Override Data Masking based on Authorized Group #1311
Description
Issue submitter TODO list
- I've searched for an already existing issues here
- I'm running a supported version of the application which is listed here and the feature is not present there
Is your proposal related to a problem?
The Data Masking feature is nice. There are options to mask all fields; or few fields.
What would be nice is allowing option to override the masking for few users when the field is clicked or viewable for specific users in RBAC allowed list.
Describe the feature you're interested in
Document: https://ui.docs.kafbat.io/configuration/data-masking
In the cluster config https://ui.docs.kafbat.io/configuration/configuration-file#config-file-description if we can add per cluster as below.
existing mask example
`
masking:
- type: MASK # Action: MASK, REMOVE, or REPLACE
fields: [ "id", "name" ] # Specific fields to apply masking to
fields-name-pattern: "id." # Regex pattern to match field names
masking-chars-replacement: ["A", "a", "N", "_"] # Optional: override default mask characters
replacement: "MASKED_FIELD_NAME" # Replacement string for masked field names
topic-values-pattern: events-with-ids-. # Apply on topic values matching this pattern
topic-keys-pattern: events-with-ids-.* # Apply on topic keys matching this pattern
`
In RBAC, introduce unmask option.
`
rbac:
roles:
- name: "admin"
clusters:
# FILL THIS
permissions:
- resource: topic
value: "."
actions:
- VIEW
- MESSAGES_READ
- ANALYSIS_VIEW
- UNMASK
- name: "readonly"
clusters:
# FILL THIS
permissions:
- resource: topic
value: "."
actions:
- VIEW
- MESSAGES_READ
- ANALYSIS_VIEW
- MASK
`
This way the UI can be used for viewing just-in-time topic data.
Describe alternatives you've considered
No response
Version you're running
Additional context
No response