# Data masking

Some of the messages in topics might contain personal and sensitive data. To secure this kind of information we added new feature, data masking.

To turn on this feature, you will have to modify user groups permissions as shown on the screen below:

<div align="left"><img src="/files/Q7Usltp4tRlW4UwzAT5w" alt="" width="820"></div>

In that case users with `admin_group` will have access to view, create, modify and remove data masking policies.

## List of policies

To view list of all defined policies you should pick **Data masking policies** from the menu.

<div align="left"><img src="/files/OWOwlbYOXpxiBgIlj2XT" alt="" width="820"></div>

## Add new policy

To create new policy you will have to click Add new policy button on the policies list screen. Then you will see create new policy form.

<div align="left"><img src="/files/tSrYjgmYFJIZLqltfGWm" alt="" width="820"></div>

In that form you will have to provide:

* name - policy name
* fields - list of fields names and masking type for each of them
* resources - clusters and topics
  * list of selected clusters and topics names (as topic names you can provide any valid regex) for which policy will be applied
  * or, if you want, you can apply policy to all resources by ticking the checkbox below resources label
* user groups - list of user groups for which policy will be applied

<div align="left"><img src="/files/1DJLcDuj1UI37tXosvLH" alt="" width="820"></div>

## Applying policy

Policies will be applied automatically. When you log in as a user with user group defined in the policy, topic messages for selected resource will have masked data. For masking, star sign, `*`, will be used.

If we follow above defined policy you should not be able to see all information in CustomerTopic.

<div align="left"><img src="/files/LA5WvcibYngP0hRnxh2L" alt="" width="820"></div>

## Remove policy

Of course if you no longer need the policy you can remove it. To do it, navigate to policies list and click **Delete** button in the row of the policy you want to remove.

<div align="left"><img src="/files/P2ySGpTpUcj7qrLtyKKC" alt="" width="820"></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kouncil.io/getting-started/features/data_masking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.