Appearance
Masking - Field Redaction
Hide sensitive data from unauthorized users while showing it to those with permission.
Built-in Mask Types
| Type | Example Input | Masked Output |
|---|---|---|
'email' | john@example.com | j***@e***.com |
'phone' | 555-123-4567 | ***-***-4567 |
'ssn' | 123-45-6789 | ***-**-6789 |
'creditCard' | 4111111111111111 | ************1111 |
'name' | John Smith | J*** S*** |
'redact' | anything | [REDACTED] |
'custom' | (your logic) | (your output) |
Configuration
typescript
masking: {
// Basic masking - everyone sees masked value
taxId: { type: 'ssn' },
// Show unmasked to specific roles
salary: {
type: 'redact',
show: { roles: ['admin', 'hr'] }
},
// Show unmasked to owner (createdBy === ctx.userId)
email: {
type: 'email',
show: { or: 'owner' }
},
// Custom mask function
apiKey: {
type: 'custom',
mask: (value) => value.slice(0, 4) + '...' + value.slice(-4),
show: { roles: ['admin'] }
},
}Show Conditions
typescript
show: {
roles?: string[]; // Unmasked if user has any of these roles
or?: 'owner'; // Unmasked if user is the record owner (createdBy)
}Example
typescript
defineResource(employees, {
firewall: { organization: {} },
masking: {
ssn: { type: 'ssn', show: { roles: ['hr', 'admin'] } },
salary: { type: 'redact', show: { roles: ['hr', 'admin'] } },
personalEmail: { type: 'email', show: { or: 'owner' } },
bankAccount: {
type: 'custom',
mask: (val) => '****' + val.slice(-4),
show: { roles: ['payroll'] }
},
},
// ... guards, crud, etc.
});