concerned" as default value for GDPR indicator

What's new 1.0.0-beta1:

  • Added "Access Write" links for Update and Merge statements

What's new 1.0.0-alpha1:

  • First official version

  • Access Read and Access Write links are added for columns, for SELECT and INSERT statements

  • GDPR (General Data Protection Regulation : https://www.eugdpr.org/) indicators can be specified and propagated to columns, via a configuration file

  • Access Read and Access Write links are added for columns, for SELECT and INSERT statements found in .properties files (Java Property Mapping objects)

Description

The Data Column Access extension provides support for:

  • GDPR policy based on GDPR indicators
  • column access links with the SQL Analyzer ≥ 2.4

In what situation should you install this extension?

  • If you need to check that the application is GDPR compliant using the indicators
  • If you need to see Access Read and Access Write links for columns on SELECT, INSERT, UPDATE, DELETE and MERGE statements

CAST AIP compatibility

This extension is compatible with:

CAST AIP releaseSupported
8.3.x(tick)
8.2.x(tick)
8.1.x(tick)
8.0.x(tick)
7.3.x(error)

Supported DBMS servers used for CAST AIP schemas

This extension is compatible with the following DBMS servers used to host CAST AIP schemas:

CAST AIP releaseCSSOracleMicrosoft
All supported releases(tick)(tick)(tick)

Supported client languages

COBOL VB .NET JAVA C/C++/OBJC IOS PYTHON

Prerequisites

(tick)An installation of any compatible release of CAST AIP (see table above)
(tick)An installation of SQL Analyzer extension (from version ≥ 2.4)

Download and installation instructions

Please see:

The latest release status of this extension can be seen when downloading it from the CAST Extend server.

What results can you expect?

 

  • Links are created for transaction and function point needs.
  • You can expect the following links on the DDL side within the same sql file:
    • accessRead from View / Procedure / Function / Trigger / Event  to Column
    • accessWrite from Procedure / Function / Trigger / Event  to Column
  • You can expect the same links for the following client side, only if the server-side code has been analyzed with the SQL Analyzer extension and only if they have dependencies with the SQL Analyzer analysis results:

COBOL PB VB .NET JAVAC/C++/OBJC IOS PYTHON

Special notes about Links on client side

  • For Java client-side code, SQL statements used in parameters of methods including a SQL parametrization rule are analyzed.
Example of call to a parametrized method
class Foo
{
   final static String TABLE_NAME = "Person";

	void method()
	{
    	String query = "select * from " + this.TABLE_NAME;
    	java.sql.Statement.execute(query );
	}
}
  • But 'queries' visible in the DLM (that need reviewing) are not analyzed:
Example ofa query visible in the DLM
class Foo
{
	// not passed to an execute something
	private final static String text = "select name from Person";
}

  • Explicit queries used in an ORM context are analyzed (or not) based on if they are visible in Enlighten

  • COBOL EXEC SQL queries are analyzed

  • SQL queries founded in Python code are analyzed

  • SQL queries founded in .properties (Java Property Mapping objects) are analyzed

GDPR Indicator

To enable GDPR Indicator for columns, it is necessary to provide the analyzer with a configuration file (*.gdpr extension), in the same folder alongside the source code. The pattern to be used in the configuration file is: schema_name.table_name.column_name=<GDPR_indicator>.

Data type

Description

GDPR - Very sensitive

The information stored in the column is very sensitive on its own from a GDPR point of view without being correlated with other information. The type of information involved is for example: Credit card number, health insurance number, passport number etc.

GDPR - Sensitive

The information in the column is sensitive because, when correlated with other information, it became very sensitive. The type of information involved is for example: the address, the phone number etc.

Security

The information stored is critical for the security of the platform, such as the administrators list, etc.

Not concerned

The column is not involved in GDPR legislation.

The value by default of each of the column is "Not concerned" (the last one in the list here below) therefore the customer has only to parametrize the column concerned by the first three values in the list.

Template

You can also find attached a real example, for the AdventureWorks database: 

Examples

Example
Schema1.Table1.Col1=GDPR - Very sensitive
Schema1.Table1.Col2=GDPR - Sensitive
Schema1.Table1.Col3=Security
......

When the GDPR Indicator should apply to the same column name from all tables, in a specific schema, use a "*" wildcard:

Example
Schema1.*.Age=GDPR - Very sensitive

When we don't know the schema name, but we do know the Table and Column names, e.g.:

Example
Table1.Col1=GDPR - Very sensitive
  • No labels