Examples
These examples use one sample configuration, reused on every page in this section. All requests assume the environment variables from Getting Started › Authenticate are exported, and that your portal defines the classes, properties, and contexts below. The protected values shown throughout are real output from this configuration.
Data instances
The configuration defines five data instances across two classes, employees and salaries:
| Data instance | Transformer technique | Searchable |
|---|---|---|
(employees, first_name) | AES deterministic encryption | No* |
(employees, last_name) | Order-preserving tokenization | Yes |
(employees, email) | Email tokenization | No* |
(salaries, iban) | IBAN format tokenization | No* |
(salaries, annual_salary) | None: stored as-is | n/a† |
* These four techniques are deterministic, so the same input always produces the same protected value and exact-match search works. Order-preserving tokenization (last name) supports ordered and range comparisons too. See API Reference › Transform for the full list of search operators. All four are reversible, so an authorized role can unprotect them back to cleartext.
† annual_salary is deliberately left unprotected and stored in cleartext here, so it stays usable for aggregation and arithmetic, for example. Its link to a person is broken, however, because the identifying fields (name, email, IBAN) are protected, and access is still restricted through the rights context.
Roles and rights
Access is controlled by two rights contexts, selected by the role evidence. Each grants a per-instance right: Transform (the sequence runs), Read (the stored value is returned as-is), or Not defined (the value is nullified).
| Data instances | HR Specialist | IT Manager |
|---|---|---|
first_name, last_name, email, iban | Transform: protect and unprotect, so it reaches cleartext | Read: gets the stored protected value, cannot unprotect |
annual_salary | Read: gets the cleartext salary | Not defined: the value is nullified |
So HR Specialist is the role used to protect and unprotect throughout these examples. The split on annual_salary shows access control without transformation: the salary is readable by HR but hidden from IT, even though it is never encrypted.