Managing access to masked data
Access to masked data depends on where the data is accessed from and who or what is requesting it. Capillary applies PSI masking differently for Member Care users and API clients.
| Access type | What controls masking |
|---|---|
| Access to sensitive data on Member Care | Access to VIEW_MASKED_DATA permission set |
| Access to sensitive data in the API responses | API client with PSI permission |
PSI masking in Member Care
In Member Care, access to masked data is controlled by user access.
How it works
When data masking is enabled for the organization:
- Users without access to VIEW_MASKED_DATA permission set see masked values (
*****) for masked fields. - Users access see unmasked values.
PSI masking for APIs
For APIs, data masking is controlled by API client permissions, not user roles.
How it works
When PSI masking is enabled for the organization:
- API clients without access to masked data receive masked values for PSI-marked fields.
- API clients with access receive unmasked values.
Updated about 10 hours ago